Perl Exploits
2,854 exploits tracked across all sources.
Joomla! - SQL Injection
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.
by EcHoLL
Joomla! Component com_na_newsdescription - 'newsid' SQL Injection
by EcHoLL
Cybershade CMS 0.2b - RCE
Multiple PHP remote file inclusion vulnerabilities in index.php in Cybershade CMS 0.2b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) THEME_header and (2) THEME_footer parameters.
by JosS
Destiny Media Player 1.61 - '.lst' Local Buffer Overflow (4)
by Stack
Destiny Media Player 1.61 - '.lst' Local Buffer Overflow (3)
by Houssamix
Destiny Media Player 1.61 - '.lst' Local Buffer Overflow (2)
by sCORPINo
Pirateradio Destiny Media Player - Memory Corruption
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
by Encrypt3d.M!nd
PNphpBB2 <1.2i - Path Traversal
Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, and (6) admin_users.php in admin/.
by StAkeR
Pirateradio Destiny Media Player - Memory Corruption
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
by Encrypt3d.M!nd
Pirateradio Destiny Media Player - Memory Corruption
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
by aBo MoHaMeD
Elecard MPEG Player <5.5 - Buffer Overflow
Stack-based buffer overflow in Elecard MPEG Player 5.5 build 15884.081218 allows remote attackers to execute arbitrary code via a M3U file containing a long URL.
by aBo MoHaMeD
Audacity <1.3.6 - Buffer Overflow
Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.
by Houssamix
PHPFootball <1.6 - Info Disclosure
filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown.
by KinG-LioN
WebKit <3.2 - DoS
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.
by Jeremy Brown
Upb - XSS
Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
by StAkeR
Microsoft Internet Explorer - Resource Management Error
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
by Jeremy Brown
Amaya Web Browser 11.0.1 (Windows Vista) - Remote Buffer Overflow
by SkD
Hex Workshop 5.1.4 - Buffer Overflow
Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file.
by Encrypt3d.M!nd
BulletProof FTP Client - Buffer Overflow
Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.
by Stack
China-on-site Flexphplink - Improper Input Validation
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.
by Osirys
Deluxebb < 1.2 - SQL Injection
SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989.
by StAkeR
Hotel Booking Reservation System - Joomla! SQL Injection
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.
by EcHoLL
By Source