Perl Exploits
2,849 exploits tracked across all sources.
XM Easy Personal FTP Server 4.2 and 5.0.1 - Authenticated Denial of Service via PORT Command Buffer Overflow
Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command.
by luka.research
Fantastic News 2.1.2 - 'script_path' Remote Code Execution
by uid0
MyBulletinBoard 1.03-1.04 - SQL Injection via Cookie Parameter
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected.
by Devil-00
phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (2)
by cijfer
Datenbank MOD < 2.7 for Woltlab Burning Board - SQL Injection via fileid Parameter
SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.
by nukedx
vuBB 0.2 - SQL Injection via Cookie Pass Parameter
SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie.
by KingOfSka
phpRPC <= 0.7 - Remote Code Execution via Base64 Tag in RPC Decoder
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.
by LorD
Limbo CMS 1.0.4.1-1.0.4.2 - Remote Code Execution via Itemid Parameter
The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.
by str0ke
Mac OS X <10.3.9, <10.4.5 - Privilege Escalation
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.
by vade79
FarsiNews 2.5 - Directory Traversal and Arbitrary File Read via Archive Parameter
Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.
by Hessam-x
FreeBSD 6.0 - Denial of Service via NFS Mount Request
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.
by Evgeny Legerov
ArGoSoft FTP Server 1.4.3.5 - Remote Buffer Overflow (PoC)
by Jerome Athias
Saphp Lesson - SQL Injection via ForumID Parameter
SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.
by SnIpEr_SA
PwsPHP 1.2.3 - SQL Injection via Sondages Module id Parameter
SQL injection vulnerability in the sondages module in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by papipsycho
iGENUS Webmail <= 2.02 - Remote File Inclusion via SG_HOME Parameter
config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter.
by rgod
Pentacle In-Out Board <= 3.0 - SQL Injection via newsid or password Parameter
Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.
by nukedx
phpWebSite <= 0.10.2 - SQL Injection via Topic Parameter
SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
by SnIpEr_SA
Windows Media Player 9-10 - Remote Code Execution via Long EMBED src Attribute
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
by Matthew Murphy
devscripts admbook < 1.2.2 - Remote Code Execution via X-Forwarded-For Header Injection
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php.
by rgod
Mini-Nuke CMS < 1.8.2 - SQL Injection via pages.asp id Parameter
SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well.
by nukedx
Gravity Board X <1.1 - Code Injection
Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file.
by RusH
YapBB 1.2 - 'cfgIncludeDirectory' Remote Command Execution
by cijfer
By Source