Perl Exploits

2,854 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5953 EXPLOITDB perl VERIFIED
KTPCCD CMS - Path Traversal
Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to the default URI.
by CWH Underground
CVE-2008-7066 EXPLOITDB perl VERIFIED
2enetworx Openforum - Access Control
OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters.
by CWH Underground
CVE-2008-5636 EXPLOITDB perl VERIFIED
Lito Lite CMS - SQL Injection
SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by CWH Underground
CVE-2008-5180 EXPLOITDB MEDIUM perl VERIFIED
Microsoft Communicator - DoS
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
by Praveen Darshanam
CVSS 5.3
CVE-2008-5628 EXPLOITDB perl VERIFIED
CMS little <0.0.1 - SQL Injection
SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter.
by CWH Underground
CVE-2008-7069 EXPLOITDB perl VERIFIED
Paul Arbogast Accms < 0.0.2 - Information Disclosure
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.
by StAkeR
CVE-2008-5289 EXPLOITDB perl VERIFIED
Clean CMS 1.5 - SQL Injection
SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by JosS
CVE-2008-5282 EXPLOITDB perl VERIFIED
W3C Amaya Web Browser 10.0.1 - Buffer Overflow
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
by r0ut3r
CVE-2008-5282 EXPLOITDB perl VERIFIED
W3C Amaya Web Browser 10.0.1 - Buffer Overflow
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
by r0ut3r
EIP-2026-116422 EXPLOITDB perl VERIFIED
Total Video Player - 'vcen.dll' Remote Off-by-One Crash
by Cnaph
CVE-2008-7079 EXPLOITDB perl VERIFIED
Nero Showtime - Memory Corruption
Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619.
by LiquidWorm
CVE-2008-7064 EXPLOITDB perl VERIFIED
Quicksilver Forums - Path Traversal
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
by girex
CVE-2008-5418 EXPLOITDB perl VERIFIED
PunPortal <2.0 - Path Traversal
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
by StAkeR
CVE-2008-5220 EXPLOITDB perl VERIFIED
wPortfolio <0.3 - RCE
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.
by Osirys
CVE-2008-6952 EXPLOITDB perl VERIFIED
Cms.maury91 Maurycms - SQL Injection
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
by StAkeR
CVE-2008-5491 EXPLOITDB perl VERIFIED
SlimCMS <1.0.0 - SQL Injection
SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter.
by StAkeR
CVE-2008-2214 EXPLOITDB perl VERIFIED
Castle Rock Snmpc < 7.1 - Memory Corruption
Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.
by Praveen Darshanam
CVE-2008-2292 EXPLOITDB perl VERIFIED
Net-snmp - Memory Corruption
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
by Praveen Darshanam
EIP-2026-109408 EXPLOITDB perl VERIFIED
MemHT Portal 4.0 - Remote Code Execution
by Ams
EIP-2026-109293 EXPLOITDB perl VERIFIED
Mambo Component n-form - 'form_id' Blind SQL Injection
by boom3rang
CVE-2008-5036 EXPLOITDB perl VERIFIED
Videolan Vlc Media Player - Memory Corruption
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
by SkD
CVE-2008-6659 EXPLOITDB perl VERIFIED
Simple Machines Forum - Path Traversal
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.
by ~elmysterio
CVE-2008-4889 EXPLOITDB perl VERIFIED
Dev!l's Clanportal < 1.4.9.6 - SQL Injection
SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.
by anonymous
CVE-2008-5045 EXPLOITDB perl VERIFIED
Network-client.com FTP Now - Memory Corruption
Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long.
by DeltahackingTEAM
CVE-2008-6553 EXPLOITDB perl VERIFIED
Impliedbydesign Micro-cms < 0.3.5 - Authentication Bypass
microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action.
by StAkeR
By Source
All 2,854 Exploitdb 50,121 Writeup 46,717 Nomisec 21,135 Metasploit 3,189 Github 2,247 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,737 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24