Perl Exploits

2,849 exploits tracked across all sources.

Sort: Activity Stars
CVE-2002-0288 EXPLOITDB perl VERIFIED
Phusion Web Server 1.0 - Directory Traversal via Triple Dot Sequence
Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request.
by Alex Hernandez
CVE-2002-0288 EXPLOITDB perl VERIFIED
Phusion Web Server 1.0 - Directory Traversal via Triple Dot Sequence
Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request.
by Alex Hernandez
CVE-2002-0289 EXPLOITDB perl VERIFIED
Phusion Web Server 1.0 - Buffer Overflow via Long HTTP Request
Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.
by Alex Hernandez
CVE-2002-0263 EXPLOITDB perl VERIFIED
EasyBoard 2000 1.27 - Remote Code Execution via Long Boundary Value in Multipart Content-Type Header
Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, or (3) ezadmin.cgi.
by Jin Ho You
CVE-2002-0211 EXPLOITDB perl VERIFIED
Tarantella Enterprise <3.20 - Code Injection
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
by Larry Cashdollar
CVE-2002-0502 EXPLOITDB perl VERIFIED
Citrix NFuse 1.6 - Unauthenticated Application Listing via applist.asp
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.
by Ian Vitek
CVE-2002-0201 EXPLOITDB perl VERIFIED
Cyberstop Web Server 0.1 - Denial of Service via Long HTTP GET Request
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.
by Alex Hernandez
CVE-2002-2026 EXPLOITDB perl VERIFIED
BrowseFTP Client 1.62 - Remote Code Execution via Long FTP 220 Message Reply
Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to execute arbitrary code via a long FTP "220" message reply.
by Kanatoko
CVE-2002-0209 EXPLOITDB perl VERIFIED
Nortel Alteon ACEdirector WebOS 9.0 - Info Disclosure
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address.
by Dave Plonka
CVE-2001-1546 EXPLOITDB HIGH perl VERIFIED
Pathways Homecare 6.5 - Info Disclosure
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.
by shoeboy
CVSS 7.8
CVE-2001-0951 EXPLOITDB perl VERIFIED
Windows 2000 - Denial of Service via IKE UDP Port Flood
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
by Nelson Brito
CVE-2001-0932 EXPLOITDB perl VERIFIED
Cooolsoft PowerFTP Server 2.03 - Buffer Overflow via Long Command
Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command.
by Alex Hernandez
CVE-2001-0932 EXPLOITDB perl VERIFIED
Cooolsoft PowerFTP Server 2.03 - Buffer Overflow via Long Command
Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command.
by Alex Hernandez
CVE-2001-0815 EXPLOITDB perl VERIFIED
ActivePerl < 5.6.1.629 - Remote Code Execution via Long Filename HTTP Request
Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.
by Sapient2003
EIP-2026-118700 EXPLOITDB perl VERIFIED
Ipswitch WS_FTP Server 1.0.x/2.0.x - 'STAT' Remote Buffer Overflow
by andreas
CVE-2001-1502 EXPLOITDB perl VERIFIED
Mountain Network Systems WebCart 8.4 - Command Injection
webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the NEXTPAGE parameter.
CVE-2001-0836 EXPLOITDB perl VERIFIED
Oracle9iAS Web Cache 2.0.0.1 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
by andreas
CVE-2001-1170 EXPLOITDB perl VERIFIED
AmTote International - Info Disclosure
AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers.
by Gary O'Leary-Steele
CVE-2001-1528 EXPLOITDB perl VERIFIED
AmTote International - Info Disclosure
AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.
by Gary O'Leary-Steele
CVE-2001-1109 EXPLOITDB perl VERIFIED
EFTP 2.0.7.337 - Authenticated Directory Traversal via LIST QUOTE SIZE and QUOTE MDTM Commands
Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands.
by byterage
CVE-2001-0985 EXPLOITDB perl VERIFIED
Hassan Consulting Shopping Cart 1.23 - RCE
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.
by Alexey Sintsov
CVE-2001-0669 EXPLOITDB perl VERIFIED
Cisco Catalyst 6000 IDS Module and Secure IDS - HTTP Attack Evasion via Unicode Encoding
Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.
by blackangels
CVE-2001-1067 EXPLOITDB perl VERIFIED
AOLserver 3.0 - Buffer Overflow via HTTP Authorization Header
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.
by Nate Haggard
CVE-2001-0965 EXPLOITDB perl VERIFIED
glFTPD 1.23 - Denial of Service via LIST Command with Excessive Wildcards
glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters.
by ASGUARD LABS
CVE-2001-0114 EXPLOITDB perl VERIFIED
OmniHTTPd 2.07 - Arbitrary File Write via statsconfig.pl cgidir Parameter
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter.
by Joe Testa
By Source
All 2,849 Writeup 62,507 Exploitdb 50,076 Nomisec 22,463 Github 3,681 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,602 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25