C Exploits
3,631 exploits tracked across all sources.
Windows 2000 - Privilege Escalation via Utility Manager Shatter Attack
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
by kralor
CVSS 7.8
Medal of Honor Allied Assault - Buffer Overflow via LAN Query and Connect Packet
Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors.
by Luigi Auriemma
SCO OpenServer 5.0.6-5.0.7 - Denial of Service via MMDF Null Dereference
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a null dereference.
by Ramon de C Valle
Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion
by Adam Simuntis
Avaya IP600 Media Servers - Stack-Based Buffer Overflow via Long Parameters in .job File
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
by anonymous
Windows 2000 - Privilege Escalation via Utility Manager Shatter Attack
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
by kralor
CVSS 7.8
Windows 2000 - Privilege Escalation via Utility Manager Shatter Attack
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
by bkbll
CVSS 7.8
Microsoft Interix - Local Buffer Overflow via POSIX Component
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
by bkbll
CVSS 7.8
Windows 2000 - Privilege Escalation via Utility Manager Shatter Attack
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
by Cesar Cerrudo
CVSS 7.8
phpMyAdmin <2.5.8 - Command Injection
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.
by Nasir Simbolon
MPlayer 1.0pre4 - Buffer Overflow in TranslateFilename
Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name.
by c0ntex
UNIX 7th Edition /bin/mkdir - Local Buffer Overflow
by anonymous
CVS <1.11.16-1.12.8 - Buffer Overflow
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
by anonymous
CVS <1.11.16-1.12.8 - Buffer Overflow
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
by Ac1dB1tCh3z
Subversion <= 1.0.2 - Remote Code Execution via DAV2 REPORT Query or get-dated-rev Command
Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.
by Gyan Chawdhary
Linux kernel 2.4.x-2.6.x - DoS
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
by lorenzo
FreeBSD 5.1 - Denial of Service via Unaligned Memory Address in execve System Call
FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.
by Marceta Milos
ircd-hybrid < 7.0.1 and ircd-ratbox < 1.5.1 - Unauthenticated Denial of Service via Rate-Limit Bypass
Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly making requests, which are slowly dequeued.
by Erik Sperling Johansen
FreeIPS 1.0 Protected Service - Denial of Service
CVS 1.11.x-1.11.16 and 1.12.x-1.12.8 - Remote Code Execution via Format String in Wrapper Line
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
by Gyan Chawdhary
Riverdeep FoolProof Security <3.9.x - Info Disclosure
Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key.
by Cyrillium Security
TildeSlash Monit 1-4 - Authentication Handling Buffer Overflow
by Nilanjan De
Linksys BEFSR11 BEFSR41 BEFSR81 BEFSRU31 - Information Disclosure via DHCP BOOTP Reply Buffer
DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
by Jon Hart
orenosv_http_ftp_server 0.5.9f - Denial of Service via Long HTTP GET Request
Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
by badpack3t
By Source