Perl Exploits
2,849 exploits tracked across all sources.
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection
by RusH
Simple Machine Forum <1.0.4 - SQL Injection
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
by GulfTech Security
CVSS 9.8
MercuryBoard <= 1.1.4 - SQL Injection via User-Agent HTTP Header
SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
by RusH
Apache 2.0.49 - Arbitrary Long HTTP Headers Denial of Service
by Qnix
Claroline 1.5.3-1.6 RC - SQL Injection
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
by K-C0d3r
Ultimate PHP Board 1.9.6 GOLD - users.dat Password Decryptor
by Alberto Trivero
Ultimate PHP Board (UPB) 1.9.6 GOLD - Info Disclosure
Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat.
by Alberto Trivero
paFileDB <= 3.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.
by Alpha_Programmer
extropia_webstore - Remote Code Execution via Web_Store.cgi Page Parameter
Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
by Action Spider
HAURI ViRobot Linux Server 2.0 - Buffer Overflow via ViRobot_ID Cookie
Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE).
by Kevin Finisterre
Webhints 1.03 - Remote Command Execution via Shell Metacharacters
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
by MadSheep
Webhints 1.03 - Remote Command Execution via Shell Metacharacters
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
by Alpha_Programmer
GoodTech SMTP Server 5.14 - Denial of Service via RCPT TO Command
GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of service (application crash) via a RCPT TO command with an invalid argument, as demonstrated using an "A" character.
by Reed Arvin
PortailPHP 1.3 - SQL Injection via id Parameter
SQL injection vulnerability in PortailPHP 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to the (1) News, (2) File, (3) Liens, or (4) Faq modules.
by Alberto Trivero
PostNuke 0.750 - SQL Injection via readpmsg.php start Parameter
SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter.
by K-C0d3r
MyBulletinBoard < 1.00_rc4 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.
by Alberto Trivero
myBloggie 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
by Alberto Trivero
phpstat 1.5 - Unauthenticated Authentication Bypass via $check Variable
setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.
by Alpha_Programmer
Invision Power Board <= 2.0.3 - SQL Injection via Cookie Password Hash
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
by Petey Beege
MaxWebPortal 1.35, 1.36, 2.0, 20050418 Next - SQL Injection via memKey Parameter
SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter.
by Alpha_Programmer
PortailPHP 1.3 - 'ID' SQL Injection
by CENSORED Search Vulnerabilities
Woltlab Burning Board 2.3.1 - 'register.php' SQL Injection
by deluxe89
By Source