Perl Exploits
2,849 exploits tracked across all sources.
Apache httpd 2.0.49 - DoS/Buffer Overflow
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
by bkbll
Samba 3.0.2-3.0.4 - Remote Code Execution via SWAT HTTP Basic Authentication Buffer Overflow
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
by Noam Rathaus
Serena TeamTrack 6.1.1 - Info Disclosure & XSS
Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters.
by Noam Rathaus
Polar HelpDesk 3.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie.
by Noam Rathaus
NetSupport DNA HelpDesk 1.01 - SQL Injection via problist.asp where Parameter
SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.
by Noam Rathaus
LBE Web Helpdesk <4.0.0.81 - SQL Injection
SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Noam Rathaus
Internet Software Sciences Web+Center 4.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp and (2) one or more cookies in DoCustomerOptions.asp.
by Noam Rathaus
Microsoft Systems Management Server 1.2/2.0 - Remote Denial of Service
by HexView
phpBB 2.x < 2.0.11 - Remote Code Execution via Double-Encoded Highlight Parameter
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
by sasan hezarkhani
MySQL 4.1.x < 4.1.3 and 5.0 - Unauthenticated Authentication Bypass via Zero-Length Scrambled String
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
by Eli Kara
InterBase and Firebird < 1.5 - Denial of Service via Long Database Name
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
by Aviram Jenik
Asterisk PBX 0.7.x - Multiple Logging Format String Vulnerabilities
WinAgents TFTP Server 3.0 - Remote Buffer Overrun
by Ziv Kamir
BlackBoard Learning System 6.0 - Dropbox File Download
by Maarten Verbeek
InterBase and Firebird < 1.5 - Denial of Service via Long Database Name
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
by wsxz
Mollensoft Lightweight FTP Server 3.6 - Remote Buffer Overflow
by Chintan Trivedi
Mollensoft Lightweight FTP Server 3.6 - Authenticated Buffer Overflow via CWD Command
Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client.
by storm
LHA - Buffer Overflow via Long Working Directory Command Line Option
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
by Lukasz Wojtow
EMule Web 0.42 Control Panel - Denial of Service
by Rafel Ivgi The-Insider
Qualcomm Eudora 5.2.1, 6.0.3, 6.1 - Buffer Overflow via Long URL or Attachment Name
Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name.
by Paul Szabo
Titan FTP Server 3.01 build 163 - Authenticated Denial of Service via LIST -L Command
Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket.
by storm
HP Web JetAdmin 6.5 - 'connectedNodes.ovpl' Remote Code Execution
by FX
Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (3)
by Secure Network Operations
By Source