Perl Exploits
2,849 exploits tracked across all sources.
Zabbix - Format String Vulnerability via Log Functions
Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.
by Max Vozeler
PHP Poll Creator 1.04 - Remote File Inclusion via relativer_pfad Parameter
PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ThE-WoLf-KsA
PHP Polling Creator 1.03 - 'functions.inc.php' Remote File Inclusion
by ThE-WoLf-KsA
Ciamos CMS < 0.9.6b - Remote File Inclusion via module_cache_path Parameter
PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter.
by Kacper
Cahier de texte 2.0 - SQL Injection via matiere_ID or classe_ID Parameter
Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php.
by s4mi
eXtremail <= 1.1.9 - Format String Vulnerability via SMTP and POP3 Commands
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
by mu-b
Sergey Lyubka Simple HTTPD <1.34 - RCE
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
by SkOd
JAF CMS 4.0 RC1 - Remote File Inclusion via Forum Website Parameter
PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.
by Kacper
Dan Jensen Travelsized CMS <0.4 - RCE
PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen Travelsized CMS 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.
by Kacper
Klinza Professional CMS <5.0.1 - RCE
PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php in klinza professional cms 5.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appl[APPL] parameter.
by Kacper
jaf_cms 4.0 RC2 - Remote Code Execution via URL Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127.
by Kacper
Motorola SURFboard SB4200 - Denial of Service via SecretProc Secret Parameter
The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows remote attackers to cause a denial of service (device crash) via a request with MfcISAPICommand set to SecretProc and a long string in the Secret parameter.
by Dave Gil
cPanel <10.9.0 - Privilege Escalation
Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
by Clint Torrez
CVSS 8.8
Mac OS X 10.4-10.4.7 - Local Privilege Escalation via Mach Exception Port Manipulation
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.
by Kevin Finisterre
Microsoft IE - Code Injection
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
by YAG KOHHA
CVSS 8.8
Buzlas 2006-1 Full - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Buzlas 2006-1 Full allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
OpenSSL 0.9.7-0.9.7k and 0.9.8-0.9.8c - Denial of Service via Null Pointer Dereference in SSLv2 Client
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
by Noam Rathaus
pixel_motion_blog 2.1.1 - Unauthenticated Admin Credential Change via insere_base.php
Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not.
by DarkFig
Microsoft Outlook & IE 6.0 - Buffer Overflow
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
by Trirat Puttaraksa
bbsnew 2.0.1 - Remote File Inclusion via admin/index2.php right Parameter
PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the "right" parameter.
by Root3r_H3ll
OpenConcept Back-End 0.4.5 - Remote File Inclusion via includes_path Parameter
Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php.
by Root3r_H3ll
spidey_blog_script < 1.5 - SQL Injection via pid Parameter
SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by gega
Microsoft Internet Explorer (Windows XP SP1) - 'VML' Remote Buffer Overflow
by Trirat Puttaraksa
ProgSys < 0.151 - Remote Code Execution via phpdns_basedir Parameter
PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.
by Kacper
AlstraSoft E-friends 4.85 - Path Traversal
Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file.
by Kw3[R]Ln
By Source