Perl Exploits
2,849 exploits tracked across all sources.
AuraCMS 2.2 - SQL Injection via Albums Parameter
SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.
by DNX
ADOdb Lite < 1.42 - Remote Code Execution via last_module Parameter
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
by Iron
ADOdb Lite < 1.42 - Remote Code Execution via last_module Parameter
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
by Iron
dBpowerAMP Audio Player Release 2 - Buffer Overflow via Long URI in .M3U File
Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.
by securfrog
Mybulletinboard - SQL Injection
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
by F
Nero MediaPlayer < 1.4.0.35 - Remote Code Execution via Long URI in M3U File
Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file.
by securfrog
dBpowerAMP Audio Player Release 2 - Buffer Overflow via Long URI in .M3U File
Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.
by securfrog
A-Blog 2 - Cross-Site Scripting via Search Words Parameter
Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
by Khashayar Fereidani
WS_FTP Server 6.1.0.0 - Authenticated Buffer Overflow via Long Opendir Command
Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.
by securfrog
A-Blog 2 - SQL Injection via News Action ID Parameter
SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action.
by Khashayar Fereidani
Titan FTP Server 6.03 and 6.0.5.549 - Heap-Based Buffer Overflow via USER or PASS Command
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.
by securfrog
ibProArcade < 3.3.0 - SQL Injection via g_display_order Cookie Parameter
SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter.
by RST/GHC
Connectix Boards < 0.8.2 - Remote Code Execution via Template Path Parameter
PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter.
by Houssamix
SetCMS 3.6.5 - Path Traversal and Arbitrary File Execution via set Parameter
Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php.
by RST/GHC
Invision Gallery < 2.0.7 - SQL Injection via Album Parameter
SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.
by RST/GHC
Galaxyscripts Mini File Host < 1.2.1 - Unauthenticated Path Traversal via Language Parameter
Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
by shinmai
AuraCMS 1.62 - Remote Code Execution via X-Forwarded-For Header
stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.
by k1tk4t
GradMan < 0.1.3 - Path Traversal and Arbitrary File Execution via Tabla Parameter
Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter.
by JosS
Peter's Math Anti-Spam Spinoff - Info Disclosure
Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip.
by Romero
Xforum 1.4 - SQL Injection via Topic Parameter
SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected.
by j0j0
Fortinet FortiGate-1000 <3.00 - Auth Bypass
Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058.
by Danux
RichStrong CMS - SQL Injection via showproduct.asp cat Parameter
SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by JosS
Agares PhpAutoVideo 2.21 - SQL Injection via articlecat Parameter
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
by Pr0metheuS
PhotoKorn - Exposure of Sensitive Database Credentials via Direct Request to update3.php
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.
by Pr0metheuS
By Source