what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 201 - 225 of 1,430 RSS Feed

Perl Files

IP Phone Scanning Made Easy 0.12
Posted Oct 8, 2013
Authored by Cedric Baillet | Site freecode.com

ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.

Changes: This release adds a new SIP Scanner (UDP or TCP) module with administration services detection and information gathering on SIP UA or server. Threads have been implemented in the launcher. Several tools can now be used at the same time.
tags | tool, web, scanner, perl
systems | unix
SHA-256 | ecb0015dcaf2c33676782b33e8df8f700c71993eb29d2d41c8dc2453fdec7dc0
Gentoo Linux Security Advisory 201310-01
Posted Oct 4, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-1 - The Module-Signature module for Perl has insufficient path checks, allowing a remote attacker to execute arbitrary Perl code. Versions prior to 0.720.0 are affected.

tags | advisory, remote, arbitrary, perl
systems | linux, gentoo
advisories | CVE-2013-2145
SHA-256 | d76431bf795a9a68e8e81a1cf6605346ceaf60cda57f5cf6b58e47871ba66919
Mandriva Linux Security Advisory 2013-241
Posted Sep 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-241 - The Crypt::DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack. The updated packages have been patched to correct this issue.

tags | advisory, remote, perl, spoof
systems | linux, mandriva
advisories | CVE-2011-3599
SHA-256 | 8bf65c0836d8b1066a9f09c8a587483fb026967a49173ae948aff56262dedc39
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
Posted Sep 17, 2013
Authored by Francisco Falcon, juan vazquez | Site metasploit.com

This Metasploit module abuses a command injection on the clear_keys.pl perl script, installed with the Sophos Web Protection Appliance, to escalate privileges from the "spiderman" user to "root". This Metasploit module is useful for post exploitation of vulnerabilities on the Sophos Web Protection Appliance web ui, executed by the "spiderman" user. This Metasploit module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.

tags | exploit, web, root, perl, vulnerability
advisories | CVE-2013-4984, OSVDB-97028
SHA-256 | 7b650af9e32cadfdd3be9e6255740c3a5d42d0ac1627d52bec5e8e35f7e5b29b
HP Security Bulletin HPSBUX02928 SSRT101274
Posted Sep 11, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02928 SSRT101274 - A potential security vulnerability has been identified with HP-UX perl. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, perl
systems | hpux
advisories | CVE-2013-1667
SHA-256 | 73b1f8d39bc87d53488b09c086a43bc36c368ff93120f11dce1b504cdf8ad715
Mandriva Linux Security Advisory 2013-216
Posted Aug 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-216 - ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.

tags | advisory, arbitrary, local, perl
systems | linux, mandriva
advisories | CVE-2011-4363
SHA-256 | e270d97c7c30cd1dfa32136b75cbfb5d2f2f8687db2bbac9746b8e5e5f17ef6a
HP Data Protector Arbitrary Remote Command Execution
Posted Aug 7, 2013
Authored by Alessandro Di Pinto, Claudio Moletta

This python script allows execution of a command with an arbitrary number of arguments. The trick calls 'perl.exe' interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of executing only a single command without any parameter, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.

tags | exploit, arbitrary, perl, python
advisories | CVE-2011-0923, OSVDB-72526
SHA-256 | f3af687e6ae93d7108daba5565a341cceceb6c51dd70cc03120b8c1910bc8e5c
HP Data Protector Arbitrary Remote Command Execution
Posted Aug 7, 2013
Authored by Alessandro Di Pinto, Claudio Moletta | Site metasploit.com

This Metasploit module allows execution of a command with an arbitrary number of arguments on Microsoft Windows operating systems. The trick calls a perl.exe interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of execute only a single command without parameters, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.

tags | exploit, arbitrary, perl
systems | windows
advisories | CVE-2011-0923, OSVDB-72526
SHA-256 | 5f0f9f62015fe421d3fb88ace93c276d32b36986aa82809a47927f87e8803536
Ubuntu Security Notice USN-1896-1
Posted Jul 3, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1896-1 - Florian Weimer discovered that the Module::Signature perl module incorrectly loaded unknown ciphers from relative directories. An attacker could possibly use this flaw to execute arbitrary code when a signature is verified.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2013-2145
SHA-256 | cd9b66aa4310380ddd651277bec994c6ab25f0629793f8f40a7b052a5a172fe4
Mandriva Linux Security Advisory 2013-185
Posted Jun 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-185 - Updated perl-Module-Signature package fixes CVE-2013-2145. Arbitrary code execution vulnerability in Module::Signature before 0.72.

