Exploit the possiblities
Showing 151 - 175 of 1,343 RSS Feed

Perl Files

Mandriva Linux Security Advisory 2013-005
Posted Jan 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-005 - Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via the x string repeat operator. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, overflow, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2012-5195
MD5 | 608c0933e9dabf6685aa61dedc1f5bd4
IP Phone Scanning Made Easy 0.8
Posted Jan 17, 2013
Authored by Cedric Baillet | Site freecode.com

ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.

Changes: GUI updates. Multiple exploits added and a tool was added for Cisco phone SSH server detection.
tags | tool, web, scanner, perl
systems | unix
MD5 | 7dadf7dcddc00deb6ad008b5cb5d95cf
Secunia Security Advisory 51741
Posted Jan 7, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Perl, which can be exploited by malicious users to compromise an application using the module.

tags | advisory, perl, vulnerability
MD5 | 8075d55e977f0fce54aafd8127072b59
Foswiki MAKETEXT Remote Command Execution
Posted Dec 24, 2012
Authored by juan vazquez, Brian Carlson | Site metasploit.com

This Metasploit module exploits a vulnerability in the MAKETEXT Foswiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since the input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. Only Foswiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set) are vulnerable. If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the FoswikiPage option isn't provided, the module will try to create a random page on the SandBox space. The modules has been tested successfully on Foswiki 1.1.5 as distributed with the official Foswiki-1.1.5-vmware image.

tags | exploit, shell, perl
advisories | CVE-2012-6329, OSVDB-88410
MD5 | 2f0d5e5f141627b156391bba009fa3f3
TWiki MAKETEXT Remote Command Execution
Posted Dec 24, 2012
Authored by juan vazquez, George Clark | Site metasploit.com

This Metasploit module exploits a vulnerability in the MAKETEXT Twiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since user input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. This works in TWiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set). If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the 'TwikiPage' option isn't provided, the module will try to create a random page on the SandBox space. The modules has been tested successfully on TWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine.

tags | exploit, shell, perl
advisories | CVE-2012-6329, OSVDB-88460
MD5 | 1844d260fae480529a712a37f0ebdf89
Mandriva Linux Security Advisory 2012-180
Posted Dec 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-180 - CGI.pm module before 3.63 for Perl does not properly escape newlines in P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary, cgi, perl
systems | linux, mandriva
advisories | CVE-2012-5526
MD5 | 0800befe8ecefe08400d130dc50902d0
Debian Security Advisory 2587-1
Posted Dec 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2587-1 - It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers.

tags | advisory, web, cgi, perl
systems | linux, debian
advisories | CVE-2012-5526
MD5 | 14bca413dd84ed9ebb3f5d4e84663066
Debian Security Advisory 2586-1
Posted Dec 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2586-1 - Two vulnerabilities were discovered in the implementation of the Perl programming language.

tags | advisory, perl, vulnerability
systems | linux, debian
advisories | CVE-2012-5195, CVE-2012-5526
MD5 | ba7d34e616213873d222fa098dc224ea
Splunk 5.0 Custom App Remote Code Execution
Posted Dec 8, 2012
Authored by sinn3r, juan vazquez, [at]marcwickenden | Site metasploit.com

This Metasploit module exploits a feature of Splunk whereby a custom application can be uploaded through the web based interface. Through the 'script' search command a user can call commands defined in their custom application which includes arbitrary perl or python code. To abuse this behavior, a valid Splunk user with the admin role is required. By default, this module uses the credential of "admin:changeme", the default Administrator credential for Splunk. Note that the Splunk web interface runs as SYSTEM on Windows, or as root on Linux by default. This Metasploit module has only been tested successfully against Splunk 5.0.

tags | exploit, web, arbitrary, root, perl, python
systems | linux, windows
MD5 | 66d1782d500464f50d0470fe9f4bb37a
Secunia Security Advisory 51498
Posted Dec 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Locale::Maketext module for Perl, which can be exploited by malicious users to compromise an application using the module.

tags | advisory, perl, vulnerability
MD5 | 460b2f7bdc29dc022650651e0b501551
Secunia Security Advisory 51457
Posted Dec 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for perl. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service, perl, vulnerability
systems | linux, ubuntu
MD5 | 1ed06c5c30674f16cac277862ac81bab
NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution
Posted Nov 21, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module abuses a lack of authorization in the NetIQ Privileged User Manager service (unifid.exe) to execute arbitrary perl code. The problem exists in the ldapagnt module. The module has been tested successfully on NetIQ PUM 2.3.1 over Windows 2003 SP2, which allows to execute arbitrary code with SYSTEM privileges.

tags | exploit, arbitrary, perl
systems | windows
advisories | OSVDB-87334
MD5 | e53a75b6b8524b04b935bc9eec060537
IP Phone Scanning Made Easy 0.7
Posted Nov 16, 2012
Authored by Cedric Baillet | Site freecode.com

ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.

