Perl Exploits
2,849 exploits tracked across all sources.
iGaming CMS <= 1.3.1 - SQL Injection via Section Parameter
SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.
by Eugene Minaev
0DayDB 2.3 - 'id' Remote Authentication Bypass
by Pr0metheuS
McAfee E-Business Server <= 8.5.2 - Remote Code Execution via Long Authentication Packet
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.
by Leon Juranic
SmallNuke 2.0.4 - SQL Injection via User Email Parameter
SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.
by Eugene Minaev
PHP Webquest 2.6 - SQL Injection via id_actividad Parameter
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.
by ka0x
FlexBB < 0.6.3 - SQL Injection via flexbb_temp_id Cookie Parameter
SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.
by Eugene Minaev
eggblog < 3.1.0 - SQL Injection via eggblogpassword Cookie Parameter
SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.
by Eugene Minaev
RunCMS 1.6.1 - SQL Injection via Client-Ip Parameter
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter.
by Eugene Minaev
Niek Albers CoolPlayer <216 - Buffer Overflow
Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c.
by Trancek
NetRisk 1.9.7 - Unauthenticated Arbitrary Password Change via Direct Request
NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request.
by Cod3rZ
ClipShare 2.6 - Unauthenticated Arbitrary User Profile Modification via uid Parameter
ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php.
by Pr0metheuS
Zenphoto 1.1-1.1.3 - SQL Injection via rss.php albumnr Parameter
SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.
by Silentz
WebPortal CMS <0.6.0 - SQL Injection
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.
by x0kster
March Networks DVR 3204 - Info Disclosure
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
by Alex Hernandez
XZero Community Classifieds <4.95.11 - SQL Injection
SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.
by Kw3[R]Ln
XZero Community Classifieds <4.95.11 - Path Traversal
Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action.
by Kw3[R]Ln
RunCMS - SQL Injection via lid Parameter
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
by sh2kerr
RunCMS - SQL Injection via lid Parameter
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
by sh2kerr
AuraCMS 2.2 - Authenticated Path Traversal and Arbitrary File Execution via Index.php Act Parameter
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request.
by k1tk4t
BadBlue < 2.72b - Remote Code Execution via PassThru Query String Overflow
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.
by Jacopo Cervini
PHP ZLink 0.3 - SQL Injection via id Parameter
SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by DNX
OpenSSL 0.9.7-0.9.7k and 0.9.8-0.9.8c - Denial of Service via Null Pointer Dereference in SSLv2 Client
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
by Noam Rathaus
ClamAV < 0.91.2 - Remote Code Execution via Shell Metacharacters in Sendmail Recipient Field
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
by eliteboy
3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow
by Marcin Kozlowski
By Source