Perl Exploits
2,849 exploits tracked across all sources.
Symantec Enterprise Firewall 8.0 / Gateway Security 2.0.1-3.0 - Internal IP Address Exposure
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.
by Bernhard Mueller
Claroline 1.7.5 - Remote File Inclusion via clarolineRepositorySys or claro_CasLibPath Parameter
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php.
by beford
Dokeos 1.6.4 - RCE
PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
by beford
Claroline 1.7.5 - Remote File Inclusion via Multiple Parameters
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, and (l) inc/lib/event/init_event_manager.inc.php; and (3) rootSys parameter in (m) inc/lib/export_exe_tracking.class.php, a different set of vectors than CVE-2006-2284.
by beford
Jetbox CMS 2.1 - Remote File Inclusion via relative_script_path Parameter
PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter.
by beford
Tiny FTPd <= 1.4 - Denial of Service via Long USER Command
Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133.
by [Oo]
HiveMail <= 1.3 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled.
by [Oo]
Statit 4 (060207) - Remote File Inclusion via statitpath Parameter
PHP remote file inclusion vulnerability in visible_count_inc.php in Statit 4 (060207) allows remote attackers to execute arbitrary PHP code via a URL in the statitpath parameter.
by IGNOR3
acFTP 1.4 - Denial of Service via Long USER Command String
acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command.
by Preddy
phpbb-auction - Remote Code Execution via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by webDEViL
zawhttpd 0.8.23 - Denial of Service via Backslash URI Request
Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) characters.
by Kamil Sienicki
Golden FTP Server Pro 2.70 - Buffer Overflow via NLST or APPE Command
Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer.
by Jerome Athias
albinator <= 2.0.8 - Remote File Inclusion via Config_rootdir Parameter
Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter.
by webDEViL
FtrainSoft Fast Click <= 2.3.8 - Remote File Inclusion via Path Parameter
PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php.
by R@1D3N
Invision Power Board < 2.1.4 - SQL Injection via Private Message From Contact Field
SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).
by Ykstortion Security
Aardvark Topsites PHP <= 4.2.2 - Remote File Inclusion via CONFIG[path] Parameter
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.
by cijfer
Invision Power Board 2.1.5 - 'search.php' Remote Code Execution
by Javier Olascoaga
phpBB Advanced Guestbook <2.4.0 - RCE
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
by n0m3rcy
phpBB TopList < 1.3.8 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
by FOX_MULDER
bl4 smtp_server < 0.1.4 - Buffer Overflow via Long EHLO/MAIL FROM/RCPT TO Arguments
Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3) RCPT TO commands.
by Dedi Dwianto
Invision Power Board <2.1.x-2.0.x - RCE
action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.
by RusH
Oc 3121/3122 Printer - Denial of Service via Long Request
parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers to cause a denial of service (crash or reboot) via a long request, possibly triggering a buffer overflow.
by sh4d0wman
FlexBB 0.5.5 - SQL Injection via id Parameter
SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.
by Devil-00
MyGamingLadder 7.0 - Remote File Inclusion via stats.php dir[base] Parameter
PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter.
by nukedx
Symantec Scan Engine <5.1.0.7 - Privilege Escalation
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
by Marc Bevand
By Source