Perl Exploits
2,854 exploits tracked across all sources.
PHP-Update <2.7 - RCE
Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
by undefined1_
PWP Technologies The Classified Ad System - SQL Injection
Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine.
by ajann
MTCMS <2.0 - RCE
PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.
by nuffsaid
Fishyshoop 0.930 beta - RCE
pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the is_admin HTTP POST parameter to 1.
by James Gray
Ciberia Content Federator 1.0 - RCE
PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information.
by DeltahackingTEAM
Ultimate PHP Board <2.0b1 - Code Injection
Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.
by nuffsaid
Pagetool 1.07 - RCE
Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter.
by g00ns
Newsletter MX <1.0.2 - SQL Injection
SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
Mxmania FUM <1.0.6 - SQL Injection
SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
acFTP 1.5 - DoS
acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command.
by gbr
Enthrallweb ePages - SQL Injection
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
by ajann
Enthrallweb eMates 1.0 - SQL Injection
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
Enthrallweb eJobs - SQL Injection
SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
Ixprim 1.2 - Info Disclosure
Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message.
by DarkFig
Http Explorer 1.02 - Path Traversal
Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI.
by str0ke
Ixprim 1.2 - Info Disclosure
The code function in install.fct.php in Ixprim 1.2 produces a guessable value of the confidential IXP_CODE in mainfile.php, which might allow remote attackers to gain access to the administration panel via a brute force attack.
by DarkFig
cwmCounter <5.1.1 - Code Injection
PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by bd0rk
GNU Wget 1.10.2 - DoS
The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
by Federico L. Bossi Bonin
GNU InetUtils ftpd 1.4.2 - 'ld.so.preload' Remote Code Execution
by kingcope
Brian Drawert Yaplap <0.6-0.6.1 - RCE
PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Yet Another PHP LDAP Admin Project (yaplap) 0.6 and 0.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the LOGIN_style parameter.
by DeltahackingTEAM
Work System eCommerce 3.0.3/3.0.4 - 'forum.php' Remote File Inclusion
by the_Edit0r
NewsSuite 1.03 - RCE
PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
by 3l3ctric-Cracker
mxBB 0.92 - RCE
PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
by 3l3ctric-Cracker
TorrentFlux <2.2 - Path Traversal
Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328.
by r0ut3r
TorrentFlux 2.2 - Command Injection
maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.
by r0ut3r
By Source