Perl Exploits
2,849 exploits tracked across all sources.
Lito Lite CMS - SQL Injection via cid Parameter
SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by CWH Underground
Microsoft Office Communicator - Denial of Service via SIP INVITE Request Flood
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
by Praveen Darshanam
CVSS 5.3
little_cms 0.0.1 - SQL Injection via Index.php Term Parameter
SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter.
by CWH Underground
All Club CMS <= 0.0.2 - Exposure of Sensitive Information via Direct Request to accms.dat
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.
by StAkeR
Clean CMS 1.5 - SQL Injection via full_txt.php id Parameter
SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by JosS
W3C Amaya Web Browser 10.0.1 - Buffer Overflow
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
by r0ut3r
W3C Amaya Web Browser 10.0.1 - Buffer Overflow
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
by r0ut3r
Total Video Player - 'vcen.dll' Remote Off-by-One Crash
by Cnaph
Nero ShowTime 5.0.15.0 - Buffer Overflow via Long Entry in .M3U Playlist File
Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619.
by LiquidWorm
Quicksilver Forums <= 1.4.2 - Remote Code Execution via Lang Parameter Backslash Bypass
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
by girex
PunPortal module - Path Traversal via pun_user[language] Parameter
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
by StAkeR
wportfolio < 0.3 - Unauthenticated Arbitrary File Upload via admin/upload_form.php
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.
by Osirys
MauryCMS <= 0.53.2 - SQL Injection via Rss.php c Parameter
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
by StAkeR
slimcms < 1.0.0 - SQL Injection via edit.php pageID Parameter
SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter.
by StAkeR
SNMPc < 7.1 - Stack-based Buffer Overflow via Long Community String in SNMP TRAP Packet
Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.
by Praveen Darshanam
Net-SNMP 5.1.4, 5.2.4, 5.4.1 - Buffer Overflow via Large OCTETSTRING in AVP
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
by Praveen Darshanam
Mambo Component n-form - 'form_id' Blind SQL Injection
by boom3rang
VLC media player 0.9.x - Stack-based Buffer Overflow via RealText Subtitle Parsing
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
by SkD
Simple Machines Forum 1.0-1.0.14 and 1.1-1.1.6 - Authenticated Path Traversal via Theme Directory Parameter
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.
by ~elmysterio
deV!L'z Clanportal <= 1.4.9.6 - SQL Injection via Users Parameter in Addbuddy Operation
SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.
by anonymous
Network-Client FTP Now 2.6 - Denial of Service via 1024-Character 200 Server Response
Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long.
by DeltahackingTEAM
Micro CMS 0.3.5 - Unauthenticated Administrative Account Manipulation
microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action.
by StAkeR
PacketTrap pt360 Tool Suite PRO <2.0.3901.0 - DoS
The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name. NOTE: the issue for vector 4 might exist because of an incomplete fix for CVE-2008-1312.
by Jeremy Brown
e-Commerce Plugin < 3.4 - Unauthenticated Arbitrary File Upload and Remote Code Execution via image_processing.php
Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/.
by t0pP8uZz
By Source