Perl Exploits
2,849 exploits tracked across all sources.
Siteman <= 1.1.10 - CRLF Injection via Users.php Line Parameter
CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.
by Noam Rathaus
phpBB 2.0.10 - 'ssh.D.Worm' Bot Install Altavista
by Severino Honorato
Sanity.b - phpBB 2.0.10 Bot Install (AOL/Yahoo Search)
by anonymous
PHPInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion
by anonymous
PHPMyChat 0.14.5 - Information Disclosure via Unprotected setup.php3
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.
by sysbug
phpBB < 2.0.10 - 'Santy.A Worm' 'highlight' Arbitrary File Upload
by anonymous
e107 < 0.617 - Remote Code Execution via ImageManager PHP File Upload
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
by sysbug
top <unknown> - Privilege Escalation
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
by Kevin Finisterre
GNU wget 1.8.x-1.9.x - Remote Code Execution via Terminal Escape Sequence Injection
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
by Jan Minar
Mercury (Pegasus) Mail 4.01 - Remote Code Execution via IMAP SELECT Command
Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command.
by Reed Arvin
WS_FTP Server 2.02 - Remote Code Execution via Long Arguments to Multiple FTP Commands
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
by Reed Arvin
3Dmax 6.x backburner Manager 2.2 - Denial of Service
by Xtiger
phpBB 2.x < 2.0.11 - Remote Code Execution via Double-Encoded Highlight Parameter
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
by RusH
Invision Power Board 2.0.0-2.0.2 - SQL Injection via qpid Parameter
SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter.
by RusH
DMS POP3 1.5.3.27 - Denial of Service via Long Username or Password
Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password.
by Reed Arvin
TWiki 20030201 - Remote Code Execution via Search Function Shell Metacharacters
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.
by RoMaNSoFt
phpBB Cash Mod - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code.
by Jerome Athias
By Source