Perl Exploits
2,849 exploits tracked across all sources.
Mini-stream RM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Mini-stream WM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Mini-stream ASX to MP3 Converter 3.0.0.7 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Mini-stream RM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Mini-stream WM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Mini-stream RM-MP3 Converter 3.0.0.7 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Mini-stream Shadow Stream Recorder 3.0.1.7 - Remote Code Execution via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream Shadow Stream Recorder 3.0.1.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Mercury/32 4.01a - Authenticated Buffer Overflow via IMAP Command Arguments
Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.
Mini-stream Ripper 3.0.1.1 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Mini-stream RM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Mini-stream WM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Mini-stream RM-MP3 Converter 3.0.0.7 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Mini-stream Shadow Stream Recorder 3.0.1.7 - Remote Code Execution via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream Shadow Stream Recorder 3.0.1.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
UnityMail < 2.0 - Denial of Service via MIME Header Flood
UnityMail allows remote attackers to conduct a denial of service via a large number of MIME headers.
Borland InterBase 6.0 - Local Buffer Overflow via INTERBASE Environment Variable
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
phpoutsourcing Zorum Forum <3.5 - SQL Injection
SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method.
WF-Sections 1.07 - SQL Injection via articleid Parameter
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.
WF-Sections 1.07 - SQL Injection via articleid Parameter
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.
PEAR XML_RPC < 1.3.0 and PHPXMLRPC < 1.1 - Remote Code Execution via Unsanitized XML Input
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
WoltLab Burning Book 1.1.2 - SQL Injection via n Parameter or User-Agent Header
Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header.
SpoonLabs Vivvo Article Management CMS <3.2 - RCE
PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter.
SpoonLabs Vivvo Article Management CMS <3.2 - SQL Injection
SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Site@School <2.4.03 - Remote Code Execution
PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information.
Simple PHP News 1.0 final - Code Injection
Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SimplePHPBlog 0.4.0 - Info Disclosure
SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack.
By Source