Perl Exploits

2,849 exploits tracked across all sources.

Sort: Activity Stars
CVE-2006-4367 EXPLOITDB perl VERIFIED
All Topics Hack < 1.5.0 - SQL Injection via Start Parameter
SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter.
by SpiderZ
CVE-2006-4369 EXPLOITDB perl VERIFIED
IntegraMOD Portal 2.x and earlier - Absolute Path Traversal via phpbb_root_path Parameter
Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter.
by nukedx
CVE-2006-4364 EXPLOITDB perl VERIFIED
MDaemon < 9.0.6 - Heap-Based Buffer Overflow via Long USER or APOP Command
Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands.
by Leon Juranic
EIP-2026-103563 EXPLOITDB perl VERIFIED
Mozilla Firefox 1.5.0.6 - FTP Request Remote Denial of Service
by Tomas Kempinsky
CVE-2006-4300 EXPLOITDB perl VERIFIED
SimpleBlog < 2.0 - SQL Injection via comments.asp id Parameter
SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ASIANEAGLE
CVE-2006-4310 EXPLOITDB perl VERIFIED
Firefox 1.5.0.6 - Denial of Service via Crafted FTP Response
Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.
by anonymous
CVE-2006-7210 EXPLOITDB perl VERIFIED
Microsoft Windows 2000, XP, and Server 2003 - Denial of Service via Crafted PNG IHDR Block
Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
by Preddy
CVE-2006-4240 EXPLOITDB perl VERIFIED
Fusion News 3.7 - Remote File Inclusion via fpath Parameter
PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
by O.U.T.L.A.W
CVE-2006-4210 EXPLOITDB perl VERIFIED
phpay 2.02-2.02.1 - Open Mail Relay via Modified Mail Parameters
nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these details are obtained from third party information.
by beford
CVE-2006-2502 EXPLOITDB perl VERIFIED
Cyrus IMAPD 2.3.2 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
by K-sPecial
EIP-2026-111893 EXPLOITDB perl VERIFIED
SAPID CMS 1.2.3_rc3 - 'rootpath' Remote Code Execution
by simo64
CVE-2006-4114 EXPLOITDB perl VERIFIED
phpmyring < 4.2 - SQL Injection via idsite Parameter
SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMyRing 4.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idsite parameter.
by simo64
CVE-2006-4455 EXPLOITDB perl VERIFIED
xchat < 2.6.7 - Denial of Service via PRIVMSG Command
Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version"
by Elo
CVE-2006-3819 EXPLOITDB perl VERIFIED
TWiki 4.0.0-4.0.4 - Remote Code Execution via Configure Script TYPEOF Parameter
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".
by Javier Olascoaga
CVE-2005-0716 EXPLOITDB perl VERIFIED
Mac OS X 10.3.5-10.3.6 - Local Buffer Overflow via CF_CHARSET_PATH Environment Variable
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.
by Kevin Finisterre
EIP-2026-104584 EXPLOITDB perl VERIFIED
Apple Mac OSX 10.4.7 (x86) - 'fetchmail' Local Privilege Escalation
by Kevin Finisterre
EIP-2026-104583 EXPLOITDB perl VERIFIED
Apple Mac OSX 10.4.7 (PPC) - 'fetchmail' Local Privilege Escalation
by Kevin Finisterre
CVE-2006-4000 EXPLOITDB perl VERIFIED
Barracuda Spam Firewall 3.3.01.001-3.3.03.053 Directory Traversal via cgi-bin/preview_email.cgi
Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
by Greg Sinclair
EIP-2026-115827 EXPLOITDB perl VERIFIED
Microsoft Windows XP/2000/2003 - Graphical Device Interface Plus Library Denial of Service
by Mr. Niega
CVE-2006-3838 EXPLOITDB perl VERIFIED
eIQnetworks Enterprise Security Analyzer < 2.4.0 - Remote Code Execution via Multiple Buffer Overflows
Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe).
by Kevin Finisterre
EIP-2026-118509 EXPLOITDB perl VERIFIED
eIQnetworks ESA - Syslog Server Remote Buffer Overflow
by Kevin Finisterre
EIP-2026-118244 EXPLOITDB perl VERIFIED
AIM Triton 1.0.4 - 'SipXtapi' Remote Buffer Overflow
by c0rrupt
EIP-2026-119145 EXPLOITDB perl VERIFIED
SIPfoundry sipXtapi - 'CSeq' Remote Buffer Overflow
by Jacopo Cervini
EIP-2026-118542 EXPLOITDB perl VERIFIED
FileCOPA FTP Server 1.01 - 'LIST' Remote Buffer Overflow (1)
by Jacopo Cervini
CVE-2006-5162 EXPLOITDB perl VERIFIED
Microsoft Internet Explorer <6.0 SP2 - DoS
wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow.
by Firestorm
By Source
All 2,849 Writeup 62,320 Exploitdb 50,076 Nomisec 22,421 Github 3,644 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,581 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 132 go 73 postscript 25 typescript 25