Perl Exploits
2,854 exploits tracked across all sources.
Insanevisions Onecms - SQL Injection
SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter.
by Cod3rZ
Igaming Cms - SQL Injection
SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Cod3rZ
Internet Scout Scout Portal Toolkit < 1.3.1 - SQL Injection
Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0.
by JosS
Sitexs Cms - Access Control
Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
by Hadi Kiamarsi
KnowledgeQuest 2.6 - Administration Multiple Authentication Bypass Vulnerabilities
by Cod3rZ
Wh-com Com Webhosting < 1.1 - SQL Injection
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by cO2
Joomla! Component paxxgallery 0.2 - 'gid' Blind SQL Injection
by ZAMUT
Joomla! com_alphacontent 2.5.8 - SQL Injection
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
by cO2
Clever Copy 3.0 - SQL Injection
SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583.
by U238
YouTube Clone Script - 'spages.php' Remote Code Execution
by Inphex
Web Calendar Pro <4.1 - SQL Injection
SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
by t0pP8uZz
XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection
by S@BUN
Cale Dunlap Openinvoice - Authentication Bypass
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.
by t0pP8uZz
Cale Dunlap Openinvoice < 0.90 - Credentials Management
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
by t0pP8uZz
DivX Player <6.7.0.22 - Buffer Overflow
Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file.
by securfrog
1024 CMS <1.3.1 - Path Traversal
Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1.
by girex
1024 CMS <1.4.2 - SQL Injection
SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie.
by girex
Borland InterBase 2007 SP2 - Buffer Overflow
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244.
by Liu Zhen Hua
Integry Systems LiveCart <1.1.1 - SQL Injection
SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI.
by irvian
Lightneasy - Information Disclosure
LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.
by girex
KnowledgeQuest <2.7 - Auth Bypass
KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts.
by t0pP8uZz
LokiCMS <0.3.3 - Code Injection
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter.
by girex
Xpoze Pro <3.05 - SQL Injection
SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter.
by t0pP8uZz
By Source