Perl Exploits

2,854 exploits tracked across all sources.

Sort: Activity Stars
CVE-2001-0985 EXPLOITDB perl VERIFIED
Hassan Consulting Shopping Cart 1.23 - RCE
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.
by Alexey Sintsov
CVE-2001-0669 EXPLOITDB perl VERIFIED
IDS - Evade Detection
Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.
by blackangels
CVE-2001-1067 EXPLOITDB perl VERIFIED
Aol Server - Buffer Overflow
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.
by Nate Haggard
CVE-2001-0965 EXPLOITDB perl VERIFIED
Glftpd - Denial of Service
glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters.
by ASGUARD LABS
CVE-2001-0114 EXPLOITDB perl VERIFIED
OmniHTTPd 2.07 - File Overwrite
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter.
by Joe Testa
CVE-2001-1471 EXPLOITDB HIGH perl VERIFIED
phpBB 1.4.0 - Authenticated RCE
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
by UnderSpell
CVSS 8.8
CVE-2001-1586 EXPLOITDB perl VERIFIED
SimpleServer:WWW <1.13 - Path Traversal
Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ ("%2E%2E%2F%") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664.
by THRAN
CVE-2001-1021 EXPLOITDB perl VERIFIED
Progress WS FTP Server - Buffer Overflow
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
by andreas
EIP-2026-104082 EXPLOITDB perl VERIFIED
Softek MailMarshal 4 / Trend Micro ScanMail 1.0 - SMTP Attachment Protection Bypass
by Aidan O'Kelly
CVE-2001-1097 EXPLOITDB perl VERIFIED
Cisco - DoS
Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.
by blackangels
CVE-2001-0553 EXPLOITDB perl VERIFIED
SSH Secure Shell 3.0.0 - Privilege Escalation
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.
by hypoclear
CVE-2001-1303 EXPLOITDB perl VERIFIED
SecuRemote - Info Disclosure
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.
by Haroon Meer & Roelof Temmingh
CVE-2001-1291 EXPLOITDB CRITICAL perl VERIFIED
3Com PS40 SuperStack II - Info Disclosure
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
by Siberian
CVSS 9.8
CVE-2001-1290 EXPLOITDB perl VERIFIED
Active Classifieds Free Edition 1.0 - RCE
admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter.
by Igor Dobrovitski
CVE-2001-0537 EXPLOITDB perl VERIFIED
Cisco Ios - Authentication Bypass
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
by blackangels
CVE-2001-0537 EXPLOITDB perl VERIFIED
Cisco Ios - Authentication Bypass
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
by cronos
EIP-2026-116145 EXPLOITDB perl VERIFIED
Raptor Firewall 4.0/5.0/6.0.x - Zero Length UDP Packet Resource Consumption
by Max Moser
CVE-2001-0735 EXPLOITDB perl VERIFIED
Infodrom Cfingerd - Buffer Overflow
Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.
by teleh0r
CVE-2001-0700 EXPLOITDB perl VERIFIED
W3m < 0.2.1 - Buffer Overflow
Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header.
by White_E
CVE-2001-0500 EXPLOITDB perl VERIFIED
Microsoft Index Server < 6.0 - Buffer Overflow
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
by blackangels
CVE-2001-1160 EXPLOITDB perl VERIFIED
Microburst Technologies uDirectory <2.0 - Command Injection
udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the category_file field.
by Igor Dobrovitski
CVE-2001-0925 EXPLOITDB perl VERIFIED
Apache HTTP Server - Path Traversal
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
by farm9
CVE-2001-0925 EXPLOITDB perl VERIFIED
Apache HTTP Server - Path Traversal
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
by farm9
CVE-2001-0925 EXPLOITDB perl VERIFIED
Apache HTTP Server - Path Traversal
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
by rfp
CVE-2001-0688 EXPLOITDB perl VERIFIED
Transsoft Broker FTP Server - Denial of Service
Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial of service by repeatedly issuing an invalid CD or CWD ("CD . .") command.
by byterage
By Source
All 2,854 Exploitdb 50,130 Writeup 46,953 Nomisec 21,249 Metasploit 3,221 Github 2,386 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,952 python 5,798 c 3,565 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 85 go 45 postscript 25 xml 24