Perl Exploits
2,854 exploits tracked across all sources.
OWL Intranet Engine 0.82 - RCE
PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.
by rgod
Cilem Haber - SQL Injection
SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name.
by nukedx
D2-Shoutbox 4.2 - SQL Injection
SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB).
by SkOd
Dxmsoft XM Easy Personal FTP Server - Buffer Overflow
Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command.
by luka.research
Fantastic News 2.1.2 - 'script_path' Remote Code Execution
by uid0
Mybulletinboard - SQL Injection
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected.
by Devil-00
phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (2)
by cijfer
Datenbank Module < 2.7 - SQL Injection
SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.
by nukedx
Vubb - SQL Injection
SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie.
by KingOfSka
phpRPC <0.7 - Code Injection
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.
by LorD
Limbo CMS <1.0.4.2-1.0.4.1 - RCE
The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.
by str0ke
Mac OS X <10.3.9, <10.4.5 - Privilege Escalation
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.
by vade79
Farsinews - Path Traversal
Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.
by Hessam-x
Freebsd - Denial of Service
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.
by Evgeny Legerov
ArGoSoft FTP Server 1.4.3.5 - Remote Buffer Overflow (PoC)
by Jerome Athias
Saphplesson - SQL Injection
SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.
by SnIpEr_SA
Pwsphp - SQL Injection
SQL injection vulnerability in the sondages module in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by papipsycho
Igenus Webmail - Code Injection
config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter.
by rgod
G2soft Pentacle In-out Board - SQL Injection
Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.
by nukedx
Phpwebsite - SQL Injection
SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
by SnIpEr_SA
Microsoft WMP <10 - RCE
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
by Matthew Murphy
Admbook <1.2.2 - Code Injection
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php.
by rgod
Mini-nuke Cms < 1.8.2 - SQL Injection
SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well.
by nukedx
By Source