Perl Exploits
2,849 exploits tracked across all sources.
Hughes Technologies Virtual DNS Server 1.0 - Denial of Service via Port 6070 Connection
Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection.
by neme-dhc
WebStore 400/400CS 4.14 - Authenticated Remote Code Execution via ws_mail.cgi kill Parameter
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.
by Igor Dobrovitski
WebStore 400 - Authentication Bypass via Null Character or Dot-Dot Filename
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot).
by Igor Dobrovitski
Windows 2000 - Buffer Overflow in Internet Printing ISAPI Extension
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
by storm
Oracle 8 Server - 'TNSLSNR80.EXE' Denial of Service
Linux Kernel - Firewall Bypass via FTP PORT Command
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.
by Cristiano Lincoln Mattos
NetBSD - Remote Code Execution via Long Pattern String with {} Sequence
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
by Elias Levy
Infodrom cfingerd <1.4.3 - Privilege Escalation
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
by Lez
CVSS 9.8
nph-maillist.pl - Command Injection
nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address.
by Kanedaaa
Gene6 G6 FTP Server <2.0 - Info Disclosure
Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled.
by Rob Beck
Gene6 G6 FTP Server 2.0 - Info Disclosure
Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.
by Rob Beck
Aspseek < 1.0.3 - Remote Code Execution via Long HTTP Query String or tmpl Parameter
Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl parameter.
by teleh0r
Internet Information Services 5.0 - Denial of Service via Malformed WebDAV Requests
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.
by Georgi Guninski
Cisco IOS 11.3-12.2 - Unauthenticated Command Execution via High Access Level URL
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
by hypoclear
sendtemp.pl - Directory Traversal via Templ Parameter
Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter.
by Tom Parker
APC Web/SNMP Management Card < 3.0 - Denial of Service via Repeated Failed Logon Attempts
APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card.
by altomo
AdCycle 0.78b - Privilege Escalation
AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information.
by Neil K
Netscape Enterprise Server and FastTrack Server - Buffer Overflow via Long HTTP GET Request
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.
by Fyodor
iomega jaZip - Buffer Overflow via DISPLAY Environment Variable
Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable.
by teleh0r
University of Washington imapd 4.7 - Authenticated Buffer Overflow via LIST Command
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
by teleh0r
Linux - Buffer Overflow via MANPAGER Environmental Variable
Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.
by teleh0r
Lotus Domino 5.0.5 - Path Traversal
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
by Michael Smith
FreeBSD seyon - Privilege Escalation
FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument.
by teleh0r
Fastgraf's whois.cgi - Remote Command Execution
by Marco van Berkum
By Source