Perl Exploits
2,854 exploits tracked across all sources.
Eternal Lines Web Server 1.0 - Remote Denial of Service
by Ziv Kamir
War FTP Daemon - Denial of Service
WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability.
by MC.Iglo
Siteman 1.1.10 - Remote Administrative Account Addition
by Noam Rathaus
Awstats < 6.3 - Improper Input Validation
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
by GHC
Kmint21 Software Golden FTP Server - Buffer Overflow
Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remote attackers to execute arbitrary code via a long RNTO command.
by Barabas
Siteman <1.1.10 - Code Injection
CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.
by Noam Rathaus
phpBB 2.0.10 - 'ssh.D.Worm' Bot Install Altavista
by Severino Honorato
Sanity.b - phpBB 2.0.10 Bot Install (AOL/Yahoo Search)
by anonymous
PHPInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion
by anonymous
PHP Heaven Phpmychat - Access Control
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.
by sysbug
phpBB < 2.0.10 - 'Santy.A Worm' 'highlight' Arbitrary File Upload
by anonymous
e107 <0.617 - RCE
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
by sysbug
top <unknown> - Privilege Escalation
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
by Kevin Finisterre
wget <1.8.x-1.9.x - Code Injection
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
by Jan Minar
Mercury (Pegasus) Mail 4.01 - RCE
Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command.
by Reed Arvin
Progress WS FTP Server - Buffer Overflow
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
by Reed Arvin
3Dmax 6.x backburner Manager 2.2 - Denial of Service
by Xtiger
phpBB 2.x <2.0.11 - RCE
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
by RusH
By Source