Perl Exploits

2,849 exploits tracked across all sources.

Sort: Activity Stars
CVE-2000-0973 EXPLOITDB perl VERIFIED
curl < 6.0-1.1 and curl-ssl < 6.0-1.2 - Buffer Overflow via Long Error Message
Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.
by zillion
CVE-2000-0973 EXPLOITDB perl VERIFIED
curl < 6.0-1.1 and curl-ssl < 6.0-1.2 - Buffer Overflow via Long Error Message
Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.
by zillion
CVE-2000-0977 EXPLOITDB perl VERIFIED
MailFile 1.10 - Arbitrary File Read via Filename Parameter
mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.
by Dirk Brockhausen
CVE-2000-0953 EXPLOITDB perl VERIFIED
Shambala Server 4.5 - Denial of Service via Connection Handling
Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection.
by zillion
CVE-2000-1054 EXPLOITDB perl VERIFIED
CiscoSecure ACS Server <2.4.2 - Buffer Overflow
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
by blackangels
CVE-2000-0833 EXPLOITDB perl VERIFIED
WinSMTP 1.06f and 2.X - Denial of Service via Long USER or HELO Command
Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to cause a denial of service via a long (1) USER or (2) HELO command.
by Guido Bakker
CVE-2000-0690 EXPLOITDB perl VERIFIED
Auction Weaver <= 1.02 - Remote Command Execution via fromfile Parameter
Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.
by teleh0r
CVE-2000-0720 EXPLOITDB perl VERIFIED
GWScripts News Publisher - Auth Bypass
news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.
by n30
CVE-2000-1002 EXPLOITDB perl VERIFIED
CommuniGate Pro 3.3.2 - Info Disclosure
POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks.
by Ussr Labs
CVE-2000-0688 EXPLOITDB perl VERIFIED
Subscribe Me LITE - Privilege Escalation
Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.
by teleh0r
CVE-2000-0689 EXPLOITDB perl VERIFIED
Account Manager LITE - Privilege Escalation
Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.
by teleh0r
CVE-2000-0766 EXPLOITDB perl VERIFIED
vqServer 1.4.49 - Buffer Overflow via Long HTTP GET Request
Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request.
by sinfony
CVE-2000-1037 EXPLOITDB perl VERIFIED
Check Point Firewall-1 3.0-4.1 - Info Disclosure
Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.
by Nelson Brito
CVE-2000-0778 EXPLOITDB perl VERIFIED
Internet Information Services 5.0 - Source Code Disclosure via Translate Header
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
by Roelof Temmingh
CVE-2000-0778 EXPLOITDB perl VERIFIED
Internet Information Services 5.0 - Source Code Disclosure via Translate Header
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
by smiler
CVE-2000-0776 EXPLOITDB perl VERIFIED
Mediahouse Statistics Server <5.02x - RCE
Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request.
by Zan
CVE-2000-0703 EXPLOITDB perl VERIFIED
perl - Local Privilege Escalation via suidperl Escape Sequence Injection
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
by Sebastian Krahmer
CVE-2000-0740 EXPLOITDB perl VERIFIED
NAI Net Tools PKI Server 1.0 - Buffer Overflow via Long HTTPS URL
Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port.
by juliano
CVE-2000-0644 EXPLOITDB perl VERIFIED
WFTPD and WFTPD Pro 2.41 - Denial of Service via STAT Command During LIST Execution
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.
by Blue Panda
CVE-2000-0645 EXPLOITDB perl VERIFIED
WFTPD and WFTPD Pro 2.41 - Denial of Service via RESTART Command
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).
by Blue Panda
CVE-2000-0647 EXPLOITDB perl VERIFIED
WFTPD and WFTPD Pro 2.41 - Unauthenticated Denial of Service via MLST Command
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server.
by Blue Panda
CVE-2000-0567 EXPLOITDB perl VERIFIED
Microsoft Outlook and Outlook Express - Remote Code Execution via Malformed Email Date Header
Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.
by Ussr Labs
CVE-2000-0648 EXPLOITDB perl VERIFIED
WFTPD and WFTPD Pro 2.41 - Denial of Service via RNTO Command Without RNFR
WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command.
by Blue Panda
CVE-2000-0571 EXPLOITDB perl VERIFIED
LocalWEB HTTP Server 1.2.0 - Denial of Service via Long GET Request
LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request.
by Ussr Labs
CVE-2000-0572 EXPLOITDB perl VERIFIED
Razor - Weak Password Encryption
The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges.
by Shawn A. Clifford
By Source
All 2,849 Writeup 62,507 Exploitdb 50,076 Nomisec 22,463 Github 3,685 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,604 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25