Perl Exploits

2,854 exploits tracked across all sources.

Sort: Activity Stars
CVE-2006-4343 EXPLOITDB perl VERIFIED
Openssl - NULL Pointer Dereference
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
by Noam Rathaus
CVE-2007-4560 EXPLOITDB perl VERIFIED
ClamAV <0.91.2 - RCE
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
by eliteboy
EIP-2026-119563 EXPLOITDB perl VERIFIED
3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow
by Marcin Kozlowski
EIP-2026-117363 EXPLOITDB perl VERIFIED
jetAudio 7.0.5 COWON Media Center MP4 - Local Stack Overflow
by SYS 49152
CVE-2007-6466 EXPLOITDB perl VERIFIED
FreeWebshop 2.2.1 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected.
by k1tk4t
EIP-2026-107247 EXPLOITDB perl VERIFIED
FreeWebShop 2.2.7 - 'cookie' Admin Password Grabber
by k1tk4t
CVE-2007-6466 EXPLOITDB perl VERIFIED
FreeWebshop 2.2.1 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected.
by k1tk4t
CVE-2007-6341 EXPLOITDB perl VERIFIED
Net::DNS <0.60 - DoS
Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.
by beSTORM
EIP-2026-109552 EXPLOITDB perl VERIFIED
MonAlbum 0.87 - Arbitrary File Upload / Password Grabber
by v0l4arrra
CVE-2007-6403 EXPLOITDB perl VERIFIED
Nullsoft Winamp 5.32 - Buffer Overflow
Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assisted remote attackers to execute arbitrary code via crafted unicode in a .mp4 file, with crafted tags, contained in a certain .rar archive, a related issue to CVE-2007-2498. NOTE: for exploitation, the victim must select a certain menu option at the time of the attack.
by SYS 49152
CVE-2007-6401 EXPLOITDB perl VERIFIED
Microsoft Windows Media Player (WMP) 6.4 - Buffer Overflow
Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402.
by SYS 49152
CVE-2007-6402 EXPLOITDB perl VERIFIED
Media Player Classic <6.4.9 - Buffer Overflow
Stack-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6401.
by SYS 49152
CVE-2007-5583 EXPLOITDB perl VERIFIED
Cisco IP Phone 7940 - Memory Corruption
Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.
by MADYNES
CVE-2007-6124 EXPLOITDB perl VERIFIED
Softbiz Freelancers Script - XSS
Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
by Khashayar Fereidani
CVE-2007-6125 EXPLOITDB perl VERIFIED
Softbiz Freelancers Script - SQL Injection
SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
by Khashayar Fereidani
CVE-2007-6134 EXPLOITDB perl VERIFIED
PHPKIT 1.6.4pl1 - SQL Injection
SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773.
by Shadowleet
CVE-2007-3898 EXPLOITDB perl VERIFIED
Microsoft Windows - Info Disclosure
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
by Alla Berzroutchko
CVE-2007-3898 EXPLOITDB perl VERIFIED
Microsoft Windows - Info Disclosure
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
by Alla Berzroutchko
EIP-2026-110878 EXPLOITDB perl VERIFIED
PHP-Nuke Advertising Module 0.9 - 'modules.php' SQL Injection
by 0x90
CVE-2007-2217 EXPLOITDB perl VERIFIED
Kodak Image Viewer - Code Injection
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
by grabarz
CVE-2007-5849 EXPLOITDB perl VERIFIED
CUPS <1.3.4 - RCE
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
by wei_wang
EIP-2026-118667 EXPLOITDB perl VERIFIED
IBM Lotus Domino 7.0.2FP1 - IMAP4 Server LSUB Command
by FistFuXXer
CVE-2007-5082 EXPLOITDB perl VERIFIED
Broadcom Brightstor Hierarchical Storage Manager - Memory Corruption
Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter.
by Nice Name Crew
EIP-2026-114751 EXPLOITDB perl VERIFIED
IBM Lotus Domino 7.0.2 - IMAP4 LSUB Buffer Overflow
by Manuel Santamarina Suarez
CVE-2007-5511 EXPLOITDB perl VERIFIED
Oracle Database Server - SQL Injection
SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain.
by bunker
By Source
All 2,854 Exploitdb 50,121 Writeup 46,758 Nomisec 21,200 Metasploit 3,189 Github 2,253 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,740 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24