Perl Exploits
2,849 exploits tracked across all sources.
ijoomla com_rssfeeder - SQL Injection via cat Parameter
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
by Mehmet Ince
phpWebThings <1.5.2 - SQL Injection
SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by StAkeR
Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)
by Blake Cornell
Open Biller 0.1 - SQL Injection via Username Parameter
SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by YEnH4ckEr
Shop-Script Pro 2.12 - SQL Injection
SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter.
by Ams
Kjtechforce Mailman Beta1 - SQL Injection
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.
by YEnH4ckEr
Joomla! Seminar <1.28 - SQL Injection
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.
by ThE g0bL!N
Online Grades & Attendance <3.2.6 - SQL Injection
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
by YEnH4ckEr
RadCLASSIFIEDS Gold 2.0 - SQL Injection
SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action.
by Br0ly
Online Grades & Attendance 3.2.6 - Credentials Changer SQL
by YEnH4ckEr
Apache APR-util < 1.3.7 - Denial of Service via XML Entity Expansion
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
by kingcope
CVSS 7.5
ZeusCart 2.3 - SQL Injection via maincatid Parameter
SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.
by Br0ly
Microsoft Internet Information Services 5.0 - Authentication Bypass via WebDAV URL Decoding
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
by ka0x
cpCommerce 1.2.0-1.2.8 - Remote File Inclusion and Directory Traversal via GLOBALS[prefix] Parameter
_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500.
by StAkeR
CVSS 9.8
Nullsoft Winamp < 5.552 - Remote Code Execution via Crafted MAKI File
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
by Encrypt3d.M!nd
Dog Pedigree Online Database 1.0.1b - Blind SQL Injection
by YEnH4ckEr
Zervit Web Server 0.04 - GET Remote Buffer Overflow (PoC)
by Stack
PHPenpals < 1.1 - SQL Injection via profile.php personalID Parameter
SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected.
by Br0ly
Sonic Spot Audioactive Player 1.93b - Stack-based Buffer Overflow via Playlist File
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file.
by hack4love
PHPenpals < 1.1 - SQL Injection via mail.php ID Parameter
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.
by Br0ly
Haudenschilt Family Connections CMS <1.9 - SQL Injection
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.
by YEnH4ckEr
Mini-stream CastRipper 2.50.70 - Stack-based Buffer Overflow via Long URL in PLS Playlist
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-2009-1667.
by zAx
By Source