tags | advisory, arbitrary, perl, code execution
systems | linux, mandriva
advisories | CVE-2013-2145
SHA-256 | c7e5d5ed176a33a19145b6155e1725b3cb982169c35e3e86fd5f5833bf0d01e6
Mandriva Linux Security Advisory 2013-184
Posted Jun 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-184 - Updated perl-Dancer package fixes CVE-2012-5572. A security flaw was found in the way Dancer.pm, lightweight yet powerful web application framework / Perl language module, performed sanitization of values to be used for cookie() and cookies() methods. A remote attacker could use this flaw to inject arbitrary headers into responses from applications, that use Dancer.pm.

tags | advisory, remote, web, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2012-5572
SHA-256 | 5e4cd0dafb01b5590970bbb3187e0e97b40f6c3f624e3f8d33655f466899e46f
PHP Charts 1.0 Remote Code Execution
Posted Jun 26, 2013
Authored by infodox

This exploit leverages an eval() bug in the PHP Charts library allowing for remote code execution. A reverse shell is delivered using Perl.

tags | exploit, remote, shell, perl, php, code execution
SHA-256 | 029603a16bd1c86cec4981c7cc5216c1aedd6bad4d2e981fafffc02c8f122825
PHP-CGI Argument Injection
Posted Jun 26, 2013
Authored by infodox

Exploit for the PHP-CGI argument injection vulnerability disclosed in 2012. Has file uploading, inline shell spawning, and both python and perl reverse shell implementations using an earlier version of the "payload" library written for such exploits.

tags | exploit, shell, cgi, perl, php, python, file upload
systems | unix
advisories | CVE-2012-1823
SHA-256 | e1af41b9b973cb570db69238e6f14f4459e72926e687318f078562f00ce29e0f
Web Soul 2 Scanner
Posted Jun 17, 2013
Authored by Am!r | Site irist.ir

Web Soul is a plugin based scanner for attacking and data mining web sites. Written in Perl.

tags | tool, web, scanner, perl
systems | unix
SHA-256 | ca415409ae86c574f541ca482e698ed751209791460f27cc6c8ca5dd4207e578
360-FAAR Firewall Analysis Audit And Repair 0.4.6
Posted Jun 5, 2013
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release fixes netscreen group name translation bugs. Empty groups are not matched in build_rules subs. Comments are output in set name statements in policy id mode for netscreen rulebases. Netscreen rule name strings are added with rule descriptions and net ranges are translated as ranges. Some default services have been updated with a few new services definitions. rr mode nat defaults added - the same as yes defaults with CIDR filter NAT translations switched on.
tags | tool, perl
systems | unix
SHA-256 | 3b2947bf4d64b74f768c68b078f4aaf945a5e27bd994d54ce9fbcdf4a1c6deaa
360-FAAR Firewall Analysis Audit And Repair 0.4.5
Posted May 25, 2013
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release fixes rulebase output bugs when using the 'cl' option in 'rr' mode. Netscreen rulebase numbers now output usable rule numbers in 'cl' rulebases. The ctrl-c panic when reading logs is fixed. 'rr' mode 'log' defaults now switch off 'Any' rule to object and service object resolution. New 'rr' mode 'res' defaults now switch on most resolution and matching options.
tags | tool, perl
systems | unix
SHA-256 | 4f757159338ee6e63f859bc3c49ed500a016a2a867b2429a8d306a45d48845e9
360-FAAR Firewall Analysis Audit And Repair 0.4.4
Posted May 19, 2013
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release adds the "resolve services from 'Any' objects" and the "resolve 'Any' network objects to known nets" option to the 'rr' mode. These new 'rr' mode options require that a log file is loaded and that the output policy is filtered using it. When connectivity is found in the logs that matches a policy instance with the 'Any' service specified, the proto and port or known supernet from the logs are used in the output policy. Resolved objects are reported during the rule build stages and should be added manually.
tags | tool, perl
systems | unix
SHA-256 | c6e174c18581fce43c4bc758b394ba7aece5cd0e7c20611db6c5335514b392f7
GroundWork monarch_scan.cgi OS Command Injection
Posted Apr 24, 2013
Authored by Johannes Greil, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in GroundWork 6.7.0. This software is used for network, application and cloud monitoring. The vulnerability exists in the monarch_scan.cgi, where user controlled input is used in the perl qx function, which allows any remote authenticated attacker, whatever his privileges are, to inject system commands and gain arbitrary code execution. The module has been tested successfully on GroundWork 6.7.0-br287-gw1571 as distributed within the Ubuntu 10.04 based VM appliance.

