Perl Exploits

2,854 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-1567 EXPLOITDB perl VERIFIED
War FTP Daemon < 1.65 - Buffer Overflow
Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain.
by Umesh Wanve
CVE-2007-1518 EXPLOITDB perl VERIFIED
Woltlab Burning Board - SQL Injection
SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array.
by x666
CVE-2007-1516 EXPLOITDB perl VERIFIED
Cicoandcico CcMail 1.0 - RCE
PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter.
by Crackers_Child
CVE-2007-1524 EXPLOITDB perl VERIFIED
Zomplog - Path Traversal
Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
by Bl0od3r
EIP-2026-116401 EXPLOITDB perl VERIFIED
TFTP Server 1.3 - Remote Buffer Overflow (Denial of Service) (PoC)
by Umesh Wanve
CVE-2005-3952 EXPLOITDB perl VERIFIED
PHP Labs Top Auction - SQL Injection
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
by ajann
CVE-2007-1425 EXPLOITDB perl VERIFIED
Triexa Sonicmailer Pro < 3.2.3 - SQL Injection
SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action.
by ajann
CVE-2006-0164 EXPLOITDB perl VERIFIED
phgstats <0.5.1 - RCE
phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.
by bd0rk
CVE-2007-0217 EXPLOITDB perl VERIFIED
Microsoft Internet Explorer <6 - RCE
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
by Mathew Rowley
CVE-2007-1422 EXPLOITDB perl VERIFIED
Duyuru Scripti - SQL Injection
SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688.
by Cr@zy_King
CVE-2007-1404 EXPLOITDB perl VERIFIED
Prosysinfo Tftp Server Tftpdwin - Denial of Service
tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might be related to CVE-2006-4948.
by Umesh Wanve
CVE-2007-1397 EXPLOITDB perl VERIFIED
Fish - Buffer Overflow
Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.
by ilja van sprundel
CVE-2006-0476 EXPLOITDB perl VERIFIED
Nullsoft Winamp - Buffer Overflow
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
by Umesh Wanve
CVE-2007-1373 EXPLOITDB perl VERIFIED
Pmail Mercury Mail Transport System < 4.01b - Buffer Overflow
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
by mu-b
CVE-2007-1339 EXPLOITDB perl VERIFIED
Monitor-line Links Management < 1.0 - SQL Injection
SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter.
by ajann
CVE-2007-1340 EXPLOITDB perl VERIFIED
Weltennetz News-Letterman 1.1 - RCE
PHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter.
by bd0rk
CVE-2007-1295 EXPLOITDB perl VERIFIED
AJ Forum 1.0 - SQL Injection
SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.
by ajann
CVE-2007-1298 EXPLOITDB perl VERIFIED
AJ Auction 1.0 - SQL Injection
SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
by ajann
CVE-2007-1301 EXPLOITDB perl VERIFIED
Mailenable Enterprise - Buffer Overflow
Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423.
by mu-b
EIP-2026-113364 EXPLOITDB perl VERIFIED
webSPELL 4.01.02 - Multiple SQL Injections
by DNX
CVE-2006-6183 EXPLOITDB perl VERIFIED
3com 3ctftpsvc < 2.0.1 - Memory Corruption
Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command.
by Umesh Wanve
CVE-2007-1195 EXPLOITDB perl VERIFIED
XM Easy Personal FTP Server 5.3.0 - Buffer Overflow
Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.
by Umesh Wanve
CVE-2007-1227 EXPLOITDB perl VERIFIED
McAfee VirusScan for Mac <7.7 - Privilege Escalation
VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.
by Kevin Finisterre
CVE-2007-1224 EXPLOITDB perl VERIFIED
Grok Developments NetProxy 4.03 - CSRF
Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80).
by Craig Heffner
CVE-2007-1225 EXPLOITDB perl VERIFIED
Grok Developments NetProxy 4.03 - Info Disclosure
The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.
by Craig Heffner
By Source
All 2,854 Exploitdb 50,121 Writeup 46,830 Nomisec 21,202 Metasploit 3,189 Github 2,258 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,742 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24