Perl Exploits
2,849 exploits tracked across all sources.
Cisco Security Monitoring, Analysis and Response System <4.2.1 - Co...
Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root.
by Jon Hart
Cisco Security Monitoring, Analysis and Response System < 4.2.1 - Remote Code Execution via JMX-Console HtmlAdaptor
jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.
by Jon Hart
Invision Power Board 2.1-2.1.6 - SQL Injection via CLIENT_IP Parameter
SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.
by w4g.not null
Eskolar CMS 0.9.0.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) gr_1_id, (2) gr_2_id, (3) gr_3_id, and (4) doc_id parameters in (a) index.php; the (5) uid and (6) pwd parameters in (b) php/esa.php; and possibly other vectors related to files in php/lib/ including (c) del.php, (d) download_backup.php, (e) navig.php, (f) restore.php, (g) set_12.php, (h) set_14.php, and (i) upd_doc.php.
by Jacek Wlodarczyk
winlpd < 1.26 - Remote Code Execution via Long String to TCP Port 515
Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to execute arbitrary code via a long string in a request to TCP port 515.
by Pablo Isola
Usermin < 1.220 - Arbitrary File Read via Path Traversal with URL-Encoded Bypass
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
by UmZ
Invision Power Board 2.1-2.1.6 - SQL Injection via CLIENT_IP Parameter
SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.
by RusH
EJ3 TOPo 2.2 - 'descripcion' Remote Command Execution
by Hessam-x
SIPfoundry sipXtapi <20060324 - RCE
Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message.
by Michael Thumann
Microsoft Word 2000/2003 - Hlink Local Buffer Overflow
by SYS 49152
Ottoman CMS 1.1.3 - '?default_path=' Remote File Inclusion (2)
by Jacek Wlodarczyk
Microsoft Excel 2003 (Italian) - Hlink Local Buffer Overflow
by oveRet
LifeType 1.0.5 - SQL Injection via Date Parameter
SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op.
by Alejandro Ramos
ADA Image Server - Denial of Service via Long HTTP POST Request
Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attackers to cause a denial of service (daemon crash) via a long HTTP POST request. NOTE: this might be the same issue as CVE-2004-2463.
by n00b
Microsoft Excel - Universal Hlink Local Buffer Overflow
by SYS 49152
BXCP 0.3.0.4 - SQL Injection via 'where' Parameter in view Action
SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action.
by x23
SturGeoN Upload - Unauthenticated Arbitrary PHP Code Execution via File Upload
SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product.
by Jihad BENABRA
Apple Mac OSX 10.4.6 (PPC) - 'launchd' Local Format String
by Kevin Finisterre
MKPortal 1.0.1 - 'index.php' Directory Traversal
by rUnViRuS
Apple Mac OSX 10.4.6 (x86) - 'launchd' Local Format String
by Kevin Finisterre
Microsoft Excel 2003 - Hlink Stack Buffer Overflow (SEH)
by FistFuXXer
Scout Portal Toolkit <1.4.0 - SQL Injection
SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
by simo64
Apple Mac OS X 10.4-10.4.6 - Denial of Service via Invalid LDAP Request
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.
by Mu Security research
MyBulletinBoard (MyBB) 1.1.3 - 'usercp.php' Create Admin
by Hessam-x
DreamAccount 3.1 - Remote File Inclusion via Admin Index Path Parameter
PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by CrAsh_oVeR_rIdE
By Source