Perl Exploits

2,854 exploits tracked across all sources.

Sort: Activity Stars
CVE-2006-5892 EXPLOITDB perl VERIFIED
THE NET Guys Aspired2poll < 1.0 - SQL Injection
SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ajann
EIP-2026-109028 EXPLOITDB perl VERIFIED
KnowledgeBuilder 2.2 - 'visEdit_Control.Class.php' Remote File Inclusion
by igi
CVE-2006-5852 EXPLOITDB perl VERIFIED
OpenBase SQL <10.0.1 - Privilege Escalation
Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.
by Kevin Finisterre
CVE-2006-5851 EXPLOITDB perl VERIFIED
Openbase - Symlink Following
openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.
by Kevin Finisterre
CVE-2006-5787 EXPLOITDB perl VERIFIED
IPrimal Forums <20061105 - Auth Bypass
admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php.
by Bl0od3r
CVE-2006-5802 EXPLOITDB perl VERIFIED
THE WEB Drivers Simple Forum - SQL Injection
SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Bl0od3r
CVE-2006-5828 EXPLOITDB perl VERIFIED
Deltascripts Php Classifieds - SQL Injection
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
by ajann
CVE-2006-5728 EXPLOITDB perl VERIFIED
Dxmsoft XM Easy Personal FTP Server - Resource Management Error
XM Easy Personal FTP Server 5.2.1 and earlier allows remote authenticated users to cause a denial of service via a long argument to the NLST command, possibly involving the -al flags.
by boecke
CVE-2006-5850 EXPLOITDB perl VERIFIED
Essentia Web Server - Buffer Overflow
Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information.
by CorryL
EIP-2026-111106 EXPLOITDB perl VERIFIED
PHPKIT 1.6.1R2 - 'search_user' SQL Injection
by x23
EIP-2026-111104 EXPLOITDB perl VERIFIED
PHPKit 1.6.1 - 'popup.php' SQL Injection
by x23
CVE-2006-5505 EXPLOITDB perl VERIFIED
PHP File Inclusion - RCE
Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
by Kw3[R]Ln
CVE-2006-5614 EXPLOITDB perl VERIFIED
Microsoft Windows NT Helper Components - Denial of Service
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
by x82
EIP-2026-118966 EXPLOITDB perl VERIFIED
Novell eDirectory 8.8 - NDS Server Remote Stack Overflow
by FistFuXXer
CVE-2006-7132 EXPLOITDB perl VERIFIED
Cynux Softwares Phpmydesk - Path Traversal
Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php.
by Kw3[R]Ln
CVE-2006-5588 EXPLOITDB perl VERIFIED
CMS Faethon 2.0 Ultimate - RCE
Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_globals and magic_quotes_gpc are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter to (1) includes/rss-reader.php or (2) admin/config.php, different vectors than CVE-2006-3185.
by r0ut3r
CVE-2006-5562 EXPLOITDB perl VERIFIED
SourceForge (alexandria) 1.0.4 - RCE
PHP remote file inclusion vulnerability in include/database.php in SourceForge (aka alexandria) 1.0.4 allows remote attackers to execute arbitrary PHP code via the sys_dbtype parameter.
by Kw3[R]Ln
CVE-2006-6635 EXPLOITDB perl VERIFIED
JumbaCMS 0.0.1 - RCE
PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter.
by Kw3[R]Ln
CVE-2006-5478 EXPLOITDB perl VERIFIED
Novell Edirectory - Memory Corruption
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.
by Manuel Santamarina Suarez
CVE-2006-5446 EXPLOITDB perl VERIFIED
Casinosoft Casino Script - SQL Injection
SQL injection vulnerability in lobby/config.php in Casinosoft Casino Script (aka Masvet) 3.2 allows remote attackers to execute arbitrary SQL commands via the cfam parameter.
by G1UK
CVE-2006-5436 EXPLOITDB perl VERIFIED
FreeFAQ 1.0.e - RCE
PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter.
by Alireza Ahari
CVE-2006-5555 EXPLOITDB perl VERIFIED
EPNadmin <0.7.1 - RCE
PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter.
by Kw3[R]Ln
CVE-2005-1181 EXPLOITDB perl VERIFIED
Ariadne CMS 2.4 - Code Injection
NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor has disputed this issue, saying that loader.php first requires the "ariadne.inc" file, which defines the $ariadne variable, and thus it cannot be modified by an attacker. In addition, CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4 as available on July 5, 2005
by Fidel Costa
CVE-2006-5444 EXPLOITDB perl VERIFIED
Digium Asterisk - Buffer Overflow
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
by Noam Rathaus
CVE-2006-5399 EXPLOITDB perl VERIFIED
Phprecipebook - Code Injection
PHP remote file inclusion vulnerability in classes/Import_MM.class.php in PHPRecipeBook 2.36, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the g_rb_basedir parameter.
by r0ut3r
By Source
All 2,854 Exploitdb 50,121 Writeup 46,831 Nomisec 21,202 Metasploit 3,189 Github 2,265 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,745 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24