Perl Exploits
2,849 exploits tracked across all sources.
Joomla! Component QuickTime VR 0.1 - SQL Injection
by Houssamix
Joomla! Component is 1.0.1 - Multiple SQL Injections
by Houssamix
Novell GroupWise Messenger < 2.0.3 HP1 - Remote Code Execution via Spoofed Server Response
Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.
by Francisco Amato
BareNuked CMS 1.1.0 - SQL Injection
SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the password parameter.
by CWH Underground
AShop Deluxe 4.x - SQL Injection via Catalogue.php Cat Parameter
SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by n0c0py
Joomla com_xewebtv - SQL Injection via id Parameter
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
by His0k4
Mambo Component Articles - 'artid' Blind SQL Injection
by Ded MustD!e
BitTorrent < 6.0.3 - Denial of Service via Malformed HTTP Range Header
The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header.
by Exodus
BlogPHP 2.0 - Privilege Escalation via Email Parameter in Register Action
index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.
by Cod3rZ
IGSuite 3.2.4 - SQL Injection via formid Parameter
SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows remote attackers to execute arbitrary SQL commands via the formid parameter.
by Guido Landi
Scientific Image DataBase 0.41 - SQL Injection via projects.php id Parameter
SQL injection vulnerability in projects.php in Scientific Image DataBase 0.41 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by t0pP8uZz
le.cms < 1.4 - Unauthenticated Arbitrary File Upload via admin/upload.php
admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.
by t0pP8uZz
Comparison Engine Power Script 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mr.SQL
MyMarket 1.72 - SQL Injection via Shopping Index ID Parameter
SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by anonymous
dana_irc_client < 1.3 - Stack-based Buffer Overflow via Long IRC Message
Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long IRC message.
by t0pP8uZz
Cartweaver 3.0 - SQL Injection via details.php prodId Parameter
SQL injection vulnerability in details.php in Application Dynamics Cartweaver 3.0 allows remote attackers to execute arbitrary SQL commands via the prodId parameter, possibly a related issue to CVE-2006-2046.3.
by anonymous
Red Hat Enterprise Linux 5 and Fedora 6-8 - Denial of Service via CWD Command Memory Leak
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
by Praveen Darshanam
WebChamado 1.1 - SQL Injection via eml Parameter
SQL injection vulnerability in admin/index.php in WebChamado 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the eml parameter.
by CWH Underground
Mambo Component Galleries 1.0 - 'aid' SQL Injection
by Houssamix
Gryphon gllcTS2 4.2.4 - SQL Injection via listing.php sort Parameter
SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the sort parameter.
by anonymous
By Source