Perl Exploits
2,854 exploits tracked across all sources.
PHP-Fusion <6.0 - Info Disclosure
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0.
by Easyex
SUN Solaris - Access Control
traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).
by Przemyslaw Frasunek
phpBB 2.0.15 - Register Multiple Users (Denial of Service)
by g30rg3_x
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection
by RusH
Simple Machine Forum <1.0.4 - SQL Injection
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
by GulfTech Security
CVSS 9.8
Mercuryboard Message Board - SQL Injection
SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
by RusH
Apache 2.0.49 - Arbitrary Long HTTP Headers Denial of Service
by Qnix
Claroline 1.5.3-1.6 RC - SQL Injection
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
by K-C0d3r
Ultimate PHP Board 1.9.6 GOLD - users.dat Password Decryptor
by Alberto Trivero
Ultimate PHP Board (UPB) 1.9.6 GOLD - Info Disclosure
Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat.
by Alberto Trivero
PHP Arena Pafiledb - SQL Injection
Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.
by Alpha_Programmer
Web_Store.cgi - Command Injection
Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
by Action Spider
Hauri Virobot Linux Server - Buffer Overflow
Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE).
by Kevin Finisterre
Webhints 1.03 - Command Injection
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
by MadSheep
Webhints 1.03 - Command Injection
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
by Alpha_Programmer
Goodtech Systems Goodtech SMTP Server - Denial of Service
GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of service (application crash) via a RCPT TO command with an invalid argument, as demonstrated using an "A" character.
by Reed Arvin
Portailphp - SQL Injection
SQL injection vulnerability in PortailPHP 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to the (1) News, (2) File, (3) Liens, or (4) Faq modules.
by Alberto Trivero
Postnuke - SQL Injection
SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter.
by K-C0d3r
Mybulletinboard < 1.00_rc4 - SQL Injection
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.
by Alberto Trivero
myBloggie 2.1.1- - SQL Injection
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
by Alberto Trivero
By Source