Perl Exploits
2,849 exploits tracked across all sources.
WebAPP 0.9.9.2.1 - Remote Command Execution via apage.cgi f Parameter
apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
by Alpha_Programmer
Photopost PHP Pro - SQL Injection via Verifykey Parameter
SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter.
by basher13
i-mall.cgi - Remote Command Execution via p Parameter
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.
by Jerome Athias
Ce/Ceterm <2.5.4 - Local Privilege Escalation
Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file.
by Kevin Finisterre
Golden FTP Server Pro 2.52 - 'USER' Remote Buffer Overflow
by Reed Arvin
Convert::UUlib < 1.050 - Buffer Overflow via Malformed Read Parameter
Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.
by CorryL
MailEnable Enterprise < 1.04 and Professional < 1.54 - Remote Code Execution via HTTP Authorization Header
Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header.
by CorryL
e-cart 2004 1.1 - Remote Command Execution via Shell Metacharacters in art Parameter
index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.
by z
Exchange Server 2000 and 2003 - Remote Code Execution via X-LINK2STATE SMTP Request
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.
by Evgeny Pinchuk
Serendipity <= 0.8 - SQL Injection via url_id or entry_id Parameters
SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.
by kre0n
Microsoft Windows 2000 and XP - Remote Code Execution via Malformed IP Packet Options
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
by Song Liu
KMail 1.7.1 in KDE 3.3.2 - Email Spoofing via HTML Formatted Email
KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.
by Noam Rathaus
The Includer - Remote Command Execution via Shell Metacharacters in URL or Template Parameter
includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter.
by K-C0d3r
The Includer - Remote Command Execution via Shell Metacharacters in URL or Template Parameter
includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter.
by GreenwooD
MailEnable Enterprise <= 1.04 and Professional <= 1.54 - Denial of Service via SMTP EHLO Unicode String
The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string.
by CorryL
Aeon 0.2a - Buffer Overflow via HOME Environment Variable
Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable.
by lammat
SPECTral Personal SMTP Server 0.4.2 - Denial of Service
by GreenwooD
Class-1 Forum 0.23.2-0.24.4 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php.
by basher13
Code Ocean FTP Server 1.0 - Denial of Service via Excessive Connections
Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections.
by GSS IT
MCPWS Personal WebServer 1.3.21 - Denial of Service
by Nico Spicher
phpBB 2.0.12 - Privilege Escalation
sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.
by Kutas
By Source