Perl Exploits
2,849 exploits tracked across all sources.
phpbb < 1.4.0 - Authenticated Remote Code Execution via Invalid Language Value
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
by UnderSpell
CVSS 8.8
SimpleServer:WWW <1.13 - Path Traversal
Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ ("%2E%2E%2F%") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664.
by THRAN
WS_FTP Server 2.02 - Remote Code Execution via Long Arguments to Multiple FTP Commands
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
by andreas
Softek MailMarshal 4 / Trend Micro ScanMail 1.0 - SMTP Attachment Protection Bypass
by Aidan O'Kelly
Cisco IOS 12.0-12.2.1 - Denial of Service via UDP Packet Flood
Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.
by blackangels
SSH Secure Shell 3.0.0 - Privilege Escalation
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.
by hypoclear
Check Point Firewall-1 - Unauthenticated Sensitive Information Exposure
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.
by Haroon Meer & Roelof Temmingh
3Com PS40 SuperStack II - Info Disclosure
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
by Siberian
CVSS 9.8
Active Classifieds Free Edition 1.0 - RCE
admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter.
by Igor Dobrovitski
Cisco IOS 11.3-12.2 - Unauthenticated Command Execution via High Access Level URL
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
by blackangels
Cisco IOS 11.3-12.2 - Unauthenticated Command Execution via High Access Level URL
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
by cronos
Raptor Firewall 4.0/5.0/6.0.x - Zero Length UDP Packet Resource Consumption
by Max Moser
cfingerd <= 1.4.3 - Buffer Overflow via Long Line in .nofinger File
Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.
by teleh0r
w3m < 0.2.1 - Remote Code Execution via Long Base64 Encoded MIME Header
Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header.
by White_E
Index Server and Indexing Service - Remote Code Execution via Long Argument to ISAPI Extension
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
by blackangels
Microburst Technologies uDirectory <2.0 - Command Injection
udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the category_file field.
by Igor Dobrovitski
Apache HTTP Server - Directory Listing via Excessive Slash Characters
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
by farm9
Apache HTTP Server - Directory Listing via Excessive Slash Characters
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
by farm9
Apache HTTP Server - Directory Listing via Excessive Slash Characters
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
by rfp
Broker FTP Server 5.9.5.0 - Denial of Service via Invalid CD Command
Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial of service by repeatedly issuing an invalid CD or CWD ("CD . .") command.
by byterage
Pragma InterAccess 4.0 build 5 - Denial of Service via Telnet Port Overflow
telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers to cause a denial of service (crash) via a large number of characters to port 23, possibly due to a buffer overflow.
by nemesystm
Netscape Enterprise Server 4.1 - HTTP Method Name Buffer Overflow
by Robert Cardona
Internet Information Server < 5.0 - Directory Traversal via Double-Encoded Dot-Dot Sequences
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
by Cyrus The Gerat
iPlanet Web Server Enterprise Edition <= 4.1 - Buffer Overflow via Long URI in Web Publisher
Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.
by Santi Claus
DCScripts DCForum <=2000 - Privilege Escalation
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
by Franklin DeMatto
By Source