Changes: Added Cisco phone logout mobility feature abuse. Added multiple exploits.
tags | tool, web, scanner, perl
systems | unix
MD5 | 935015f9a02580fefa823235dd8425d7
Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll Code Execution
Posted Nov 15, 2012
Authored by rgod | Site retrogod.altervista.org

Novell NetIQ Privileged User Manager version 2.3.1 suffers from a perl code evaluation remote command execution vulnerability in ldapagnt_eval() in ldapagnt.dll. The secure web interface contains a flaw which allows, without prior authentication, to execute a Perl script with SYSTEM privileges. This can be done by sending a POST request with well formed data. Full exploit included.

tags | exploit, remote, web, perl
systems | linux
MD5 | a46a9b4a8a054e22e5db154b03091612
360-FAAR Firewall Analysis Audit And Repair 0.3.7
Posted Nov 9, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release fixes many of the bugs in the cisco reader and writer sections. Cisco configs can now be processed written, re-read, processed and written again cyclically. Access lists using proto groups, specifying only protocol details or using 'ip/any' services are now handled. Protocol group-objects are written and used in rules for service groups with many different protocol types specified within them. 'port-objects' are read in service objects, service groups and protocol groups alike. The cisco 'echo' default service has been updated to remove tcp and udp from its listed ports.
tags | tool, perl
systems | unix
MD5 | 7659db12155996e0e2a9b04fb6abf6c6
360-FAAR Firewall Analysis Audit And Repair 0.3.6
Posted Nov 5, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release resolves many of the problems with the filter sections. Both the specific and the subnet rr mode filter sections have been upgraded to fix many of the issues related to combining various filter mode types, and as a result the filter behavior should be much more predictable. The Cisco and od output section definitions now print service defs for all defined proto types.
tags | tool, perl
systems | unix
MD5 | 904e5b7ba035b5a41502f3905643c618
360-FAAR Firewall Analysis Audit And Repair 0.3.5
Posted Nov 1, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release introduces three new sub routines that are used to run much stronger consistency checks against the internal network and service object, group and rule definitions after each round of processing. These new tests provide much greater visibility of incomplete objects and rules and give details of any missing object elements. The netscreen reader now reads "interface dip" and rule "dip-id" statements and adds appropriate objects and nat translation rules. Warnings are printed for unknown cisco object group objects found in policies during the config read. Various other updates.
tags | tool, perl
systems | unix
MD5 | a709df8da13bc20071d2d64e7ceb67d6
360-FAAR Firewall Analysis Audit And Repair 0.3.4
Posted Oct 29, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release resolves Cisco ICMP default services with out printing stringified hash references in the cs output sections. Cisco network and range objects are listed as such in object-groups instead of as hosts. The cisco output writer uses 'object' in access-lists instead of IP NM, as well as listing range objects using 'range' in access-lists as well as groups. The NAT translation now supports SRC NAT translation for known network objects in rr mode filters.
tags | tool, perl
systems | unix
MD5 | 344e2be14ce2a1b5ce37904b9a4cc31c
Perl 5 Memory Corruption
Posted Oct 26, 2012
Authored by Tim Brown | Site nth-dimension.org.uk

The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.

tags | advisory, arbitrary, perl, code execution
advisories | CVE-2012-5195
MD5 | faabce97452d026be018183bfea09b1a
360-FAAR Firewall Analysis Audit And Repair 0.3.3
Posted Oct 24, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release adds nat capabilities to the Cisco ASA reader. 'static' nat IP IP NM and access-list statements are now added the internal nats table and policy nat rules are identified. Some of the annoying "undefined" variable warnings have been resolved. Various other updates.
tags | tool, perl
systems | unix
MD5 | 8f172bbdc58dfd2dcb2bc49835b8a217
360-FAAR Firewall Analysis Audit And Repair 0.3.2
Posted Oct 17, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release includes a new helper script that converts print mode CSV's to HTML, for easy viewing with a browser on systems without an "office" application suite installed. Netscreen interface vip statements are now added to the NATs table and further consistency checks have been added to the policy build sections to more easily identify problem objects.
tags | tool, perl
systems | unix
MD5 | e43bef5bc175bfb152d9dd59733468b6
Secunia Security Advisory 50845
Posted Oct 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged a vulnerability in Perl included in Solaris, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the library.

tags | advisory, web, perl
systems | solaris
MD5 | 65a044155307b1d81a914a5b1b8fda91
360-FAAR Firewall Analysis Audit And Repair 0.3.1
Posted Sep 28, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release cleans up the output in the new columns, so that specific VPN policy and object negation usage is easier to see. The VPN rules marked "Any", which are all rules in the rule base not marked with a specific VPN, that pass traffic that can be tunnelled via a route based VPN after dropping out of the policy, are no longer printed. Object's not negated in the policy (marked negation: "no") are also removed from the new columns for clarity. The Cisco ASA/PIX reader has been upgraded so that it prints more user friendly info during the config read ('safe' warnings are now printed as info) and handles rules using protocol groups far better than before. The cisco config reader now also reads negated source and dest services and excludes rules using these from the "rr" mode rulebase builds as well as reading rules with logging and no destination port correctly.
tags | tool, perl
systems | unix
MD5 | bcc2532e92580d24bea535fd8dc81345
360-FAAR Firewall Analysis Audit And Repair 0.3.0
Posted Sep 26, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release further updates the 'print' and 'fltprint' mode spreadsheets to include VPN tunnel usage info and source / destination negation from the policy, as well as "install on" info (most relevant to checkpoint).
tags | tool, perl
systems | unix
MD5 | 453c616769d2299a03e0a2bf7545d067
LFI Exploiter
Posted Sep 26, 2012
Authored by M.R.S.CO

This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability.

tags | tool, local, perl, code execution, file inclusion
systems | unix
MD5 | 4a28894995bf7478f9b2b7d5144536dc
Page 7 of 54
Back56789Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close