Perl Exploits

2,849 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-2211 EXPLOITDB perl VERIFIED
MyBulletinBoard < 1.2.5 - SQL Injection via Calendar Day Parameter
SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.
by 0x86
EIP-2026-116537 EXPLOITDB perl VERIFIED
Winamp 5.33 - '.avi' Remote Denial of Service
by DeltahackingTEAM
CVE-2007-2212 EXPLOITDB perl VERIFIED
MyBB <= 1.2.5 - SQL Injection via Calendar Year or Month Parameter
Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by 0x86
CVE-2007-2186 EXPLOITDB perl VERIFIED
Foxit Reader 2.0 - Denial of Service via Crafted PDF Document
Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
by n00b
CVE-2007-2180 EXPLOITDB perl VERIFIED
Nullsoft Winamp 5.3 - Denial of Service via Crafted WMV File
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
by WiLdBoY
CVE-2007-2145 EXPLOITDB perl VERIFIED
MiniGal b13 - Remote Code Execution via Image Comments Input Parameter
The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information.
by Dj7xpl
CVE-2007-2146 EXPLOITDB perl VERIFIED
MiniGal b13 - Remote Code Execution via Name or Email Parameter
The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Dj7xpl
CVE-2007-2143 EXPLOITDB perl VERIFIED
Joomla Be2004-2 Template - Remote File Inclusion via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Cold Zero
EIP-2026-113224 EXPLOITDB perl VERIFIED
Web Service Deluxe News Manager 1.0.1 Deluxe - 'footer.php' Local File Inclusion
by BeyazKurt
CVE-2007-2303 EXPLOITDB perl VERIFIED
News Manager Deluxe 1.0.1 - Remote File Inclusion via Template Parameter
Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
by BeyazKurt
EIP-2026-109753 EXPLOITDB perl VERIFIED
MyBulletinBoard (MyBB) 1.2.2 - 'CLIENT-IP' SQL Injection
by Elekt
CVE-2007-2313 EXPLOITDB perl VERIFIED
mx_shotcast 1.0 RC2 - Remote File Inclusion via mx_root_path Parameter
PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
by bd0rk
EIP-2026-106657 EXPLOITDB perl VERIFIED
e107 0.7.8 - 'mailout.php' (Authenticated) Access Escalation
by Gammarays
CVE-2007-1906 EXPLOITDB perl VERIFIED
eCardMAX HotEditor 4.0 - Local File Inclusion via richedit/keyboard.php Parameter
Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.
by Liz0ziM
CVE-2007-1934 EXPLOITDB perl VERIFIED
eBoard 1.0.7 module for PHP-Nuke - Directory Traversal via GLOBALS[name] Parameter
Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter.
by bd0rk
CVE-2007-2367 EXPLOITDB perl VERIFIED
Wserve HTTP Server <4.6 - Buffer Overflow
Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI.
by WiLdBoY
CVE-2007-2370 EXPLOITDB perl VERIFIED
John Mordo Jobs <2.4 - SQL Injection
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings.
by ajann
CVE-2007-1819 EXPLOITDB perl VERIFIED
HP Mercury Quality Center 9.0 - Stack-Based Buffer Overflow via SPIDERLib.Loader ActiveX ProgColor Property
Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.
by ri0t
CVE-2007-1960 EXPLOITDB perl VERIFIED
Rha7 Downloads Module for XOOPS - SQL Injection via visit.php lid Parameter
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
by ajann
CVE-2007-1983 EXPLOITDB perl VERIFIED
Cyboards PHP Lite 1.21 - Remote File Inclusion via script_path Parameter
PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871.
by bd0rk
CVE-2007-1897 EXPLOITDB perl VERIFIED
WordPress < 2.1.2 - Authenticated SQL Injection via XML-RPC mt.setPostCategories Method
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
by Sumit Siddharth
CVE-2007-1882 EXPLOITDB perl VERIFIED
HP Mercury Quality Center <9.1.0.4352 - SQL Injection
qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.
by Isma Khan
CVE-2007-1974 EXPLOITDB perl VERIFIED
Wf-sections < 1.07 - SQL Injection
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
by ajann
CVE-2007-1974 EXPLOITDB perl VERIFIED
Wf-sections < 1.07 - SQL Injection
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
by ajann
CVE-2007-1811 EXPLOITDB perl VERIFIED
chapi/tiny_event < 1.01 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
by ajann
By Source
All 2,849 Writeup 62,282 Exploitdb 50,076 Nomisec 22,409 Github 3,626 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25