Perl Exploits
2,849 exploits tracked across all sources.
deluxebb < 1.07 - SQL Injection via cp.php xmsn Parameter
SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter.
by Hessam-x
XM Easy Personal FTP Server 5.0.1 - DoS
Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. NOTE: this issue might be related to CVE-2006-2226.
by Jerome Athias
MailEnable Standard <1.92-Enterprise <2.0 - DoS
The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument.
by db0
Vincent-Leclercq News 5.2 - 'Diver.php' SQL Injection
by DarkFig
DataLife Engine <4.1 - SQL Injection
SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.
by RusH
Microsoft Hyperlink Object Library - Buffer Overflow
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.
by kingcope
FlashBB < 1.1.5 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.
by h4ntu
PicoZip 4.01 - Stack-Based Buffer Overflow via Long Filename in Archive
Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive.
by c0rrupt
Microsoft Exchange Server 2000 - XSS
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
by Daniel Fabian
MyBulletinBoard 1.1.2 - Remote Code Execution via Username Field Preg Replace
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.
by Javier Olascoaga
Guestex Guestbook 1.00 - 'email' Remote Code Execution
by K-sPecial
Qbik WinGate 6.1.1.1077 - Buffer Overflow
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
by kingcope
dmx_forum 2.1a - Information Disclosure via Direct Request to pops/edit.php
Dmx Forum 2.1a allows remote attackers to obtain username and password information via a direct request to pops/edit.php with a modified membre parameter.
by DarkFig
SCart 2.0 - Remote Command Execution via scart.cgi page parameter
scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action.
by K-159
tinyphpforum < 3.6 - Directory Traversal and Arbitrary File Execution via Profile UName Parameter
Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.
by Hessam-x
MDaemon - Remote Code Execution via Long A0001 Argument
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote).
by kcope
Fusion News 1.0 - Directory Traversal and Arbitrary File Inclusion via fil_config Parameter
Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, which can be used to execute PHP code that has been injected into a log file.
by X0r_1
4r_linklist < 1.0_rc2 - SQL Injection via Cat Parameter
SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by 666
phpListPro < 2.0.1 - Remote File Inclusion via Language Cookie
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie.
by [Oo]
RadScripts RadLance Gold 7.0 - Directory Traversal via popup.php read Parameter
Directory traversal vulnerability in popup.php in RadScripts RadLance Gold 7.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter.
by Mr.CrackerZ
DeluxeBB 1.06 - SQL Injection via Name Parameter
SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter.
by KingOfSka
By Source