Debian Linux Security Advisory 3173-1 - It was discovered that libgtk2-perl, a Perl interface to the 2.x series of the Gimp Toolkit library, incorrectly frees memory which GTK+ still holds onto and might access later, leading to denial of service (application crash) or, potentially, to arbitrary code execution.
d6159b0e8d3d7cfd1b0d709e58a87c3f037bcb116d848c4b823df135f71c42cc
This is a simple perl script for setting up man-in-the-middle attacks on Linux.
d38e8956c0b99e7aff2b55fc10799e47aad7c2ed96fe26151631c149f50fbb5d
Mandriva Linux Security Advisory 2015-044 - Incorrect memory management in Gtk2::Gdk::Display::list_devices in perl-Gtk2 before 1.2495, where, the code was freeing memory that gtk+ still holds onto and might access later. The updated packages have been patched to correct this issue.
e73da39c4f4f83b3f336e55cc33673138264f90452afaeb86dafd1ea189a8695
Ubuntu Security Notice 2461-2 - Stanislaw Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.
191712b310456bed505292d7ad3776e02d33b05d362fa3e709ea54c23a287610
Shodan Tool is a perl script that allows you to search for vulnerabilities in Shodan.
e4f79ca5f16c3af8923ab005857cab191b76f980d4950e316e803b94d46634aa
This is a perl script to bruteforce logins on WordPress.
e4fc872f857fd9c0a0f00dbc16b78a2d66efee57cb3bebc394f9630db8af7c35
Mandriva Linux Security Advisory 2014-242 - An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. The perl-YAML-LibYAML package is also affected, as it was derived from the same code. Both have been patched to fix this issue.
1a8807c1c97e97b6cf8af38ad94c0f12afed0808ef6f0169b73e64b3b4d7a808
Mandriva Linux Security Advisory 2014-199 - Updated perl and perl-Data-Dumper packages fixes security The Dumper method in Data::Dumper before 2.154, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. The Data::Dumper module bundled with perl and the perl-Data-Dumper packages has been updated to fix this issue.
dc19d5d4be63100b1a9dbb64cf7587bae6e7a38cfaf80f976586d0016b2ee1e6
This exploit abuses a vulnerability in the HP Data Protector. The vulnerability exists in the Backup client service, which listens by default on TCP/5555. The EXEC_INTEGUTIL request allows to execute arbitrary commands from a restricted directory. Since it includes a perl executable, it's possible to use an EXEC_INTEGUTIL packet to execute arbitrary code. On linux targets, the perl binary isn't on the restricted directory, but an EXEC_BAR packet can be used to access the perl binary, even in the last version of HP Data Protector for linux. This Metasploit module has been tested successfully on HP Data Protector 9 over Windows 2008 R2 64 bits and CentOS 6 64 bits.
532410fb174f7f3d0672bb77c79174e37f6739ffde13774940b5b666f7c88240
Gentoo Linux Security Advisory 201410-2 - Multiple vulnerabilities have been found in Perl Locale-Maketext module, allowing remote attackers to inject and execute arbitrary Perl code. Versions prior to 1.230.0 are affected.
32e6d90b5adea67193c65f6bf16d55c5ac579bb688c5b448f47a833c088fc51c
The debugenableplugins request parameter in Twiki versions 4.x, 5.x, and 6.0.0 allows arbitrary Perl code execution.
7e6bafc3f4e27a15de8ac1ae847247abec86cca045f3b86848aeae7d24f79d02
Mandriva Linux Security Advisory 2014-192 - The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service via an empty quoted string in an RFC 2822 address. The Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service via vectors related to backtracking into the phrase.
fd50ca84aa78f0224f164d19ccc837e9fe063dbb1cb0e10514545665ccda3d3d
Mandriva Linux Security Advisory 2014-191 - The mkxmltype and mkdtskel scripts provided in perl-XML-DT allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.
1cf9c6f1fe3daede8b43bab97142f9d19a3b4444639c60766d3b82d501a4862d
GNU Bash versions 4.3 and below remote command injection exploit that leverages the REFERER header on vulnerable CGI scripts. Launches a connect-back shell. Written in Perl.
19dfcfb3d85be26b41d2f9316ffaebf7de4fe7c3b8fd4d6b1cf6a55a6f1ba395
A stack overflow was discovered when serializing data via the Data::Dumper extension which is part of Perl-Core. By using the "Dumper" method on a large Array-Reference which recursively contains other Array-References, it is possible to cause many recursive calls to the DD_dump native function and ultimately exhaust all available stack memory.
5739d0c214a552e16df8c1827940aaed394eeceffff1b5e158eb34f54598672a
Kakilles is a perl script that spawns an HTTP proxy and lets you modify user-agent, content, and cookie headers.
d2e2153f6e4d656992f7440b3cb89926277a075073424d269287da5e78c20038
ClapTrap is an IRC bot written in perl that performs various attacks against web applications.
40e026e9f6bdf057264e44d1c1b026d66bddea6425af62879e5804c3dbfc677a
Paranoic is a simple vulnerability scanner written in Perl.
dab89a511b987be36693b6be78738052be66e63dceda5ce2baa3684d5850c598
Ubuntu Security Notice 2292-1 - It was discovered that the LWP::Protocol::https perl module incorrectly disabled peer certificate verification completely when only hostname verification was requested to be disabled. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be exploited in certain scenarios to alter or compromise confidential information in applications that used the LWP::Protocol::https module.
04124159814afda52855f16ba5f872746057725d6ed57e3e9e8e74d49f9a14f0
Debian Linux Security Advisory 2969-1 - Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the application.
a83f23287604c42c60b88d579639ae305d020bfe95bbe0985afe821df9d5acaa
This Metasploit module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the update_system_info_debian_package method uses perl backticks in an insecure way, allowing command injection. This Metasploit module has been tested successfully on AlienVault 4.6.0.
f41d6bd5cd5cf9bdeabe5b3bc68136db162011629dbe4d4e9286da318c9234c8
Mandriva Linux Security Advisory 2014-069 - Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The perl-YAML-LibYAML package is being updated as it contains an embedded copy of LibYAML.
7780c075cd1933fc997c7782f56a049a03ed5df420f176a747880ed4304ee9f9
This Perl script listens on TCP port 443 and responds with completely bogus SSL heartbeat responses, unless it detects the start of a byte pattern similar to that used in Jared Stafford's (jspenguin@jspenguin.org) demo for CVE-2014-0160 'Heartbleed'. Run as root for the privileged port. Outputs IPs of suspected heartbleed scan to the console. Rickrolls scanner in the hex dump.
796ad9cc3fad4c720764e5e9bf2d2d16466658b294a8ea3c9c7312235cba21cd
Ubuntu Security Notice 2161-1 - Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled certain large YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Ivan Fratric discovered that libyaml-libyaml-perl incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
40ba76175d55d2cd3a01708a25f19c6fad7553363aaf45f025c92809f7375e03
Red Hat Security Advisory 2014-0322-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. A denial of service flaw was found in the way snmpd, the Net-SNMP daemon, handled subagent timeouts. A remote attacker able to trigger a subagent timeout could use this flaw to cause snmpd to loop infinitely or crash.
82b41a8b11f98433502f365e31a509572e514c0d50441c3f75ead69dbd1d31f9