This Metasploit module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the update_system_info_debian_package method uses perl backticks in an insecure way, allowing command injection. This Metasploit module has been tested successfully on AlienVault 4.6.0.
f41d6bd5cd5cf9bdeabe5b3bc68136db162011629dbe4d4e9286da318c9234c8Mandriva Linux Security Advisory 2014-069 - Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The perl-YAML-LibYAML package is being updated as it contains an embedded copy of LibYAML.
7780c075cd1933fc997c7782f56a049a03ed5df420f176a747880ed4304ee9f9This Perl script listens on TCP port 443 and responds with completely bogus SSL heartbeat responses, unless it detects the start of a byte pattern similar to that used in Jared Stafford's (jspenguin@jspenguin.org) demo for CVE-2014-0160 'Heartbleed'. Run as root for the privileged port. Outputs IPs of suspected heartbleed scan to the console. Rickrolls scanner in the hex dump.
796ad9cc3fad4c720764e5e9bf2d2d16466658b294a8ea3c9c7312235cba21cdUbuntu Security Notice 2161-1 - Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled certain large YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Ivan Fratric discovered that libyaml-libyaml-perl incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
40ba76175d55d2cd3a01708a25f19c6fad7553363aaf45f025c92809f7375e03Red Hat Security Advisory 2014-0322-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. A denial of service flaw was found in the way snmpd, the Net-SNMP daemon, handled subagent timeouts. A remote attacker able to trigger a subagent timeout could use this flaw to cause snmpd to loop infinitely or crash.
82b41a8b11f98433502f365e31a509572e514c0d50441c3f75ead69dbd1d31f9Red Hat Security Advisory 2014-0321-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file.
eed20b6823d411b76ec67ad4e096e4db4919dcef35c74801bb53e46ffbac5c15Debian Linux Security Advisory 2873-2 - It was discovered that the recent file update, DSA-2873-1, introduced a regression in the recognition of Perl scripts containing BEGIN code blocks.
139056d024e837938143454b0c60fea8616e2792361357360989db9949788139Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
789cc84a21faf669da81e648eead2e62654cfbe0b2d927119d8b1e55b22b65c3Mandriva Linux Security Advisory 2014-062 - Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620. SA51201. The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues.
27b82adda7cb7ed9776d3685dcfbfc3fe196fe892f153a6b846e4276aa1cd841Mandriva Linux Security Advisory 2014-060 - Imapsync, by default, runs a release check when executed, which causes imapsync to connect to http://imapsync.lamiral.info and send information about the version of imapsync, the operating system and perl. The imapsync package has been patched to disable this feature. In imapsync before 1.584, a certificate verification failure when using the --tls option results in imapsync attempting a cleartext login.
d7179931ea113dcaae71ae75cb498eeb6441d0deded88193dfac9bedc9b4b1b6Mandriva Linux Security Advisory 2014-052 - Remotely exploitable denial of service vulnerability in Net-SNMP, in the Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it is making use of the ICMP-MIB table objects. Remotely exploitable denial of service vulnerability in Net-SNMP, in snmptrapd, due to how it handles trap requests with an empty community string when the perl handler is enabled.
5321b6a85466163f258effee601462d0d873c80a7e36fa1ba6faaf05959c81dcKloxo remote root exploit that leverages a blind SQL injection and injects a perl connect back shell (/bin/sh) with root privilege.
213c3c585b47a14933b6124a7f1920fbb8c4e5c0810f0b6ed489b24fed1bacf7This is a small perl script called NTP DRDoS which is a denial of service tool for use against NTP.
aace077f2d1467ac05f3510cdb0dd50536eb654724f84af89c96b51140890230FantaGhost is a perl script that assists with penetration testing by scanning for hidden directories and pages.
d371bb05da37e66d3eaf99b61f1c5b87c7c22a1ec2a2da466d32ec49b6648899Ubuntu Security Notice 2099-1 - It was discovered that Perl's Locale::Maketext module incorrectly handled backslashes and fully qualified method names. An attacker could possibly use this flaw to execute arbitrary code when an application used untrusted templates.
da5f11c08898e9ebb91735f266683b787a02a7ceb86277819ba80fa40377ef5cGentoo Linux Security Advisory 201402-4 - Multiple vulnerabilities have been found in libwww-perl, the worst of which could allow attackers to execute arbitrary code. Versions less than 6.30.0 are affected.
fcf4a9d24a64af0d45ccfe4eeeaac5b293d0ff2ab6df35386844d9029a6651cfGentoo Linux Security Advisory 201401-33 - A vulnerability has been found in the Digest-Base Perl module, allowing remote attackers to execute arbitrary code. Versions less than 1.170.0 are affected.
073b067938255df59111607a647be7a61207ceda164ae0bab0a2f2e8b3d64f0fMandriva Linux Security Advisory 2014-021 - It was reported that perl-Proc-Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666, allowing any user on the system to overwrite it.
05feabcd42048ef05480549d29b92bb9644404398225353fca335e295da4c1c2Gentoo Linux Security Advisory 201401-11 - Multiple vulnerabilities have been found in Perl and Locale::Maketext Perl module, the worst of which could allow a context-dependent attacker to execute arbitrary code. Versions less than 5.16.3 are affected.
92d8d5759a27b001185c6521fec4e8b39a433512603eecfa0564f8a319809a00dnsenum is a perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. It has been completely revamped.
c2583590e7431b48cb755b13575728b862ffe0778fc9ab445785f32899455590This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability.
7ce9af081371d3aac6a99db29aef3d8887c46d12ee280d8061b70faa5799c0f2Gentoo Linux Security Advisory 201311-17 - Multiple vulnerabilities were found in Perl, the worst of which could allow a local attacker to cause a Denial of Service condition. Versions less than 5.12.3-r1 are affected.
17bc7911b1233ec593e55fce4bd6168ee82f0df54d00136756cc65e61e2a42aaThis Metasploit module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The vulnerability exists on the web fronted, specifically on the np_handler.pl component, due to the insecure usage of the eval() perl function. This Metasploit module has been tested successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real hardware.
bde67c6d5bd2eaadf289392fe66c898b1b40583f113cc479740f75c0912c0b93Mandriva Linux Security Advisory 2013-282 - Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could potentially execute commands on the server if these temporary filenames are used in subsequent commands without further checks.
ae8a09f529384327fb193842fcebddd1a96d9cfda45247e283628ee923156f50Debian Linux Security Advisory 2801-1 - Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could potentially execute commands on the server if these temporary filenames are used in subsequent commands without further checks.
ab519a2ad25a4dd355fa972fa98e656f4b1f2cc7c32d2e60a9114ecd18c29725
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed