Perl Exploits

2,849 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-1807 EXPLOITDB perl VERIFIED
myAlbum-P < 2.0 - SQL Injection via cid Parameter
SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ajann
CVE-2007-1810 EXPLOITDB perl VERIFIED
Kshop < 1.17 - SQL Injection via product_details.php id Parameter
SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ajann
CVE-2007-1813 EXPLOITDB perl VERIFIED
eCal 2.24 and earlier - SQL Injection via katid Parameter
SQL injection vulnerability in display.php in the eCal 2.24 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the katid parameter.
by ajann
CVE-2007-1808 EXPLOITDB perl VERIFIED
Camportail < 1.1 - SQL Injection via show.php camid Parameter
SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action.
by ajann
CVE-2007-1816 EXPLOITDB perl VERIFIED
Tutoriais module for Xoops - SQL Injection via cid Parameter
SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ajann
CVE-2007-1815 EXPLOITDB perl VERIFIED
Xoops Library Module - SQL Injection via viewcat.php cid Parameter
SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ajann
CVE-2007-1814 EXPLOITDB perl VERIFIED
Xoops Core Module - SQL Injection via viewcat.php cid Parameter
SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377.
by ajann
CVE-2007-1845 EXPLOITDB perl VERIFIED
PHP-Fusion Expanded Calendar Module 2.00 - SQL Injection via m_month Parameter
SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter.
by UNIQUE-KEY
CVE-2007-1847 EXPLOITDB perl VERIFIED
Xoops Repository Module - SQL Injection via viewcat.php cid Parameter
SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ajann
CVE-2007-1846 EXPLOITDB perl VERIFIED
Xoops MyAds Module < 2.04 - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341.
by ajann
CVE-2007-1801 EXPLOITDB perl VERIFIED
sBLOG 0.7.3 Beta - Directory Traversal and Remote Code Execution via conf_lang_default Parameter
Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
by GoLd_M
CVE-2007-1838 EXPLOITDB perl VERIFIED
Xoops Friendfinder Module < 3.3 - SQL Injection via id Parameter
SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ajann
CVE-2007-3311 EXPLOITDB perl VERIFIED
Xoops Articles Module < 1.02 - SQL Injection via print.php id Parameter
SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ajann
CVE-2007-3311 EXPLOITDB perl VERIFIED
Xoops Articles Module < 1.02 - SQL Injection via print.php id Parameter
SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
by WiLdBoY
EIP-2026-104025 EXPLOITDB perl VERIFIED
Oracle 10g KUPM$MCP.MAIN - SQL Injection (2)
by bunker
EIP-2026-104023 EXPLOITDB perl VERIFIED
Oracle 10g - KUPM$MCP.MAIN SQL Injection
by bunker
CVE-2007-1725 EXPLOITDB perl VERIFIED
IceBB 1.0-rc5 - Authenticated SQL Injection via Avatar Upload Filename
SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges.
by Hessam-x
CVE-2007-1720 EXPLOITDB perl VERIFIED
Addressbook 1.2 - Directory Traversal and Arbitrary File Execution via module_name Parameter
Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
by bd0rk
CVE-2007-1725 EXPLOITDB perl VERIFIED
IceBB 1.0-rc5 - Authenticated SQL Injection via Avatar Upload Filename
SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges.
by Hessam-x
CVE-2007-1726 EXPLOITDB perl VERIFIED
IceBB 1.0-rc5 - Authenticated Arbitrary File Upload via Avatar Function
Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/.
by Hessam-x
EIP-2026-110519 EXPLOITDB perl VERIFIED
PBlang 4.66z - Remote Create Admin
by Hessam-x
EIP-2026-110518 EXPLOITDB perl VERIFIED
PBlang 4.66z - Remote Code Execution
by Hessam-x
CVE-2007-1702 EXPLOITDB perl VERIFIED
Mambo Flatmenu < 1.7 - Remote File Inclusion via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Cold Zero
CVE-2007-1561 EXPLOITDB perl VERIFIED
Asterisk < 1.2.17 and 1.4.x < 1.4.2 - Denial of Service via SIP INVITE with Malformed SDP
The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
by MADYNES
CVE-2004-1211 EXPLOITDB perl VERIFIED
Mercury/32 4.01a - Authenticated Buffer Overflow via IMAP Command Arguments
Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.
by Jacopo Cervini
By Source
All 2,849 Writeup 62,282 Exploitdb 50,076 Nomisec 22,409 Github 3,626 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25