Perl Exploits
2,854 exploits tracked across all sources.
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4619. Reason: This candidate is a duplicate of CVE-2005-4619. Notes: All CVE users should reference CVE-2005-4619 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
by RusH
Gravity Board X <1.1 - Code Injection
Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file.
by RusH
YapBB 1.2 - 'cfgIncludeDirectory' Remote Command Execution
by cijfer
MyBulletinBoard (MyBB) 1.03 - Multiple SQL Injections
by HACKERS PAL
Fortinet FortiGate 2.8 - Auth Bypass
Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.
by Mathieu Dessus
Valve Software Half-life Cstrike Dedicated Server - Memory Corruption
The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection string to UDP port 27015.
by Firestorm
Invision Power Services Invision Power Board - Denial of Service
index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users.
by SkOd
Dale Ray MyQuiz 1.01 - Command Injection
myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable.
by Hessam-x
Kinesphere Corporation Exchange Pop3 - Buffer Overflow
Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument.
by securma massine
Dragoran Portal Module - SQL Injection
SQL injection vulnerability index.php in Dragoran Portal module 1.3 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by SkOd
xeCMS 1.0.0 RC 2 - 'cookie' Remote Command Execution
by cijfer
Karjasoft Sami FTP Server - Buffer Overflow
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.
by Critical Security
Phpclanwebsite - SQL Injection
SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax.
by matrix_killer
CRE Loaded 6.15 - Privilege Escalation
CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment."
by kaneda
ezDatabase <2.0 - Code Injection
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls.
by cijfer
RCBlog 1.0.3 - 'index.php' Directory Traversal
by Aliaksandr Hartsuyeu
Philippe Jounin Tftpd32 - Denial of Service
Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.
by Critical Security
Symantec Pcanywhere - Buffer Overflow
Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors.
by David Maciejak
Farmers Wife - Path Traversal
Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands.
by kokanin
Mini-nuke Cms System < 1.8.2 - SQL Injection
SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.
by DetMyl
Microsoft Visual Studio 2005 - RCE
By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
by anonymous
Estara Softphone - Buffer Overflow
Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060.
by kokanin
By Source