Perl Exploits

2,854 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-0802 EXPLOITDB perl VERIFIED
Joomla Com Mediaslide - SQL Injection
SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action.
by Inphex
CVE-2008-1177 EXPLOITDB perl VERIFIED
Affiliate Market 0.1 BETA - SQL Injection
SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Khashayar Fereidani
EIP-2026-113135 EXPLOITDB perl VERIFIED
vKios 2.0.0 - 'cat' SQL Injection
by NTOS-Team
CVE-2008-0735 EXPLOITDB perl VERIFIED
Auracms - SQL Injection
SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.
by DNX
CVE-2007-5056 EXPLOITDB perl VERIFIED
Adodb Lite < 1.42 - Code Injection
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
by Iron
CVE-2007-5056 EXPLOITDB perl VERIFIED
Adodb Lite < 1.42 - Code Injection
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
by Iron
CVE-2008-0661 EXPLOITDB perl VERIFIED
Illustrate Dbpoweramp Audio Player - Memory Corruption
Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.
by securfrog
CVE-2008-0787 EXPLOITDB perl VERIFIED
Mybulletinboard - SQL Injection
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
by F
CVE-2008-0619 EXPLOITDB perl VERIFIED
Nero Mediaplayer < 1.4.0.35 - Memory Corruption
Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file.
by securfrog
CVE-2008-0661 EXPLOITDB perl VERIFIED
Illustrate Dbpoweramp Audio Player - Memory Corruption
Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.
by securfrog
CVE-2008-0676 EXPLOITDB perl VERIFIED
A-blog - XSS
Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
by Khashayar Fereidani
CVE-2008-0590 EXPLOITDB perl VERIFIED
Progress WS FTP Server - Memory Corruption
Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.
by securfrog
CVE-2008-0677 EXPLOITDB perl VERIFIED
A-blog - SQL Injection
SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action.
by Khashayar Fereidani
CVE-2008-0702 EXPLOITDB perl VERIFIED
South River Technologies Titan FTP Server - Memory Corruption
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.
by securfrog
CVE-2008-0770 EXPLOITDB perl VERIFIED
Ibproarcade < 3.3.0 - SQL Injection
SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter.
by RST/GHC
CVE-2008-0502 EXPLOITDB perl VERIFIED
Connectix Boards < 0.8.2 - Code Injection
PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter.
by Houssamix
EIP-2026-114498 EXPLOITDB perl VERIFIED
YaBB SE 1.5.5 - Remote Command Execution
by RST/GHC
CVE-2008-0478 EXPLOITDB perl VERIFIED
Setcms - Path Traversal
Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php.
by RST/GHC
CVE-2008-0421 EXPLOITDB perl VERIFIED
Invision Power Services Invision Gallery < 2.0.7 - SQL Injection
SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.
by RST/GHC
CVE-2008-0357 EXPLOITDB perl VERIFIED
Galaxyscripts Mini File Host < 1.2.1 - Path Traversal
Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
by shinmai
CVE-2008-0390 EXPLOITDB perl VERIFIED
Auracms - Code Injection
stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.
by k1tk4t
CVE-2008-0361 EXPLOITDB perl VERIFIED
Instituto Politicnico Nacional Gradman < 0.1.3 - Path Traversal
Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter.
by JosS
CVE-2008-7216 EXPLOITDB perl VERIFIED
Peter's Math Anti-Spam Spinoff - Info Disclosure
Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating static audio files without any additional distortion, which allows remote attackers to bypass CAPTCHA protection by reading certain bytes from the generated clip.
by Romero
CVE-2008-0279 EXPLOITDB perl VERIFIED
Xforum - SQL Injection
SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected.
by j0j0
CVE-2008-7161 EXPLOITDB perl VERIFIED
Fortinet FortiGate-1000 <3.00 - Auth Bypass
Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypass URL filtering via fragmented GET or POST requests that use HTTP/1.0 without the Host header. NOTE: this issue might be related to CVE-2005-3058.
by Danux
By Source
All 2,854 Exploitdb 50,121 Writeup 46,758 Nomisec 21,200 Metasploit 3,189 Github 2,253 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,740 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24