Perl Exploits
2,854 exploits tracked across all sources.
Multiple HTTP Server - 'slowloris.pl' Low Bandwidth Denial of Service
by RSnake
Carom3D 5.06 - DoS
The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service (application hang) via a crafted HTTP request to TCP port 28012.
by LiquidWorm
iJoomla RSS Feeder - SQL Injection
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
by Mehmet Ince
phpWebThings <1.5.2 - SQL Injection
SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by StAkeR
Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)
by Blake Cornell
Open Biller 0.1 - SQL Injection
SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by YEnH4ckEr
Shop-Script Pro 2.12 - SQL Injection
SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter.
by Ams
Kjtechforce Mailman Beta1 - SQL Injection
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.
by YEnH4ckEr
Joomla! Seminar <1.28 - SQL Injection
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.
by ThE g0bL!N
Online Grades & Attendance <3.2.6 - SQL Injection
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
by YEnH4ckEr
RadCLASSIFIEDS Gold 2.0 - SQL Injection
SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action.
by Br0ly
Online Grades & Attendance 3.2.6 - Credentials Changer SQL
by YEnH4ckEr
Apache APR-util <1.3.7 - DoS
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
by kingcope
CVSS 7.5
Zeuscart - SQL Injection
SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.
by Br0ly
Microsoft Internet Information Services - Authentication Bypass
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
by ka0x
cpCommerce 1.2.x - RCE
_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500.
by StAkeR
CVSS 9.8
Nullsoft Winamp < 5.55 - Numeric Error
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
by Encrypt3d.M!nd
Dog Pedigree Online Database 1.0.1b - Blind SQL Injection
by YEnH4ckEr
Zervit Web Server 0.04 - GET Remote Buffer Overflow (PoC)
by Stack
PHPenpals - SQL Injection
SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected.
by Br0ly
Sonicspot Audioactive Player - Memory Corruption
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file.
by hack4love
Jevontech Phpenpals < 1.1 - SQL Injection
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.
by Br0ly
By Source