Perl Exploits
2,849 exploits tracked across all sources.
Simple Network Time Sync Daemon - Buffer Overflow via Long String
Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string.
by Ben Taylor
Apache HTTP Server - Directory Listing via Excessive Slash Characters
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
by H D Moore
KDE 1.1.2 - Local Privilege Escalation
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
by kil3r
KDE 1.1.2 - Local Privilege Escalation
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
by kil3r
Lotus Domino <5.0.2c - Buffer Overflow
Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands.
by smiler
NetworkICE ICEcap <2.0.23 - Auth Bypass
A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events.
by rain forest puppy
Internet Information Server < 5.0 - Denial of Service via Malformed Request
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.
by Nelson Bunker
knapster - Unauthenticated Arbitrary File Read via MP3 Pathname
The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file.
by no_maam
Bugzilla 2.10 - Remote Command Execution via Username Shell Metacharacters
Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi.
by Frank van Vliet karin
Cisco IOS 11.1-12.1 - Denial of Service via URL with %% String
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.
by Keith Woodworth
Concurrent Versions Software - Denial of Service via Predictable Lock File
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.
by Michal Szymanski
CVSS 5.5
Microsoft Visual Interdev 1.0 - Buffer Overflow in dvwssr.dll
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
by Richie & Beto
Microsoft Visual Interdev 1.0 - Buffer Overflow in dvwssr.dll
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
by rain forest puppy
CrazyWWWBoard - Remote Code Execution via Long MIME Content-Type Header
Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header.
by Jin Ho You
atsar_linux - Privilege Escalation via Improper Output File Permission Check
atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges.
by S. Krahmer
SGI InfoSearch < - Command Injection
SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.
by rpc
HP OpenView OmniBack II 2.55 - Denial of Service via Port 5555 Connection Flood
HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555.
by Jon Hittner
wwwthreads - SQL Injection via Numeric Data or Table Names
wwwthreads does not properly cleanse numeric data or table names that are passed to SQL queries, which allows remote attackers to gain privileges for wwwthreads forums.
by rain forest puppy
SolutionScripts Home Free - Path Traversal
search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack.
by k0ad k1d
WebWho+ - Remote Command Execution via TLD Parameter
WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.
by loophole
Mdaemon 3.1.1 - Heap Overflow via Long URL
Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.
by Ussr Labs
Qpopper 3.0 - Unauthenticated Buffer Overflow via AUTH Command
Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command.
by Synnergy Networks
Trend Micro InterScan VirusWall 3.23 and 3.3 - Remote Code Execution via Long HELO Command
A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote attacker to execute arbitrary code by sending a long HELO command to the server.
by Alain Thivillon & Stephane Aubert
WFTPD - Buffer Overflow via Nested MKD and CWD Commands
Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
by Alberto Soli
IBM WebSphere ikeyman - Weak Encryption for SSL Key Database Password
IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections.
by Ben Laurie
By Source