all things security
Showing 76 - 100 of 1,341 RSS Feed

Perl Files

Perl 5.20.1 Deep Recursion Stack Overflow
Posted Sep 25, 2014
Authored by Markus Vervier | Site lsexperts.de

A stack overflow was discovered when serializing data via the Data::Dumper extension which is part of Perl-Core. By using the "Dumper" method on a large Array-Reference which recursively contains other Array-References, it is possible to cause many recursive calls to the DD_dump native function and ultimately exhaust all available stack memory.

tags | exploit, overflow, perl
advisories | CVE-2014-4330
MD5 | c8b48caeada762d8666434be872973f9
Project Kakilles 0.3
Posted Sep 17, 2014
Authored by Doddy Hackman

Kakilles is a perl script that spawns an HTTP proxy and lets you modify user-agent, content, and cookie headers.

tags | tool, web, perl
MD5 | 1cc1fded4992b35bce2153081612884b
ClapTrap IRC Bot
Posted Sep 9, 2014
Authored by Doddy Hackman

ClapTrap is an IRC bot written in perl that performs various attacks against web applications.

tags | web, perl
MD5 | dafb55d48f5c9bdcbdcb2f8fcea3d269
Paranoic Scan 1.7
Posted Aug 30, 2014
Authored by Doddy Hackman

Paranoic is a simple vulnerability scanner written in Perl.

tags | tool, scanner, perl
systems | unix
MD5 | 6490730a15625806288c8b231a836ba5
Ubuntu Security Notice USN-2292-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2292-1 - It was discovered that the LWP::Protocol::https perl module incorrectly disabled peer certificate verification completely when only hostname verification was requested to be disabled. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be exploited in certain scenarios to alter or compromise confidential information in applications that used the LWP::Protocol::https module.

tags | advisory, remote, web, perl, protocol
systems | linux, ubuntu
advisories | CVE-2014-3230
MD5 | b61d2123f38c984d4e741cd9f7ace0e7
Debian Security Advisory 2969-1
Posted Jun 27, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2969-1 - Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the application.

tags | advisory, remote, denial of service, perl
systems | linux, debian
advisories | CVE-2014-0477
MD5 | d110df66b6bc321523c36bba21c87229
AlienVault OSSIM av-centerd Command Injection
Posted Jun 19, 2014
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the update_system_info_debian_package method uses perl backticks in an insecure way, allowing command injection. This Metasploit module has been tested successfully on AlienVault 4.6.0.

tags | exploit, web, perl, code execution
advisories | CVE-2014-3804
MD5 | 1c11a63dae03a49e38608820c02a45e6
Mandriva Linux Security Advisory 2014-069
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-069 - Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The perl-YAML-LibYAML package is being updated as it contains an embedded copy of LibYAML.

tags | advisory, remote, overflow, arbitrary, perl
systems | linux, redhat, mandriva
advisories | CVE-2013-6393, CVE-2014-2525
MD5 | 3b3ef2b8dc99c854135c54e00277d9a9
Heartbleed Honeypot Script
Posted Apr 9, 2014
Authored by glitch | Site glitchwrks.com

This Perl script listens on TCP port 443 and responds with completely bogus SSL heartbeat responses, unless it detects the start of a byte pattern similar to that used in Jared Stafford's (jspenguin@jspenguin.org) demo for CVE-2014-0160 'Heartbleed'. Run as root for the privileged port. Outputs IPs of suspected heartbleed scan to the console. Rickrolls scanner in the hex dump.

tags | tool, root, perl, tcp, intrusion detection
systems | unix
advisories | CVE-2014-0160
MD5 | aa6604b077be236dfe5f5f3f8c9a84cd
Ubuntu Security Notice USN-2161-1
Posted Apr 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2161-1 - Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled certain large YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Ivan Fratric discovered that libyaml-libyaml-perl incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2013-6393, CVE-2014-2525
MD5 | 09442a8a9385a2d62d158801e2ef9c8b
Red Hat Security Advisory 2014-0322-01
Posted Mar 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0322-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. A denial of service flaw was found in the way snmpd, the Net-SNMP daemon, handled subagent timeouts. A remote attacker able to trigger a subagent timeout could use this flaw to cause snmpd to loop infinitely or crash.

tags | advisory, remote, denial of service, perl, protocol
systems | linux, redhat
advisories | CVE-2012-6151, CVE-2014-2285
MD5 | d6da9316c756c232e64f58c538f056d6
Red Hat Security Advisory 2014-0321-01
Posted Mar 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0321-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file.

tags | advisory, remote, overflow, perl, protocol
systems | linux, redhat
advisories | CVE-2014-2284
MD5 | b46663f004b4afb5b0799cc05dba8d71
Debian Security Advisory 2873-2
Posted Mar 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2873-2 - It was discovered that the recent file update, DSA-2873-1, introduced a regression in the recognition of Perl scripts containing BEGIN code blocks.

tags | advisory, perl
systems | linux, debian
MD5 | caee209e0b494d67f13fab5c0467bde9
Rootkit Hunter 1.4.2
Posted Mar 23, 2014
Authored by Michael Boelen | Site rootkit.nl

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.