tags | exploit, remote, arbitrary, cgi, perl, code execution
systems | linux, ubuntu
advisories | OSVDB-91051
SHA-256 | 4f033af844cdd623331a0bd422e02eb8ac32fdbef2908dd0e003506fe068e0b1
IP Phone Scanning Made Easy 0.10
Posted Apr 15, 2013
Authored by Cedric Baillet | Site freecode.com

ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.

Changes: Added a new tool in exploit section to detect Aastra IP Phones suffering from the hardcoded telnet login/password.
tags | tool, web, scanner, perl
systems | unix
SHA-256 | aec14a937bbc7b54b411e858d71799f4d45d60a0a002a29bca604e2bf90dccff
360-FAAR Firewall Analysis Audit And Repair 0.4.3
Posted Apr 14, 2013
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release adds the 'hc' option to build rules in 'rr' mode and arrange the most hit new rules at the top. Added 'log' defaults to 'rr' mode, this selects the same new defaults but chooses 'yes' in filter with logs. Fixes bug in 'load' mode so it doesnt try to load logs and nats from '.' when you skip loading these files. Various other additions and fixes.
tags | tool, perl
systems | unix
SHA-256 | 9091940649a7e9824b7248b37dcfe51260269b16b58e4712971cf4f21a81d105
Mandriva Linux Security Advisory 2013-113
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-113 - It was discovered that Perl's 'x' string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2012-5195, CVE-2012-6329, CVE-2013-1667
SHA-256 | d121a52e5d21e1a1d884bfa0b4351192f0257e3310ec24006cce477233f1c93a
Mandriva Linux Security Advisory 2013-086
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-086 - contrib/pdfmark/pdfroff.sh in GNU troff before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. The contrib/gdiffmk/tests/runtests.in scripts in GNU troff 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. The contrib/eqn2graph/eqn2graph.sh, contrib/pic2graph/pic2graph.sh scripts in GNU troff 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. The contrib/groffer/perl/roff2.pl scripts in GNU troff 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. The updated packages have been patched to correct these issues.

tags | advisory, arbitrary, local, perl
systems | linux, mandriva
advisories | CVE-2009-5044, CVE-2009-5079, CVE-2009-5080, CVE-2009-5081
SHA-256 | 0de17ba22272b3a3d36b067a2beabe8eb38298c3d26a34deb5b497588491615c
360-FAAR Firewall Analysis Audit And Repair 0.4.2
Posted Apr 9, 2013
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release adds the 'cl' option to clean/filter original rules, in 'rr' mode, and allows output of service priority rules as well as the original dst src priority rule build. The 'rr' mode menu has been simplified further. Starting the script without any options now starts load mode to add at least one config. This release fixes a bug in the 'any' object matching, 'any' should now be matched from logs. The rashfilter hash tree format has been changed to match the order of the other rule processing hashes: mergebase, filterbase and rulegroups, this should reduce memory use slightly.
tags | tool, perl
systems | unix
SHA-256 | 5c72669b877d940ffaae5144aa3ab5ba0497fcbc93e5c1828e49dcfce655d715
360-FAAR Firewall Analysis Audit And Repair 0.4.1
Posted Apr 2, 2013
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release adds the 'mergelog' mode to merge binary log entries from one config with another and significantly updates the user interface. All configs can be loaded from the 'load' menu instead of specifying them on the command line. Added 'verbose' switches to 'print' and 'rr' modes so that screen output can be switched off, and all 'end.' key words have been changed to simply '.' to reduce the number of keystrokes needed. Entering '0' now adds all options and '.' chooses the default if available. The Netscreen output stage now uses a default zone if none are specified.
tags | tool, perl
systems | unix
SHA-256 | a54666e93f8139c9c290eb8d0f049a718401c5cb7c9ff5e4da4b80f47982adb0
Red Hat Security Advisory 2013-0685-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0685-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption.

tags | advisory, web, denial of service, overflow, arbitrary, perl
systems | linux, redhat
advisories | CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, CVE-2013-1667
SHA-256 | ac3fdd7299785f237b23d812f30be939d6a7f1979b5d7e5891f630a611337ac3
Page 9 of 58
Back7891011Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close