Perl Exploits

2,854 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-0291 EXPLOITDB perl VERIFIED
Hangzhou Rui-qiang Richstrong Cms - SQL Injection
SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by JosS
CVE-2008-0262 EXPLOITDB perl VERIFIED
Agares Media Phpautovideo - SQL Injection
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
by Pr0metheuS
CVE-2008-0297 EXPLOITDB perl VERIFIED
Keil Software Photokorn - Information Disclosure
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.
by Pr0metheuS
CVE-2008-0255 EXPLOITDB perl VERIFIED
Igamingcms Igaming Cms < 1.3.1 - SQL Injection
SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.
by Eugene Minaev
EIP-2026-104800 EXPLOITDB perl VERIFIED
0DayDB 2.3 - 'id' Remote Authentication Bypass
by Pr0metheuS
CVE-2008-0127 EXPLOITDB perl VERIFIED
Mcafee E-business Server < 8.5.2 - Memory Corruption
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.
by Leon Juranic
CVE-2008-0147 EXPLOITDB perl VERIFIED
Smallnuke - SQL Injection
SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.
by Eugene Minaev
CVE-2008-0219 EXPLOITDB perl VERIFIED
Php Webquest - SQL Injection
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.
by ka0x
CVE-2008-0157 EXPLOITDB perl VERIFIED
Flexbb < 0.6.3 - SQL Injection
SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.
by Eugene Minaev
CVE-2008-0159 EXPLOITDB perl VERIFIED
Eggblog < 3.1.0 - SQL Injection
SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.
by Eugene Minaev
CVE-2008-0224 EXPLOITDB perl VERIFIED
Runcms - SQL Injection
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter.
by Eugene Minaev
CVE-2006-6288 EXPLOITDB perl VERIFIED
Niek Albers CoolPlayer <216 - Buffer Overflow
Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c.
by Trancek
CVE-2008-7155 EXPLOITDB perl VERIFIED
NetRisk 1.9.7 - Info Disclosure
NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request.
by Cod3rZ
CVE-2008-7188 EXPLOITDB perl VERIFIED
ClipShare 2.6 - Info Disclosure
ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php.
by Pr0metheuS
CVE-2007-6666 EXPLOITDB perl VERIFIED
Zenphoto <1.1.3 - SQL Injection
SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.
by Silentz
CVE-2007-6664 EXPLOITDB perl VERIFIED
WebPortal CMS <0.6.0 - SQL Injection
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.
by x0kster
EIP-2026-106285 EXPLOITDB perl VERIFIED
CustomCMS 3.1 - 'vars.php' SQL Injection
by Pr0metheuS
CVE-2007-6638 EXPLOITDB perl VERIFIED
March Networks DVR 3204 - Info Disclosure
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
by Alex Hernandez
CVE-2007-6566 EXPLOITDB perl VERIFIED
XZero Community Classifieds <4.95.11 - SQL Injection
SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.
by Kw3[R]Ln
CVE-2007-6567 EXPLOITDB perl VERIFIED
XZero Community Classifieds <4.95.11 - Path Traversal
Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action.
by Kw3[R]Ln
CVE-2007-6544 EXPLOITDB perl VERIFIED
RunCMS <1.6.1 - SQL Injection
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
by sh2kerr
CVE-2007-6544 EXPLOITDB perl VERIFIED
RunCMS <1.6.1 - SQL Injection
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
by sh2kerr
CVE-2007-6552 EXPLOITDB perl VERIFIED
AuraCMS 2.2 - Path Traversal
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request.
by k1tk4t
CVE-2007-6377 EXPLOITDB perl VERIFIED
BadBlue <2.72b - Buffer Overflow
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.
by Jacopo Cervini
CVE-2007-6578 EXPLOITDB perl VERIFIED
PHP ZLink 0.3 - SQL Injection
SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by DNX
By Source
All 2,854 Exploitdb 50,121 Writeup 46,758 Nomisec 21,200 Metasploit 3,189 Github 2,253 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,740 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24