Perl Exploits
2,849 exploits tracked across all sources.
Mini-stream CastRipper 2.50.70 - Stack-based Buffer Overflow via Long Entry in .m3u File
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137.
by Stack
Mini-stream CastRipper 2.50.70 - Stack-based Buffer Overflow via Long Entry in .m3u File
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137.
by [0]x80->[H]4x²0r
BigACE CMS 2.5 - SQL Injection via Username Parameter
SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
by YEnH4ckEr
uTopic 1.0 - SQL Injection via Rating Parameter
SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.
by YEnH4ckEr
ViPlay3 3.0 and earlier - Stack-based Buffer Overflow via Long File Entry in .vpl File
Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file entry in a .vpl file.
by LiquidWorm
RTWebalbum 1.0.462 - SQL Injection via AlbumId Parameter
SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter.
by YEnH4ckEr
Soritong MP3 Player 1.0 - Stack-Based Buffer Overflow via Crafted .m3u File
Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file.
by Stack
Sorinara Streaming Audio Player 0.9 - Stack-based Buffer Overflow via Crafted PLA File
Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 allows remote attackers to execute arbitrary code via a crafted .pla file.
by Hakxer
Mini-stream RM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long RTSP URL
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file.
by G4N0K
Mini-stream Easy RM-MP3 Converter 3.0.0.7 - Remote Code Execution via Long RTSP URL or HREF Attribute
Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
by G4N0K
Mini-stream Easy RM-MP3 Converter 3.0.0.7 - Remote Code Execution via Long RTSP URL or HREF Attribute
Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
by G4N0K
Mini-stream Ripper 3.0.1.1 - Remote Code Execution via Long RTSP URL or HREF Attribute
Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
by G4N0K
Mini-stream Ripper 3.0.1.1 - Remote Code Execution via Long RTSP URL or HREF Attribute
Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
by G4N0K
Mini-stream ASX to MP3 Converter 3.0.0.7 - Stack-based Buffer Overflow via Long rtsp URL or HREF Attribute
Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also subsequently reported in "prior to 3.1.3.7."
by G4N0K
Mini-stream ASX to MP3 Converter 3.0.0.7 - Stack-based Buffer Overflow via Long rtsp URL or HREF Attribute
Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also subsequently reported in "prior to 3.1.3.7."
by G4N0K
GrabIt < 1.7.2 Beta 3 - Stack-Based Buffer Overflow via NZB File DTD Reference
Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file.
by Jeremy Brown
Sorinara Streaming Audio Player 0.9 - Stack-based Buffer Overflow via Crafted PLA File
Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 allows remote attackers to execute arbitrary code via a crafted .pla file.
by GoLd_M
webSPELL < 4.2.0e - Path Traversal via Language Cookie
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php.
by DNX
ElectraSoft 32bit FTP 09.04.24 - Stack-based Buffer Overflow via Long FTP Banner
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long banner. NOTE: this might overlap CVE-2003-1368.
by Load 99%
Sorinara Streaming Audio Player 0.9 - Remote Code Execution via Long String in Playlist File
Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
by Stack
GrabIt < 1.7.2 Beta 3 - Stack-Based Buffer Overflow via NZB File DTD Reference
Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file.
by Gaurav Baruah
Sorinara Streaming Audio Player 0.9 - Remote Code Execution via Long String in Playlist File
Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
by Cyber-Zone
TemaTres 1.0.3 and 1.031 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.
by YEnH4ckEr
By Source