Perl Exploits

2,854 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-2643 EXPLOITDB perl VERIFIED
Joomla Com Biblestudy < 6.0.7b - SQL Injection
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.
by Stack
CVE-2006-1422 EXPLOITDB perl VERIFIED
PHP Booking Calendar <1.0c - SQL Injection
SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
by Stack
CVE-2008-5226 EXPLOITDB perl VERIFIED
MambAds 1.0 RC1 - SQL Injection
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
by Houssamix
CVE-2007-5962 EXPLOITDB perl VERIFIED
vsftpd <2.0.5 - DoS
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
by Praveen Darshanam
CVE-2008-2499 EXPLOITDB perl VERIFIED
IBM Lotus Sametime < 7.5 - Memory Corruption
Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.
by Manuel Santamarina Suarez
CVE-2008-2459 EXPLOITDB perl VERIFIED
Entertainmentscript - Path Traversal
Directory traversal vulnerability in page.php in EntertainmentScript 1.4.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
by Stack
CVE-2008-2395 EXPLOITDB perl VERIFIED
Alkalinephp < 0.80.00 - SQL Injection
SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Stack
CVE-2007-5752 EXPLOITDB perl VERIFIED
Agtc Websolutions Php-agtc Membership System - Authentication Bypass
adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges.
by t0pP8uZz
CVE-2008-2347 EXPLOITDB perl VERIFIED
Mypicgallery - Authentication Bypass
MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.
by t0pP8uZz
CVE-2008-2348 EXPLOITDB perl VERIFIED
Meltingicefs Meltingice File System - Access Control
MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php.
by t0pP8uZz
CVE-2008-2416 EXPLOITDB perl VERIFIED
Fichive - SQL Injection
SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter in a Fiction action, possibly related to sources/fiction.class.php.
by His0k4
CVE-2008-2425 EXPLOITDB perl VERIFIED
Fichive - SQL Injection
SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the letter parameter in a Search action, a different vector than CVE-2008-2416. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by His0k4
CVE-2008-2356 EXPLOITDB perl VERIFIED
Archangelmgt Archangel Weblog < 0.90.02 - SQL Injection
SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
by Stack
EIP-2026-100576 EXPLOITDB perl VERIFIED
StanWeb.CMS - SQL Injection
by JosS
CVE-2008-2339 EXPLOITDB perl VERIFIED
Turnkeywebtools Sunshop Shopping Cart - SQL Injection
SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549.
by irvian
CVE-2008-2294 EXPLOITDB perl VERIFIED
Mreaves Pet Grooming Management System - Access Control
Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin."
by t0pP8uZz
CVE-2008-2522 EXPLOITDB perl VERIFIED
Haudenschilt Battlenet Clan Script < 1.5.3 - SQL Injection
SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action.
by Stack
CVE-2008-2536 EXPLOITDB perl VERIFIED
Yabsoft Advanced Image Hosting Script < 2.1 - SQL Injection
SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter.
by Stack
CVE-2008-2454 EXPLOITDB perl VERIFIED
Joomla Com Xsstream-dm - SQL Injection
SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php.
by Houssamix
CVE-2008-1802 EXPLOITDB perl VERIFIED
rdesktop 1.5.0 - RCE
Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.
by Guido Landi
CVE-2008-2411 EXPLOITDB perl VERIFIED
Sazcart < 1.5 - SQL Injection
SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action.
by JosS
CVE-2008-2161 EXPLOITDB perl VERIFIED
Tftp Server SP - Memory Corruption
Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.
by tixxDZ
CVE-2005-1666 EXPLOITDB perl VERIFIED
Orenosv HTTP FTP Server < 0.8.1 - Buffer Overflow
Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2) ftp_is_canonical, or (3) os_fn_nativize functions, or (4) a long SSI command that is processed by the parse_cmd function in cgissi.exe.
by Samsta
CVE-2008-2223 EXPLOITDB perl VERIFIED
Buyscripts Vshare Youtube Clone - SQL Injection
SQL injection vulnerability in group_posts.php in vShare YouTube Clone 2.6 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
by Saime
CVE-2008-1801 EXPLOITDB perl VERIFIED
rdesktop <1.5.0 - DoS/RCE
Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.
by Guido Landi
By Source
All 2,854 Exploitdb 50,121 Writeup 46,751 Nomisec 21,199 Metasploit 3,189 Github 2,250 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,738 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24