Debian Linux Security Advisory 3219-1 - Stefan Roas discovered a way to cause a buffer overflow in DBD-FireBird, a Perl DBI driver for the Firebird RDBMS, in certain error conditions, due to the use of the sprintf() function to write to a fixed-size memory buffer.
962a23460df4764f5e4c10d5c95afce84b71e7a695fc0b972c3d9dddde456adb
Mandriva Linux Security Advisory 2015-136 - The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. Also, the Text::Wrap version provided in perl contains a bug that can lead to a code path that shouldn't be hit. This can lead to crashes in other software, such as Bugzilla. The Text::Wrap module bundled with Perl has been patched and the Data::Dumper module bundled with Perl has been updated to fix these issues.
a3e94ab9406937961e1413a2283cd15e6647020327efe2581f2eea934953cc8d
Mandriva Linux Security Advisory 2015-092 - Remotely exploitable denial of service vulnerability in Net-SNMP, in the Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it is making use of the ICMP-MIB table objects. Remotely exploitable denial of service vulnerability in Net-SNMP, in snmptrapd, due to how it handles trap requests with an empty community string when the perl handler is enabled. A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the -OQ option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.
d604316ab4c33292b9bb3bb59fcb9464712dfe5b998842c636ef11aa22776a28
TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution.
850efe714be5e6548a264c1cce672a60aa1ae5a53559548aa9e9d66cf64f53b5
Red Hat Security Advisory 2015-0330-02 - PCRE is a Perl-compatible regular expression library. A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions. This update also adds the following enhancement: Support for the little-endian variant of IBM Power Systems has been added to the pcre packages.
dac1fdb5f71a85809e56a712ba7a3db8546be205b97f7ec4f7128b364b177f7b
Debian Linux Security Advisory 3173-1 - It was discovered that libgtk2-perl, a Perl interface to the 2.x series of the Gimp Toolkit library, incorrectly frees memory which GTK+ still holds onto and might access later, leading to denial of service (application crash) or, potentially, to arbitrary code execution.
d6159b0e8d3d7cfd1b0d709e58a87c3f037bcb116d848c4b823df135f71c42cc
This is a simple perl script for setting up man-in-the-middle attacks on Linux.
d38e8956c0b99e7aff2b55fc10799e47aad7c2ed96fe26151631c149f50fbb5d
Mandriva Linux Security Advisory 2015-044 - Incorrect memory management in Gtk2::Gdk::Display::list_devices in perl-Gtk2 before 1.2495, where, the code was freeing memory that gtk+ still holds onto and might access later. The updated packages have been patched to correct this issue.
e73da39c4f4f83b3f336e55cc33673138264f90452afaeb86dafd1ea189a8695
Ubuntu Security Notice 2461-2 - Stanislaw Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.
191712b310456bed505292d7ad3776e02d33b05d362fa3e709ea54c23a287610
Shodan Tool is a perl script that allows you to search for vulnerabilities in Shodan.
e4f79ca5f16c3af8923ab005857cab191b76f980d4950e316e803b94d46634aa
This is a perl script to bruteforce logins on WordPress.
e4fc872f857fd9c0a0f00dbc16b78a2d66efee57cb3bebc394f9630db8af7c35
Mandriva Linux Security Advisory 2014-242 - An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. The perl-YAML-LibYAML package is also affected, as it was derived from the same code. Both have been patched to fix this issue.
1a8807c1c97e97b6cf8af38ad94c0f12afed0808ef6f0169b73e64b3b4d7a808
Mandriva Linux Security Advisory 2014-199 - Updated perl and perl-Data-Dumper packages fixes security The Dumper method in Data::Dumper before 2.154, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. The Data::Dumper module bundled with perl and the perl-Data-Dumper packages has been updated to fix this issue.
dc19d5d4be63100b1a9dbb64cf7587bae6e7a38cfaf80f976586d0016b2ee1e6
This exploit abuses a vulnerability in the HP Data Protector. The vulnerability exists in the Backup client service, which listens by default on TCP/5555. The EXEC_INTEGUTIL request allows to execute arbitrary commands from a restricted directory. Since it includes a perl executable, it's possible to use an EXEC_INTEGUTIL packet to execute arbitrary code. On linux targets, the perl binary isn't on the restricted directory, but an EXEC_BAR packet can be used to access the perl binary, even in the last version of HP Data Protector for linux. This Metasploit module has been tested successfully on HP Data Protector 9 over Windows 2008 R2 64 bits and CentOS 6 64 bits.
532410fb174f7f3d0672bb77c79174e37f6739ffde13774940b5b666f7c88240
Gentoo Linux Security Advisory 201410-2 - Multiple vulnerabilities have been found in Perl Locale-Maketext module, allowing remote attackers to inject and execute arbitrary Perl code. Versions prior to 1.230.0 are affected.
32e6d90b5adea67193c65f6bf16d55c5ac579bb688c5b448f47a833c088fc51c
The debugenableplugins request parameter in Twiki versions 4.x, 5.x, and 6.0.0 allows arbitrary Perl code execution.
7e6bafc3f4e27a15de8ac1ae847247abec86cca045f3b86848aeae7d24f79d02
Mandriva Linux Security Advisory 2014-192 - The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service via an empty quoted string in an RFC 2822 address. The Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service via vectors related to backtracking into the phrase.
fd50ca84aa78f0224f164d19ccc837e9fe063dbb1cb0e10514545665ccda3d3d
Mandriva Linux Security Advisory 2014-191 - The mkxmltype and mkdtskel scripts provided in perl-XML-DT allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.
1cf9c6f1fe3daede8b43bab97142f9d19a3b4444639c60766d3b82d501a4862d
GNU Bash versions 4.3 and below remote command injection exploit that leverages the REFERER header on vulnerable CGI scripts. Launches a connect-back shell. Written in Perl.
19dfcfb3d85be26b41d2f9316ffaebf7de4fe7c3b8fd4d6b1cf6a55a6f1ba395
A stack overflow was discovered when serializing data via the Data::Dumper extension which is part of Perl-Core. By using the "Dumper" method on a large Array-Reference which recursively contains other Array-References, it is possible to cause many recursive calls to the DD_dump native function and ultimately exhaust all available stack memory.
5739d0c214a552e16df8c1827940aaed394eeceffff1b5e158eb34f54598672a
Kakilles is a perl script that spawns an HTTP proxy and lets you modify user-agent, content, and cookie headers.
d2e2153f6e4d656992f7440b3cb89926277a075073424d269287da5e78c20038
ClapTrap is an IRC bot written in perl that performs various attacks against web applications.
40e026e9f6bdf057264e44d1c1b026d66bddea6425af62879e5804c3dbfc677a
Paranoic is a simple vulnerability scanner written in Perl.
dab89a511b987be36693b6be78738052be66e63dceda5ce2baa3684d5850c598
Ubuntu Security Notice 2292-1 - It was discovered that the LWP::Protocol::https perl module incorrectly disabled peer certificate verification completely when only hostname verification was requested to be disabled. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be exploited in certain scenarios to alter or compromise confidential information in applications that used the LWP::Protocol::https module.
04124159814afda52855f16ba5f872746057725d6ed57e3e9e8e74d49f9a14f0
Debian Linux Security Advisory 2969-1 - Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the application.
a83f23287604c42c60b88d579639ae305d020bfe95bbe0985afe821df9d5acaa