ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.
ecb0015dcaf2c33676782b33e8df8f700c71993eb29d2d41c8dc2453fdec7dc0
Gentoo Linux Security Advisory 201310-1 - The Module-Signature module for Perl has insufficient path checks, allowing a remote attacker to execute arbitrary Perl code. Versions prior to 0.720.0 are affected.
d76431bf795a9a68e8e81a1cf6605346ceaf60cda57f5cf6b58e47871ba66919
Mandriva Linux Security Advisory 2013-241 - The Crypt::DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack. The updated packages have been patched to correct this issue.
8bf65c0836d8b1066a9f09c8a587483fb026967a49173ae948aff56262dedc39
This Metasploit module abuses a command injection on the clear_keys.pl perl script, installed with the Sophos Web Protection Appliance, to escalate privileges from the "spiderman" user to "root". This Metasploit module is useful for post exploitation of vulnerabilities on the Sophos Web Protection Appliance web ui, executed by the "spiderman" user. This Metasploit module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.
7b650af9e32cadfdd3be9e6255740c3a5d42d0ac1627d52bec5e8e35f7e5b29b
HP Security Bulletin HPSBUX02928 SSRT101274 - A potential security vulnerability has been identified with HP-UX perl. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
73b1f8d39bc87d53488b09c086a43bc36c368ff93120f11dce1b504cdf8ad715
Mandriva Linux Security Advisory 2013-216 - ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
e270d97c7c30cd1dfa32136b75cbfb5d2f2f8687db2bbac9746b8e5e5f17ef6a
This python script allows execution of a command with an arbitrary number of arguments. The trick calls 'perl.exe' interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of executing only a single command without any parameter, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.
f3af687e6ae93d7108daba5565a341cceceb6c51dd70cc03120b8c1910bc8e5c
This Metasploit module allows execution of a command with an arbitrary number of arguments on Microsoft Windows operating systems. The trick calls a perl.exe interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of execute only a single command without parameters, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.
5f0f9f62015fe421d3fb88ace93c276d32b36986aa82809a47927f87e8803536
Ubuntu Security Notice 1896-1 - Florian Weimer discovered that the Module::Signature perl module incorrectly loaded unknown ciphers from relative directories. An attacker could possibly use this flaw to execute arbitrary code when a signature is verified.
cd9b66aa4310380ddd651277bec994c6ab25f0629793f8f40a7b052a5a172fe4
Mandriva Linux Security Advisory 2013-185 - Updated perl-Module-Signature package fixes CVE-2013-2145. Arbitrary code execution vulnerability in Module::Signature before 0.72.
c7e5d5ed176a33a19145b6155e1725b3cb982169c35e3e86fd5f5833bf0d01e6
Mandriva Linux Security Advisory 2013-184 - Updated perl-Dancer package fixes CVE-2012-5572. A security flaw was found in the way Dancer.pm, lightweight yet powerful web application framework / Perl language module, performed sanitization of values to be used for cookie() and cookies() methods. A remote attacker could use this flaw to inject arbitrary headers into responses from applications, that use Dancer.pm.
5e4cd0dafb01b5590970bbb3187e0e97b40f6c3f624e3f8d33655f466899e46f
This exploit leverages an eval() bug in the PHP Charts library allowing for remote code execution. A reverse shell is delivered using Perl.
029603a16bd1c86cec4981c7cc5216c1aedd6bad4d2e981fafffc02c8f122825
Exploit for the PHP-CGI argument injection vulnerability disclosed in 2012. Has file uploading, inline shell spawning, and both python and perl reverse shell implementations using an earlier version of the "payload" library written for such exploits.
e1af41b9b973cb570db69238e6f14f4459e72926e687318f078562f00ce29e0f
Web Soul is a plugin based scanner for attacking and data mining web sites. Written in Perl.
ca415409ae86c574f541ca482e698ed751209791460f27cc6c8ca5dd4207e578
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
3b2947bf4d64b74f768c68b078f4aaf945a5e27bd994d54ce9fbcdf4a1c6deaa
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
4f757159338ee6e63f859bc3c49ed500a016a2a867b2429a8d306a45d48845e9
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
c6e174c18581fce43c4bc758b394ba7aece5cd0e7c20611db6c5335514b392f7
This Metasploit module exploits a vulnerability found in GroundWork 6.7.0. This software is used for network, application and cloud monitoring. The vulnerability exists in the monarch_scan.cgi, where user controlled input is used in the perl qx function, which allows any remote authenticated attacker, whatever his privileges are, to inject system commands and gain arbitrary code execution. The module has been tested successfully on GroundWork 6.7.0-br287-gw1571 as distributed within the Ubuntu 10.04 based VM appliance.
4f033af844cdd623331a0bd422e02eb8ac32fdbef2908dd0e003506fe068e0b1
ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.
aec14a937bbc7b54b411e858d71799f4d45d60a0a002a29bca604e2bf90dccff
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
9091940649a7e9824b7248b37dcfe51260269b16b58e4712971cf4f21a81d105
Mandriva Linux Security Advisory 2013-113 - It was discovered that Perl's 'x' string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code. Various other issues were also addressed.
d121a52e5d21e1a1d884bfa0b4351192f0257e3310ec24006cce477233f1c93a
Mandriva Linux Security Advisory 2013-086 - contrib/pdfmark/pdfroff.sh in GNU troff before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. The contrib/gdiffmk/tests/runtests.in scripts in GNU troff 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. The contrib/eqn2graph/eqn2graph.sh, contrib/pic2graph/pic2graph.sh scripts in GNU troff 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. The contrib/groffer/perl/roff2.pl scripts in GNU troff 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. The updated packages have been patched to correct these issues.
0de17ba22272b3a3d36b067a2beabe8eb38298c3d26a34deb5b497588491615c
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
5c72669b877d940ffaae5144aa3ab5ba0497fcbc93e5c1828e49dcfce655d715
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
a54666e93f8139c9c290eb8d0f049a718401c5cb7c9ff5e4da4b80f47982adb0
Red Hat Security Advisory 2013-0685-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption.
ac3fdd7299785f237b23d812f30be939d6a7f1979b5d7e5891f630a611337ac3