Changes: DISABLE_UNHIDE option has been removed from the configuration file. Various bug fixes.
tags | tool, shell, perl, integrity, rootkit
systems | netbsd, unix, solaris
MD5 | 85ad366b7f3999eb2a9371e39a1a4df7
Mandriva Linux Security Advisory 2014-062
Posted Mar 17, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-062 - Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620. SA51201. The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues.

tags | advisory, arbitrary, perl, php, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2012-2981, CVE-2012-2982, CVE-2012-2983, CVE-2012-4893
MD5 | 167cace9ae510696dea0951b9e786d73
Mandriva Linux Security Advisory 2014-060
Posted Mar 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-060 - Imapsync, by default, runs a release check when executed, which causes imapsync to connect to http://imapsync.lamiral.info and send information about the version of imapsync, the operating system and perl. The imapsync package has been patched to disable this feature. In imapsync before 1.584, a certificate verification failure when using the --tls option results in imapsync attempting a cleartext login.

tags | advisory, web, perl
systems | linux, mandriva
advisories | CVE-2013-4279, CVE-2014-2014
MD5 | dc91e85cd09740eb24207d0339f140db
Mandriva Linux Security Advisory 2014-052
Posted Mar 13, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-052 - Remotely exploitable denial of service vulnerability in Net-SNMP, in the Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it is making use of the ICMP-MIB table objects. Remotely exploitable denial of service vulnerability in Net-SNMP, in snmptrapd, due to how it handles trap requests with an empty community string when the perl handler is enabled.

tags | advisory, denial of service, perl
systems | linux, mandriva
advisories | CVE-2014-2284, CVE-2014-2285
MD5 | d2f2a3a662c5e97fcbede9eff4eb315c
Kloxo Remote Root Exploit
Posted Mar 2, 2014
Authored by Simo Ben Youssef | Site morxploit.com

Kloxo remote root exploit that leverages a blind SQL injection and injects a perl connect back shell (/bin/sh) with root privilege.

tags | exploit, remote, shell, root, perl, sql injection
MD5 | 561d8831792685768c0aeaf5f2ea1873
NTP Denial Of Service
Posted Feb 17, 2014
Authored by ShadowHatesYou

This is a small perl script called NTP DRDoS which is a denial of service tool for use against NTP.

tags | denial of service, perl
MD5 | 2d962184caf83044296ccfae04065109
FGscanner Directory / Page Scanner 1.1
Posted Feb 9, 2014
Authored by FantaGhost | Site fantaghost.com

FantaGhost is a perl script that assists with penetration testing by scanning for hidden directories and pages.

Changes: This is a new release with User Agent randomization for better evasion.
tags | tool, scanner, perl
systems | unix
MD5 | 988ca9764cc0a4b264be9f2ea952520d
Ubuntu Security Notice USN-2099-1
Posted Feb 5, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2099-1 - It was discovered that Perl's Locale::Maketext module incorrectly handled backslashes and fully qualified method names. An attacker could possibly use this flaw to execute arbitrary code when an application used untrusted templates.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2012-6329
MD5 | 52f85414eb64b2ec8c96bfb83ffdad6d
Gentoo Linux Security Advisory 201402-04
Posted Feb 4, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-4 - Multiple vulnerabilities have been found in libwww-perl, the worst of which could allow attackers to execute arbitrary code. Versions less than 6.30.0 are affected.

tags | advisory, arbitrary, perl, vulnerability
systems | linux, gentoo
advisories | CVE-2010-2253, CVE-2011-0633
MD5 | ce1ac446cc69b4b3c4a078b7c17d7a39
Gentoo Linux Security Advisory 201401-33
Posted Jan 30, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-33 - A vulnerability has been found in the Digest-Base Perl module, allowing remote attackers to execute arbitrary code. Versions less than 1.170.0 are affected.

tags | advisory, remote, arbitrary, perl
systems | linux, gentoo
advisories | CVE-2011-3597
MD5 | 85a4a70843c8294f0393cfd87a9bbca1
Mandriva Linux Security Advisory 2014-021
Posted Jan 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-021 - It was reported that perl-Proc-Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666, allowing any user on the system to overwrite it.

tags | advisory, perl
systems | linux, mandriva
advisories | CVE-2013-7135
MD5 | d0c47d399b85b666e75751a3c2a6654d
Gentoo Linux Security Advisory 201401-11
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-11 - Multiple vulnerabilities have been found in Perl and Locale::Maketext Perl module, the worst of which could allow a context-dependent attacker to execute arbitrary code. Versions less than 5.16.3 are affected.

tags | advisory, arbitrary, perl, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2728, CVE-2011-2939, CVE-2012-5195, CVE-2013-1667
MD5 | ecd43ce19385b37811ba89561b4b5b37
Page 4 of 54
Back23456Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close