Perl Exploits
2,849 exploits tracked across all sources.
com_simpleboard < 1.0.1 - Unauthenticated Arbitrary File Upload via image_upload.php
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.
by t0pP8uZz
7shop < 1.1 - Unauthenticated Arbitrary File Upload via Image Upload
Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.
by t0pP8uZz
H2O-CMS 3.4 - PHP Code Injection / Cookie Authentication Bypass
by StAkeR
e107 easyshop_plugin - SQL Injection via category_id Parameter
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
by StAkeR
Graphiks MyForum 1.3 - SQL Injection via lecture.php id Parameter
SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Vrs-hCk
MindDezign Photo Gallery 2.2 - SQL Injection via Username Parameter
SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788.
by CWH Underground
VLC media player - Remote Code Execution via Crafted TY File Integer Overflow
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
by Guido Landi
SilverSHielD 1.0.2.34 - Denial of Service via SFTP Opendir Command
SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command.
by Jeremy Brown
MindDezign Photo Gallery 2.2 - Unauthenticated Privilege Escalation via Username Parameter
The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php.
by CWH Underground
GoodTech SSH 6.4 - Authenticated Stack-Based Buffer Overflow via SFTP Parameters
Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters.
by r0ut3r
freeSSHd 1.2.1 - Authenticated Stack-Based Buffer Overflow via Long Argument to Rename or Realpath Parameters
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.
by Jeremy Brown
freeSSHd 1.2.1 - Authenticated Stack-Based Buffer Overflow via Long Argument to Rename or Realpath Parameters
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.
by Jeremy Brown
LoudBlog <= 0.8.0a - Authenticated SQL Injection via colpick Parameter
SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a and earlier allows remote authenticated users to execute arbitrary SQL commands via the colpick parameter in a singleread action.
by Xianur0
VLC media player - Remote Code Execution via Crafted TY File Integer Overflow
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
by Guido Landi
uTorrent < 1.7.7 and BitTorrent < 6.0.3 - Stack-Based Buffer Overflow via .torrent Created By Field
Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file.
by Guido Landi
Sun Solaris 8 and 9 - Stack-Based Buffer Overflow in adm_build_path Function
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
by kingcope
SpoonLabs Vivvo Article Management CMS < 3.40 - SQL Injection via Category Parameter
SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
by Xianur0
e107 < 0.7.13 - Authenticated SQL Injection via ue[] Parameter
SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.
by girex
GesGaleri - SQL Injection via Index.php No Parameter
SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter.
by EcHoLL
MRBS < 1.4 - SQL Injection via Area Parameter
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
by Xianur0
iGaming CMS 2.0 Alpha 1 - SQL Injection via search.php keywords parameter
SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action.
by StAkeR
Etype Eserv 3.x - Stack-based Buffer Overflow via ABOR Command
Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, possibly 3.26, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command.
by LiquidWorm
LokiCMS 0.3.4 - Unauthenticated Configuration Modification via LokiACTION Parameter
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.
by girex
By Source