Perl Exploits

2,849 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-4253 EXPLOITDB perl VERIFIED
Envolution < 1.1.0 - SQL Injection via News Module Topic Parameter
SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263.
by k1tk4t
CVE-2007-4183 EXPLOITDB perl VERIFIED
paBugs < 2.0_beta_3 - SQL Injection via cid Parameter
SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
by uimp
CVE-2007-3927 EXPLOITDB perl VERIFIED
Ipswitch IMail Server < 2006.21 - Buffer Overflow in Imailsec
Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe."
by ZhenHan.Liu
CVE-2007-4032 EXPLOITDB perl VERIFIED
CrystalPlayer Pro 1.98 - Buffer Overflow via MLS Playlist File
Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote attackers to execute arbitrary code via a long string in a .mls Playlist file.
by Arham Muhammad
CVE-2007-3925 EXPLOITDB perl VERIFIED
Ipswitch IMail Server < 2006.21 - Authenticated Remote Code Execution via IMAP Search Command
Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
by ZhenHan.Liu
CVE-2007-4008 EXPLOITDB perl VERIFIED
Entertainment Media Sharing CMS - Path Traversal
Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter.
by Kw3[R]Ln
CVE-2007-3958 EXPLOITDB perl VERIFIED
Microsoft Windows Explorer - Denial of Service via GIF File
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif.
by DeltahackingTEAM
CVE-2007-3957 EXPLOITDB perl VERIFIED
Nipun Jain xserver 0.1 alpha - Denial of Service via Long URI in POST Request
Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attackers to cause a denial of service via a POST request with a long URI.
by deusconstruct
CVE-2007-3956 EXPLOITDB perl VERIFIED
TeamSpeak WebServer 2.0 - Denial of Service via Long Username and Password Parameters
TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534.
by YAG KOHHA
CVE-2007-2394 EXPLOITDB perl VERIFIED
Apple Quicktime - Remote Code Execution via SMIL File Integer Overflow
Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.
by Wolf
CVE-2007-3702 EXPLOITDB perl VERIFIED
Mail Machine 3.989 - Directory Traversal via Archives Parameter
Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action.
by H4 / XPK
CVE-2007-3519 EXPLOITDB perl VERIFIED
phpEventCalendar < 0.2.3 - SQL Injection via eventdisplay.php id Parameter
SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Iron
EIP-2026-113498 EXPLOITDB perl VERIFIED
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload
by Alexander Concha
CVE-2007-3398 EXPLOITDB perl VERIFIED
LiteWEB 2.7 - Denial of Service via Nonexistent Page Requests
LiteWEB 2.7 allows remote attackers to cause a denial of service (hang) via a large number of requests for nonexistent pages.
by Prili
CVE-2007-3371 EXPLOITDB perl VERIFIED
Powl 0.94 - Remote File Inclusion via _POWL[installPath] Parameter
PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter.
by Kw3[R]Ln
EIP-2026-103847 EXPLOITDB perl VERIFIED
Apache mod_jk 1.2.19/1.2.20 - Remote Buffer Overflow
by eliteboy
CVE-2007-3340 EXPLOITDB perl VERIFIED
BugHunter HTTP SERVER 1.6.2 - Denial of Service via Nonexistent Page Requests
BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages.
by Prili
CVE-2007-3358 EXPLOITDB perl VERIFIED
SerWeb < 0.9.6 - Remote File Inclusion via _SERWEB[serwebdir] Parameter
PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter.
by Kw3[R]Ln
CVE-2007-3292 EXPLOITDB perl VERIFIED
LiveCMS <= 3.4 - Unauthenticated Arbitrary File Upload via Article Image Parameter
Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article.
by g00ns
CVE-2007-3291 EXPLOITDB perl VERIFIED
LiveCMS <= 3.4 - Cross-Site Scripting via Article Name Parameter
Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php.
by g00ns
CVE-2007-3290 EXPLOITDB perl VERIFIED
LiveCMS <= 3.4 - SQL Injection via Categoria.php cid Parameter
categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message.
by g00ns
CVE-2007-3293 EXPLOITDB perl VERIFIED
LiveCMS <= 3.4 - SQL Injection via Categoria.php cid Parameter
SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by g00ns
CVE-2007-3325 EXPLOITDB perl VERIFIED
LAN Management System < 1.6.9 - Remote File Inclusion via _LIB_DIR Parameter
PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.
by Kw3[R]Ln
CVE-2007-3234 EXPLOITDB perl VERIFIED
Fuzzylime Forum 1.0 - SQL Injection via Topic Parameter
SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
by Silentz
CVE-2007-3235 EXPLOITDB perl VERIFIED
Fuzzylime Forum 1.0 - Cross-Site Scripting via Topic Parameter
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection.
by Silentz
By Source
All 2,849 Writeup 62,282 Exploitdb 50,076 Nomisec 22,409 Github 3,626 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25