Perl Exploits
2,849 exploits tracked across all sources.
ezaspsite < 2.0_rc3 - SQL Injection via Default.asp Scheme Parameter
SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter.
by nukedx
Tru64 UNIX 5.0 (Rev. 910) - rdist NLSPATH Buffer Overflow
by Kevin Finisterre
Tru64 UNIX 5.0 (Rev. 910) - edauth NLSPATH Buffer Overflow
by Kevin Finisterre
GreyMatter WebLog 1.21d - Remote Command Execution (2)
by Hessam-x
RealNetworks RealPlayer RealOne Player Rhapsody and Helix Player - Buffer Overflow via Crafted SWF File
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
by Federico L. Bossi Bonin
Aztek Forum 4.0 - 'myadmin.php' User Privilege Escalation
by Sparah
TFT Gallery 0.10 - Unauthenticated Sensitive Information Exposure via Direct Request
TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd.
by undefined1_
php_ticket 0.71 - Authenticated SQL Injection via search.php frm_search_in Parameter
SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.
by undefined1_
RealNetworks RealPlayer RealOne Player Rhapsody and Helix Player - Buffer Overflow via Crafted SWF File
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
by Federico L. Bossi Bonin
ASPPortal <= 3.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.
by nukedx
ShoutLIVE 1.1.0 - Remote Code Execution via settings.php Variable Injection
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php.
by DarkFig
BetaParticle Blog <=6.0 - SQL Injection
Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp.
by nukedx
KnowledgebasePublisher 1.2 - Remote File Inclusion via PageController.php dir Parameter
PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter.
by uid0
Simple PHP Blog <0.4.7.1 - Path Traversal
Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
by rgod
Mac OS X 10.4-10.4.5 - Remote Code Execution via Long Real Name in AppleDouble Email Attachment
Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment.
by Kevin Finisterre
Ubuntu Linux 5.10 - Unprotected Password Exposure via Installer Log File
The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.
by Kristian Hermansen
Guestbook Script 1.7 - 'include_files' Remote Code Execution
by rgod
Matt Johnston Dropbear SSH server <0.47 - DoS
Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30.
by str0ke
UnrealIRCd 3.2.3 - Denial of Service via Malformed TKL Q:Line Commands
UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denial of service by causing a linked server to send malformed TKL Q:Line commands, as demonstrated by "TKL - q\x08Q *\x08PoC."
by Brandon Milner
Light Weight Calendar (LWC) 1.0 - Code Injection
Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php.
by Hessam-x
d2kblog 1.0.3 - SQL Injection via memName Cookie Parameter
SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie.
by DevilBox
RevilloC MailServer and Proxy <1.21 - RCE
Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote attackers to execute arbitrary code via a long USER command.
by securma massine
OWL Intranet Engine 0.82 - Remote File Inclusion via xrms_file_root Parameter
PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.
by rgod
Cilem Hiber 1.1 - SQL Injection via haber_id Parameter
SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name.
by nukedx
d2-shoutbox 4.2 - SQL Injection via Load Parameter
SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB).
by SkOd
By Source