Perl Exploits
2,854 exploits tracked across all sources.
PlaySMS <0.7 - SQL Injection
SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.
by Noam Rathaus
AppleFileServer <10.3.3 - Buffer Overflow
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.
by Dino Dai Zovi
Sapporoworks Black Jumbodog - Buffer Overflow
Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD.
by Tal Zeltzer
SoX <12.17.4 - RCE
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
by Serkan Akpolat
Microsoft SMS 2.50.2726.0 - DoS
The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
by MacDefender
Apache httpd 2.0.49 - DoS/Buffer Overflow
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
by bkbll
Samba <3.0.4 - RCE
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
by Noam Rathaus
Serena TeamTrack 6.1.1 - Info Disclosure & XSS
Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters.
by Noam Rathaus
Polar Software Helpdesk - Authentication Bypass
Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie.
by Noam Rathaus
Netsupport Dna Helpdesk - SQL Injection
SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.
by Noam Rathaus
LBE Web Helpdesk <4.0.0.81 - SQL Injection
SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Noam Rathaus
Internet Software Sciences Web+Center 4.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp and (2) one or more cookies in DoCustomerOptions.asp.
by Noam Rathaus
Microsoft Systems Management Server 1.2/2.0 - Remote Denial of Service
by HexView
phpBB 2.x <2.0.11 - RCE
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
by sasan hezarkhani
MySQL <4.1.3, 5.0 - Auth Bypass
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
by Eli Kara
Borland Software Interbase - Buffer Overflow
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
by Aviram Jenik
Asterisk PBX 0.7.x - Multiple Logging Format String Vulnerabilities
WinAgents TFTP Server 3.0 - Remote Buffer Overrun
by Ziv Kamir
BlackBoard Learning System 6.0 - Dropbox File Download
by Maarten Verbeek
Borland Software Interbase - Buffer Overflow
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
by wsxz
Mollensoft Lightweight FTP Server 3.6 - Remote Buffer Overflow
by Chintan Trivedi
Mollensoft Software Lightweight FTP Server - Buffer Overflow
Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client.
by storm
LHA - Buffer Overflow
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
by Lukasz Wojtow
By Source