Perl Exploits
2,854 exploits tracked across all sources.
ComSndFTP FTP Server <1.3.7 Beta - Code Injection
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.
by demonalex
Universal Reader 1.16.740.0 - 'uread.exe' Denial of Service
by demonalex
AnvSoft Any Video Converter 4.3.6 - Unicode Buffer Overflow
by h1ch4m
Play [EX] 2.1 - '.M3U'/'.PLS'/'.LST' Playlist File Denial of Service
by Death-Shadow-Dark
Elif Keir Knftpd - Memory Corruption
Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command.
by Stefan Schurtz
mmPlayer 2.2 - '.ppl' Local Buffer Overflow (SEH)
by RjRjh Hack3r
mmPlayer 2.2 - '.m3u' Local Buffer Overflow (SEH)
by RjRjh Hack3r
Tiny Server 1.1.5 - Path Traversal
Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request.
by KaHPeSeSe
Createvision Cms - SQL Injection
SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Zwierzchowski Oskar
Joomla! <2.5.2 - SQL Injection
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
by Colin Wong
Splash PRO 1.12.1 - '.avi' File Denial of Service
by Senator of Pirates
Mercury MR804 Router <8.0.3.8.1 Build - DoS
Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service (service hang) via a crafted string in HTTP header fields such as (1) If-Modified-Since, (2) If-None-Match, or (3) If-Unmodified-Since. NOTE: some of these details are obtained from third party information.
by demonalex
TYPSoft FTP Server 1.10 - Multiple Denial of Service Vulnerabilities
by Balazs Makany
4Images 1.7.6-9 - Cross-Site Request Forgery / PHP Code Injection
by Or4nG.M4N
UltraPlayer 2.112 - '.avi' File Denial of Service
by KedAns-Dz
php iReport 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php, or (3) history.php.
by Or4nG.M4N
IDevSpot iSupport <1 - CSRF
Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action.
by Or4nG.M4N
Blade API Monitor 3.6.9.2 - Unicode Stack Buffer Overflow
by FullMetalFouad
Enigma2 Webinterface <1.5 - Path Traversal
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Todor Donev
Enigma2 Webinterface <1.7.0 - Path Traversal
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter.
by Todor Donev
Mjsware M-player - Improper Input Validation
M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file.
by JaMbA
AirTies Air 4450 <1.1.2.18 - DoS
AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader.
by rigan
By Source