Perl Exploits
2,854 exploits tracked across all sources.
Cuttlefish Leicestershire Communityportals < 1.0 - Code Injection
PHP remote file inclusion vulnerability in bug.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. NOTE: CVE disputes this issue, since bug.php is not in communityPortals source distributions
by Nima Salehi
Phpmyagenda < 3.1_beta_1 - Path Traversal
Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
by Nima Salehi
Docmint <2.0 - RCE
PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter.
by K-159
Zabbix <20061006 - RCE
Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.
by Max Vozeler
PHP Poll Creator 1.04 - RCE
PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ThE-WoLf-KsA
PHP Polling Creator 1.03 - 'functions.inc.php' Remote File Inclusion
by ThE-WoLf-KsA
Ciamos CMS <0.9.6b - RCE
PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter.
by Kacper
Cahier DE Textes - SQL Injection
Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php.
by s4mi
eXtremail <1.1.9 - RCE
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
by mu-b
Sergey Lyubka Simple HTTPD <1.34 - RCE
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
by SkOd
JAF CMS 4.0 RC1 - Code Injection
PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.
by Kacper
Dan Jensen Travelsized CMS <0.4 - RCE
PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen Travelsized CMS 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.
by Kacper
Klinza Professional CMS <5.0.1 - RCE
PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php in klinza professional cms 5.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appl[APPL] parameter.
by Kacper
JAF CMS 4.0 RC2 - RCE
Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127.
by Kacper
Motorola SURFboard SB4200 - DoS
The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows remote attackers to cause a denial of service (device crash) via a request with MfcISAPICommand set to SecretProc and a long string in the Secret parameter.
by Dave Gil
cPanel <10.9.0 - Privilege Escalation
Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
by Clint Torrez
CVSS 8.8
Mach kernel - Privilege Escalation
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.
by Kevin Finisterre
Microsoft IE - Code Injection
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
by YAG KOHHA
CVSS 8.8
Buzlas 2006-1 Full - RCE
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Buzlas 2006-1 Full allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
Openssl - NULL Pointer Dereference
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
by Noam Rathaus
Blog Pixel Motion 2.1.1 - RCE
Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not.
by DarkFig
Microsoft Outlook & IE 6.0 - Buffer Overflow
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
by Trirat Puttaraksa
bbsNew 2.0.1 - Code Injection
PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the "right" parameter.
by Root3r_H3ll
OpenConcept Back-End <0.4.5 - RCE
Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php.
by Root3r_H3ll
Spidey Blog Script < 1.5 - SQL Injection
SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by gega
By Source