Perl Exploits
2,849 exploits tracked across all sources.
Butterfly Organizer 2.0.0 - Unauthenticated Arbitrary Category and Account Deletion via Parameter Manipulation
Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php.
by Stack
Clever Copy 3.0 - SQL Injection via Search Type Parameter
SQL injection vulnerability in results.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the searchtype parameter.
by anonymous
jamm_cms - SQL Injection via id Parameter
SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by anonymous
Telephone Directory 2008 - Unauthenticated Arbitrary Contact Deletion via id Parameter
del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable.
by Stack
iJoomla News Portal (com_news_portal) < 1.0 - SQL Injection via Itemid Parameter
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
by ilker Kandemir
Galatolo WebManager 1.0 - SQL Injection via view.php id Parameter
SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Stack
Joomla com_yvcomment <= 1.16.0 - SQL Injection via ArticleID Parameter
SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.
by His0k4
Joomla com_gameq <= 4.0 - SQL Injection via category_id Parameter
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.
by His0k4
freeSSHd 1.2.1 - Authenticated Stack-Based Buffer Overflow via SSH_FXP_OPENDIR Command
Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.
by ryujin
Asterisk Open Source < 1.2.29 and Business Edition < B.2.5.3 - Denial of Service via SIP INVITE Without From Header
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
by Armando Oliveira
JotLoader < 1.2.1.a - SQL Injection via cid Parameter
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
by His0k4
Joomla EasyBook Component 1.1 - SQL Injection via gbid Parameter
SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php.
by ZAMUT
JooBlog (com_jb2) 0.1.1 - SQL Injection via CategoryID Parameter
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.
by His0k4
JooBlog 0.1.1 - SQL Injection via PostID Parameter
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
by His0k4
MDaemon < 9.6.5 - Denial of Service via Crafted HTTP POST Request
The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by securfrog
Joomla com_acctexp 0.12.x and earlier - SQL Injection via Usage Parameter
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.
by His0k4
Joomla! / Mambo Component Joo!BB 0.5.9 - 'forum' SQL Injection
by His0k4
Samba 3.0.0-3.0.29 - Remote Code Execution via Crafted SMB Response
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
by Guido Landi
Alt-N SecurityGateway 1.0.1 - Stack-Based Buffer Overflow via Long Username Parameter
Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.
by securfrog
Joomla com_mycontent 1.1.13 - SQL Injection via id Parameter
SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
by His0k4
Joomla! Bulletin Board (com_joobb) 0.5.9 - SQL Injection via Forum Parameter
SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php.
by His0k4
freeSSHd 1.2.1 - Authenticated Stack-Based Buffer Overflow via SSH_FXP_OPENDIR Command
Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.
by securfrog
Joomla com_biblestudy < 6.0.7b - SQL Injection via id Parameter
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.
by Stack
PHP Booking Calendar <1.0c - SQL Injection
SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
by Stack
MambAds 1.0 RC1 Beta and 1.0 RC1 - SQL Injection via ma_cat Parameter
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
by Houssamix
By Source