Perl Exploits
2,854 exploits tracked across all sources.
Progress Software Progress <9.1e - DoS
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
by Eelko Neven
Linksys Spa941 - Denial of Service
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
by MADYNES
Linksys Spa941 - Denial of Service
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
by MADYNES
Mybulletinboard < 1.2.5 - SQL Injection
SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.
by 0x86
Winamp 5.33 - '.avi' Remote Denial of Service
by DeltahackingTEAM
Mybb - SQL Injection
Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by 0x86
Foxit Pdf Reader - Denial of Service
Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
by n00b
Nullsoft Winamp - Buffer Overflow
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
by WiLdBoY
MiniGal b13 - Code Injection
The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information.
by Dj7xpl
MiniGal b13 - Code Injection
The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Dj7xpl
Joomla! Be2004-2 - RCE
PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Cold Zero
Web Service Deluxe News Manager 1.0.1 Deluxe - 'footer.php' Local File Inclusion
by BeyazKurt
News Manager Deluxe - Path Traversal
Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
by BeyazKurt
MyBulletinBoard (MyBB) 1.2.2 - 'CLIENT-IP' SQL Injection
by Elekt
Shotcast 1.0 RC2 - RCE
PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
by bd0rk
e107 0.7.8 - 'mailout.php' (Authenticated) Access Escalation
by Gammarays
Ecardmax.com Hot Editor - Path Traversal
Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.
by Liz0ziM
Php-nuke Eboard Module - Path Traversal
Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter.
by bd0rk
Wserve HTTP Server <4.6 - Buffer Overflow
Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI.
by WiLdBoY
John Mordo Jobs <2.4 - SQL Injection
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings.
by ajann
HP Mercury Quality Center - Memory Corruption
Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.
by ri0t
Xoops Rha7 Downloads Module - SQL Injection
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
by ajann
Cyboards PHP Lite 1.21 - RCE
PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871.
by bd0rk
Wordpress < 2.1.2 - SQL Injection
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
by Sumit Siddharth
HP Mercury Quality Center <9.1.0.4352 - SQL Injection
qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.
by Isma Khan
By Source