Perl Exploits
2,849 exploits tracked across all sources.
COOL! Remote Control 1.12 - Remote Denial of Service
by basher13
PhpTagCool 1.0.3 - SQL Injection via X-Forwarded-For HTTP Header
SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in an HTTP header.
by Megabyte
FTP Internet Access Manager 1.2 - Command Execution
by basher13
Free SMTP Server 2.2 - Open Redirect
Free SMTP Server 2.2 allows remote attackers to use the server as an open mail relay (spam proxy).
by basher13
Simple PHP Blog - Unauthenticated Arbitrary File Deletion via comment_delete_cgi.php comment parameter
comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter.
by Kenneth Belva
Savant Web Server < 3.1 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
by basher13
Adobe Version Cue <1.3 - Local Privilege Escalation
VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack.
by vade79
GTChat 0.95 Alpha - 'adduser' Remote Denial of Service
by VTECin5th
MyBulletinBoard 1.00 RC1-RC4 - SQL Injection via search.php uid Parameter
SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282.
by Alpha_Programmer
Microsoft Internet Explorer 5.01-6 - Remote Code Execution via Unsafe COM Object Instantiation
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
by anonymous
osh < 1.7.14 - Buffer Overflow via Long Working Directory and Filename
Buffer overflow in OSH before 1.7-15 allows local users to execute arbitrary code via a long current working directory and filename.
by Charles Stevenson
Grandstream BudgeTone 101 and 102 < 1.0.6.7 - Denial of Service via Large UDP Packet
Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060.
by Pierre Kroma
MySQL Eventum <= 1.5.5 - SQL Injection via Multiple Functions
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.
by GulfTech Security
Ipswitch IMail < 8.2 Hotfix 2 - Remote Code Execution via IMAP LOGIN Command
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
by kingcope
BusinessMail 4.60.00 - Denial of Service via Long SMTP HELO or MAIL FROM Command
Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of service (application crash) via a long string to SMTP (1) HELO or (2) MAIL FROM commands.
by Reed Arvin
ftpshell_server 3.38 - Authenticated Denial of Service via Repeated Connection Without QUIT
FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command.
by Reed Arvin
FtpLocate 2.02 - Remote Command Execution via flsearch.pl Shell Metacharacters
flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request.
by newbug
Intruder Client 1.00 - Remote Command Execution / Denial of Service
by basher13
Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow (PoC)
by kcope
Small HTTP Server 3.05.28 - Arbitrary Data Execution
by basher13
DG Remote Control Server 1.6.2 - Denial of Service and Possible Remote Code Execution via Long TCP Message
DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow.
by basher13
By Source