Perl Exploits

2,854 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118798 EXPLOITDB perl VERIFIED
Microsoft Internet Explorer (Windows XP SP1) - 'VML' Remote Buffer Overflow
by Trirat Puttaraksa
CVE-2006-4944 EXPLOITDB perl VERIFIED
ProgSys <0.151 - RCE
PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.
by Kacper
CVE-2006-4913 EXPLOITDB perl VERIFIED
AlstraSoft E-friends 4.85 - Path Traversal
Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file.
by Kw3[R]Ln
CVE-2006-4612 EXPLOITDB perl VERIFIED
ZIXForum 1.12 - SQL Injection
SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter.
by SlimTim10
CVE-2006-4978 EXPLOITDB perl VERIFIED
Walter Beschmout PhpQuiz <1.2 - SQL Injection
Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.
by simo64
CVE-2006-4977 EXPLOITDB perl VERIFIED
Walter Beschmout PhpQuiz <1.2 - Unrestricted File Upload
Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter.
by simo64
CVE-2006-4979 EXPLOITDB perl VERIFIED
Walter Beschmout PhpQuiz <1.2 - Code Injection
Direct static code injection vulnerability in cfgphpquiz/install.php in Walter Beschmout PhpQuiz 1.2 and earlier allows remote attackers to inject arbitrary PHP code in config.inc.php via modified configuration settings.
by simo64
CVE-2006-4920 EXPLOITDB perl VERIFIED
Site@School <2.4.02 - RCE
Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php.
by simo64
CVE-2006-4919 EXPLOITDB perl VERIFIED
Site@School <2.4.02 - Path Traversal
Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter.
by simo64
CVE-2006-4922 EXPLOITDB perl VERIFIED
Site@School <2.4.02 - RCE
Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions.
by simo64
CVE-2006-4832 EXPLOITDB perl VERIFIED
Verso NetPerformer FRAD ACT - Buffer Overflow
Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username.
by Arif Jatmoko
CVE-2006-1255 EXPLOITDB perl VERIFIED
Mercur Messaging 5.0 SP3 - Buffer Overflow
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177.
by Jacopo Cervini
EIP-2026-110959 EXPLOITDB perl VERIFIED
phpBB 2.0.21 - Poison Null Byte Remote File Upload
by ShAnKaR
CVE-2006-7069 EXPLOITDB perl VERIFIED
Socketwiz Bookmarks <2.0 - RCE
PHP remote file inclusion vulnerability in smarty_config.php in Socketwiz Bookmarks 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the root_dir parameter.
by Kacper
EIP-2026-115472 EXPLOITDB perl VERIFIED
J. River Media Center 11.0.309 - Remote Denial of Service (PoC)
by n00b
CVE-2006-4632 EXPLOITDB perl VERIFIED
SoftBB 0.1 - SQL Injection
Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php.
by DarkFig
CVE-2006-4631 EXPLOITDB perl VERIFIED
SoftBB 0.1 - Code Injection
Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.
by DarkFig
CVE-2006-4585 EXPLOITDB perl VERIFIED
TR Forum - SQL Injection
SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
by DarkFig
CVE-2006-4584 EXPLOITDB perl VERIFIED
Tr Forum 2.0 - Auth Bypass
Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.
by DarkFig
CVE-2006-4586 EXPLOITDB perl VERIFIED
Tr Forum 2.0 - Privilege Escalation
The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
by DarkFig
CVE-2006-4633 EXPLOITDB perl VERIFIED
SoftBB 0.1 - Info Disclosure
index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter.
by DarkFig
CVE-2006-4601 EXPLOITDB perl VERIFIED
Annuaire 1two - SQL Injection
SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by DarkFig
CVE-2006-4531 EXPLOITDB perl VERIFIED
Pheap CMS <1.1 - RCE
PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter.
by Kacper
CVE-2006-4604 EXPLOITDB perl VERIFIED
Lanifex DMO <2.3 Beta - RCE
PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter.
by Kacper
CVE-2006-4426 EXPLOITDB perl VERIFIED
AlberT-EasySite <1.0a5 - RCE
PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.
by Kacper
By Source
All 2,854 Exploitdb 50,121 Writeup 46,832 Nomisec 21,205 Metasploit 3,189 Github 2,268 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,746 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24