Perl Exploits
2,854 exploits tracked across all sources.
Novell eDirectory <8.8 SP3 - RCE
Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow.
by Praveen Darshanam
Mediacommands Media Commands - Memory Corruption
Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file.
by Hakxer
POP Peeper 3.4.0.0 - UIDL Remote Buffer Overflow (SEH)
by Jeremy Brown
BreakPoint Software Hex Workshop <6 - Buffer Overflow
Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex) file. NOTE: some of these details are obtained from third party information.
by DATA_SNIPER
Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow (PoC)
by musashi karak0rsan
Coppermine Photo Gallery 1.4.20 - 'IMG' Privilege Escalation
by Inphex
Pyrophobia 2.1.3.1 - Path Traversal
Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information.
by Osirys
Adobe Reader <9.0 - Buffer Overflow
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
by Guido Landi
CVSS 7.8
MAXdev MDPro/Postnuke - SQL Injection
SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php.
by StAkeR
Free Arcade Script 1.0 - Path Traversal
Directory traversal vulnerability in pages/play.php in Free Arcade Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
by Osirys
Got All Media 7.0.0.3 - Remote Denial of Service
by LiquidWorm
Graugon Forum 1 - 'id' Command Injection / SQL Injection
by Osirys
Firepack - '/admin/ref.php' Remote Code Execution
by Lidloses_Auge
TPTEST <3.1.7 - Buffer Overflow
Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 and earlier, and possibly 5.02, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a STATS line with a long pwd field. NOTE: some of these details are obtained from third party information.
by ffwd
TPTEST 3.1.7 - Buffer Overflow
Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 allows remote attackers to have an unknown impact via a STATS line with a long email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ffwd
simplePms CMS 0.1.4 - Local File Inclusion / Remote Command Execution
by Osirys
Ea-style Gbook - Code Injection
PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter.
by bd0rk
Cmsfaethon Cms Faethon - SQL Injection
SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter.
by Osirys
BlogWrite 0.91 - Remote File Disclosure / SQL Injection
by Osirys
Daman371 Bloggeruniverse - SQL Injection
SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors.
by Osirys
Fluorine CMS 0.1 rc 1 - File Disclosure / SQL Injection / Command Execution
by Osirys
ProFTPD Server <1.3.2rc2 - SQL Injection
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
by AlpHaNiX
By Source