Secunia Security Advisory - SUSE has issued an update for perl-YAML-LibYAML. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the module.
c2591fd4454e96e7eccbd78fb20fae7cb9cd4ac857ef225bf7920faeb3c9f059
Gentoo Linux Security Advisory 201208-5 - An insecure temporary file usage has been reported in the Perl Config-IniFiles module, possibly allowing symlink attacks. Versions below 2.710.0 are affected.
3bcd9906a91e0e60116a8e74a6871bf2c3d7a8bbd8baaef329447255da0a07b9
This perl script attacks pBot by leveraging a hidden .eval command to delete and kill the bot.
19d0cd2419b1ba8636cb8720f58807484e2cd5fe55c43028edb94c4dfbfc419f
Secunia Security Advisory - Red Hat has issued an update for perl-DBD-Pg. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the module.
76987ea6aa324b45021184bc8680f5b030fae09ebce3d2727c30a847c53866cb
Mandriva Linux Security Advisory 2012-112 - Two format string flaws were found in the way perl-DBD-Pg. A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash. The updated packages have been patched to correct this issue.
cfc570df0e44378ae630c6244564f9a1b62cf1d12fda6e443031004d32e127eb
Red Hat Security Advisory 2012-1116-01 - Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect.
6b9911606556711f6d311f9701a306c24b1afc6085dfd1dde7ad91431c552f38
Nmap's man page mentions that "Nmap should never be installed with special privileges (e.g. suid root) for security reasons.." and specifically avoids making any of its binaries setuid during installation. Nevertheless, administrators sometimes feel the need to do insecure things. This Metasploit module abuses a setuid nmap binary by writing out a lua nse script containing a call to os.execute(). Note that modern interpreters will refuse to run scripts on the command line when EUID != UID, so the cmd/unix/reverse_{perl,ruby} payloads will most likely not work.
36e5626623975013ad17de674718bb242f7551a7c65755515d9aab44a7aa57ea
Joomla web scanning perl script that gets the version, components and shows possible bugs.
0ab018e39405e6084e40c17103e2371d3366a4af2159ce098bae85b710b3f1ab
Cryptfuscate Bundle provides a better, more secure, solution for obfuscating Perl code. Cryptfuscate Bundle consists of two main scripts, cryptfuscate.pl and executer.pl. cryptfuscate.pl creates an encrypted version of Perl module embedded text files using Blowfish AES encryption and encodes the module in base 64. executer.pl then can be packaged with the encrypted module and placed on a target's box. executer.pl can then be launched and given the correct encryption key and salt will decrypt the module, handle the module as a string, and execute the module using Perl's eval() function. This method of execution provides you with a safe and secure way to execute Perl code while keeping local users from being able to analyze the source code of your module. Cryptfuscate Bundle comes with a module to experiment with, a bind shell on port 62221.
1e5fa99ad3c862fb14e7fcf215948fd8267a9170c688498ba501be414b46b883
Red Hat Security Advisory 2012-0876-04 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base subtree handled by the "extend" directive could use this flaw to crash snmpd via a crafted SNMP GET request.
0c8e59b5862b260540cb82b2f28c910e34cfe4e663196688dfe6b2ae3d270f8b
Kolkata is a tool for IDS evading web application fingerprinting. It is written in perl and uses LibWhisker.
51799f93b27c4bf9963d9bb0be06a9c97f9292d2a95f88350b3c19c6dc197876
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
c02190292f3a147e906e373d6d388b12281fc71677eedb7324d27c178ff23901
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
7951e7cbd5d3ef81b6a7dcaed9ec4c95331f77b7aa03178ca7a582058593986e
Secunia Security Advisory - A security issue has been reported in the Config::IniFiles module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
1c61cccf748717098d33b1f24e3c2d82a1e851d1cf4b11cde6453361decfdad7
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
a891c0b900417f2980f0e9afcdb10d1fd5581703be2587a92c90c7631b8814dc
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
e2922b592136828485ef5f371fa2e685ec057099245c46322cd9573c14dde2a4
Gentoo Linux Security Advisory 201204-8 - Two format string vulnerabilities have been found in the Perl DBD-Pg module, allowing a remote PostgreSQL servers to execute arbitrary code. Versions less than 2.19.0 are affected.
bce5c31bb6b3eebc314508e6cb57e1a6a149a177ea49029bb3e039ea69959c01
Red Hat Security Advisory 2012-0478-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
18abb32cf9211542fd5a4c9fa789e88cd4d5530dd19accafd5056d840cd3a798
Red Hat Security Advisory 2012-0466-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
ac3d0a5cf4ad166161f6d299cf8b70631e442e80e31a75c43f97926eb4e060f3
Red Hat Security Advisory 2012-0465-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
5a04569b6919bd0a20fe7431a7493f6484a21e57dfa7115a5e0ef655365f0b8d
Secunia Security Advisory - SUSE has issued an update for perl-DBD-Pg. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the module.
a432e3e6818617d9a8506dd5a740f84536ccdee90abf0726c24f7398f23eccc0
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
fe044230036d848ad6720383afa9e61319b0004de5ccf5aedc1b26ee3e6ced82
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
e40867ec2b07662d86f8ccbf48ffce4f61c258d21758a358af57368530200887
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
42173590795645e2f9e4219d77b6699b9a6ca4563946c65ff2773b7d9c831693
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
88fc63ec0972b2501852fc4f0e3308b885982bd391d185e2e5897765d93e3d45