Red Hat Security Advisory 2014-0321-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file.
eed20b6823d411b76ec67ad4e096e4db4919dcef35c74801bb53e46ffbac5c15Debian Linux Security Advisory 2873-2 - It was discovered that the recent file update, DSA-2873-1, introduced a regression in the recognition of Perl scripts containing BEGIN code blocks.
139056d024e837938143454b0c60fea8616e2792361357360989db9949788139Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
789cc84a21faf669da81e648eead2e62654cfbe0b2d927119d8b1e55b22b65c3Mandriva Linux Security Advisory 2014-062 - Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620. SA51201. The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues.
27b82adda7cb7ed9776d3685dcfbfc3fe196fe892f153a6b846e4276aa1cd841Mandriva Linux Security Advisory 2014-060 - Imapsync, by default, runs a release check when executed, which causes imapsync to connect to http://imapsync.lamiral.info and send information about the version of imapsync, the operating system and perl. The imapsync package has been patched to disable this feature. In imapsync before 1.584, a certificate verification failure when using the --tls option results in imapsync attempting a cleartext login.
d7179931ea113dcaae71ae75cb498eeb6441d0deded88193dfac9bedc9b4b1b6Mandriva Linux Security Advisory 2014-052 - Remotely exploitable denial of service vulnerability in Net-SNMP, in the Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it is making use of the ICMP-MIB table objects. Remotely exploitable denial of service vulnerability in Net-SNMP, in snmptrapd, due to how it handles trap requests with an empty community string when the perl handler is enabled.
5321b6a85466163f258effee601462d0d873c80a7e36fa1ba6faaf05959c81dcKloxo remote root exploit that leverages a blind SQL injection and injects a perl connect back shell (/bin/sh) with root privilege.
213c3c585b47a14933b6124a7f1920fbb8c4e5c0810f0b6ed489b24fed1bacf7This is a small perl script called NTP DRDoS which is a denial of service tool for use against NTP.
aace077f2d1467ac05f3510cdb0dd50536eb654724f84af89c96b51140890230FantaGhost is a perl script that assists with penetration testing by scanning for hidden directories and pages.
d371bb05da37e66d3eaf99b61f1c5b87c7c22a1ec2a2da466d32ec49b6648899Ubuntu Security Notice 2099-1 - It was discovered that Perl's Locale::Maketext module incorrectly handled backslashes and fully qualified method names. An attacker could possibly use this flaw to execute arbitrary code when an application used untrusted templates.
da5f11c08898e9ebb91735f266683b787a02a7ceb86277819ba80fa40377ef5cGentoo Linux Security Advisory 201402-4 - Multiple vulnerabilities have been found in libwww-perl, the worst of which could allow attackers to execute arbitrary code. Versions less than 6.30.0 are affected.
fcf4a9d24a64af0d45ccfe4eeeaac5b293d0ff2ab6df35386844d9029a6651cfGentoo Linux Security Advisory 201401-33 - A vulnerability has been found in the Digest-Base Perl module, allowing remote attackers to execute arbitrary code. Versions less than 1.170.0 are affected.
073b067938255df59111607a647be7a61207ceda164ae0bab0a2f2e8b3d64f0fMandriva Linux Security Advisory 2014-021 - It was reported that perl-Proc-Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666, allowing any user on the system to overwrite it.
05feabcd42048ef05480549d29b92bb9644404398225353fca335e295da4c1c2Gentoo Linux Security Advisory 201401-11 - Multiple vulnerabilities have been found in Perl and Locale::Maketext Perl module, the worst of which could allow a context-dependent attacker to execute arbitrary code. Versions less than 5.16.3 are affected.
92d8d5759a27b001185c6521fec4e8b39a433512603eecfa0564f8a319809a00dnsenum is a perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. It has been completely revamped.
c2583590e7431b48cb755b13575728b862ffe0778fc9ab445785f32899455590This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability.
7ce9af081371d3aac6a99db29aef3d8887c46d12ee280d8061b70faa5799c0f2Gentoo Linux Security Advisory 201311-17 - Multiple vulnerabilities were found in Perl, the worst of which could allow a local attacker to cause a Denial of Service condition. Versions less than 5.12.3-r1 are affected.
17bc7911b1233ec593e55fce4bd6168ee82f0df54d00136756cc65e61e2a42aaThis Metasploit module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The vulnerability exists on the web fronted, specifically on the np_handler.pl component, due to the insecure usage of the eval() perl function. This Metasploit module has been tested successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real hardware.
bde67c6d5bd2eaadf289392fe66c898b1b40583f113cc479740f75c0912c0b93Mandriva Linux Security Advisory 2013-282 - Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could potentially execute commands on the server if these temporary filenames are used in subsequent commands without further checks.
ae8a09f529384327fb193842fcebddd1a96d9cfda45247e283628ee923156f50Debian Linux Security Advisory 2801-1 - Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could potentially execute commands on the server if these temporary filenames are used in subsequent commands without further checks.
ab519a2ad25a4dd355fa972fa98e656f4b1f2cc7c32d2e60a9114ecd18c29725MorxCrack is a cracking tool written in Perl to perform a dictionary-based attack on various hashing algorithm and CMS salted-passwords.
3469672d2407862ceff8521d2671628ae33a178e865f4763afa9a0696e861072MorXBrute is a customizable HTTP dictionary-based password cracking tool written in Perl. MorXBrute comes with a few payloads for some of the more popular software used and additionally lets you add your own payloads. MorXBrute supports both GET and POST brute forcing.
ed4fe1e137b11ec8313a821cd13394c1d7af7620e2f8a182f3dbf4af9349d837WatchGuard Firewall XTM version 11.7.4u1 suffers from a remote buffer overflow vulnerability in the handling of the sessionid cookie. This is the perl version of the exploit.
45ceb4ca62ced50ff5102abdde412ea0e3161ebbaec885e97cd203a93e46c185FantaGhost is a perl script that assists with penetration testing by scanning for hidden directories and pages.
de3d7da80da7a9e25f88605774eee513ce090e983c4a83f3f0bae900bb0affb7Gentoo Linux Security Advisory 201310-11 - An insecure temporary file usage has been reported in the Perl Parallel-ForkManager module, possibly allowing symlink attacks. Versions less than 1.20.0 are affected.
55ba6a531a616f0a3152dc079409941b84363ffbd17b75937fab39b1ccd25d83
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed