Perl Exploits

2,849 exploits tracked across all sources.

Sort: Activity Stars
CVE-2006-6773 EXPLOITDB perl VERIFIED
Fishyshoop 0.930 beta - Unauthenticated Arbitrary Admin User Creation via is_admin Parameter
pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the is_admin HTTP POST parameter to 1.
by James Gray
CVE-2006-6774 EXPLOITDB perl VERIFIED
Ciberia Content Federator 1.0 - RCE
PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information.
by DeltahackingTEAM
CVE-2006-6790 EXPLOITDB perl VERIFIED
Ultimate PHP Board <2.0b1 - Code Injection
Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.
by nuffsaid
CVE-2006-6765 EXPLOITDB perl VERIFIED
pagetool < 1.07 - Remote Code Execution via File Inclusion in pt_upload.php
Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter.
by g00ns
CVE-2006-6787 EXPLOITDB perl VERIFIED
Newsletter MX <1.0.2 - SQL Injection
SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
CVE-2006-6813 EXPLOITDB perl VERIFIED
mxmania_file_upload_manager < 1.0.6 - SQL Injection via ID Parameter
SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
CVE-2006-6775 EXPLOITDB perl VERIFIED
acFTP 1.5 - Authenticated Denial of Service via REST or PBSZ Command
acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command.
by gbr
CVE-2006-6802 EXPLOITDB perl VERIFIED
Enthrallweb ePages - SQL Injection via Biz_ID Parameter
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
by ajann
CVE-2006-6806 EXPLOITDB perl VERIFIED
Enthrallweb eMates 1.0 - SQL Injection
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
CVE-2006-6805 EXPLOITDB perl VERIFIED
Enthrallweb eJobs - SQL Injection via Newsdetail ID Parameter
SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
CVE-2006-6755 EXPLOITDB perl VERIFIED
ixprim_cms 1.2 - Information Disclosure via FCKeditor Plugin Path Exposure
Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message.
by DarkFig
CVE-2006-6758 EXPLOITDB perl VERIFIED
Http Explorer 1.02 - Path Traversal
Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI.
by str0ke
CVE-2006-6756 EXPLOITDB perl VERIFIED
Ixprim CMS 1.2 - Unauthenticated Brute Force Attack via Guessable IXP_CODE
The code function in install.fct.php in Ixprim 1.2 produces a guessable value of the confidential IXP_CODE in mainfile.php, which might allow remote attackers to gain access to the administration panel via a brute force attack.
by DarkFig
CVE-2006-6738 EXPLOITDB perl VERIFIED
cwmcounter < 5.1.1 - Remote Code Execution via Path Parameter
PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by bd0rk
CVE-2006-6719 EXPLOITDB perl VERIFIED
GNU wget 1.10.2 - Denial of Service via FTP SYST Command
The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
by Federico L. Bossi Bonin
EIP-2026-103120 EXPLOITDB perl VERIFIED
GNU InetUtils ftpd 1.4.2 - 'ld.so.preload' Remote Code Execution
by kingcope
CVE-2006-6575 EXPLOITDB perl VERIFIED
Brian Drawert Yaplap <0.6-0.6.1 - RCE
PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Yet Another PHP LDAP Admin Project (yaplap) 0.6 and 0.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the LOGIN_style parameter.
by DeltahackingTEAM
EIP-2026-114364 EXPLOITDB perl VERIFIED
Work System eCommerce 3.0.3/3.0.4 - 'forum.php' Remote File Inclusion
by the_Edit0r
CVE-2006-6553 EXPLOITDB perl VERIFIED
mxbb_newssuite 1.03 - Remote File Inclusion via mx_root_path Parameter
PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
by 3l3ctric-Cracker
CVE-2006-6615 EXPLOITDB perl VERIFIED
mxBB Activity Games Module 0.92 - Remote File Inclusion via module_root_path Parameter
PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
by 3l3ctric-Cracker
CVE-2006-6598 EXPLOITDB perl VERIFIED
TorrentFlux < 2.2 and torrentflux-b4rt < 2.1-b4rt-972 - Authenticated Directory Traversal via Path Parameter
Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328.
by r0ut3r
CVE-2006-6599 EXPLOITDB perl VERIFIED
TorrentFlux 2.2 - Command Injection
maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.
by r0ut3r
CVE-2006-6604 EXPLOITDB perl VERIFIED
TorrentFlux 2.2 - Authenticated Directory Traversal via Alias Parameter
Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328.
by r0ut3r
CVE-2006-6542 EXPLOITDB perl VERIFIED
Fantastic News <2.1.4 - SQL Injection
SQL injection vulnerability in news.php in Fantastic News 2.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Bl0od3r
CVE-2006-6453 EXPLOITDB perl VERIFIED
J-OWAMP Web Interface 2.1 - Authenticated Remote File Inclusion via JOWAMP_ShowPage.php Link Parameter
PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter.
by 3l3ctric-Cracker
By Source
All 2,849 Writeup 62,313 Exploitdb 50,076 Nomisec 22,418 Github 3,633 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,574 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25