Perl Exploits
2,849 exploits tracked across all sources.
Worldspan Res Manager - Denial of Service via Malformed TCP Request
Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990.
by altomo
Compaq Tru64 - Local Buffer Overflow via dxterm -xrm Argument
Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument.
by stripey
HP Tru64 - NLSPATH Environment Variable Local Buffer Overflow (1)
by stripey
AnalogX Proxy - Buffer Overflow via Long HTTP Request or SOCKS 4A DNS Hostname
Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to TCP port 1080 with a long DNS hostname.
by Kanatoko
Bonobo - Buffer Overflow via Long Command Line Arguments
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
by andrea lisci
Bonobo - Buffer Overflow via Long Command Line Arguments
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
by clorox
Firebird < 1.5 - Buffer Overflow via Long INTERBASE Environment Variable
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.
by stripey
Ehud Gavron TrACESroute 6.1.1 - Terminator Function Format String
by stringz
WebBBS 4 and 5.0 - Remote Command Execution via Followup Parameter
webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the followup parameter.
by NERF Security
IBM Informix SE-7.25 - Local Buffer Overflow via INFORMIXDIR Environment Variable
Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable.
by pHrail
Image Display System 0.81 - Info Disclosure
The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.
by isox
Cisco CBOS <= 2.4.4 - Denial of Service via Large DHCP or Telnet Packets
Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to the CPE, which causes the TCP/IP stack to consume large amounts of memory.
by blackangels
MatuFtpServer 1.1.3 - Buffer Overflow via Long PASS Command
Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command.
by Kanatoko
Matu FTP Client 1.74 - Remote Code Execution via Long FTP Banner
Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner.
by Kanatoko
slrn - Local Privilege Escalation via Long -d Argument
Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument.
by zillion
psyBNC 2.3 - Denial of Service via Long PASS Command
psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC.
by DVDMAN
Melange Chat server 2.02 - Buffer Overflow via Long Argument or Configuration Line
Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configuration file, (3) long file names, or possibly other attacks.
by DVDMAN
Intellisol Xpede 4.1 - Info Disclosure
Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.
by c3rb3r
Apache HTTP Server < 1.3.24 - Remote Code Execution via Shell Metacharacter Injection
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
by SPAX
Sun Sunsolve CD sscd_suncourier.pl - CGI Command Execution
sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
by Fyodor
XTux - Denial of Service via Random Initial Connection Inputs
XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection.
by b0iler
Sun Cobalt RaQ XTR - Unauthenticated Arbitrary File Write via Symlink Attack on Temporary File
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.
by Wouter ter Maat
Tower Toppler 0.99.1 - 'Display' Local Buffer Overflow
by Knud Erik Hojgaard
By Source