Searching perl software vulnerabilities

In IIS, an attacker could determine a real path

non-existent | interpreted | determine | attacker | request | would | using | could | Perl | path | real | IIS | URL |

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe) .


Perl, sh, csh, or other shell interpreters are

interpreters | installed | directory | arbitrary | attackers | commands | execute | cgi-bin | allows | remote | shell | other | which | Perl | site | csh |

Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands.


statsconfig.pl in OmniHTTPd 2.07 allows remote

statsconfigpl | OmniHTTPd |

statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script.


Directory traversal vulnerability in ans.pl in

vulnerability | Avenger's | Directory | traversal | System | anspl | News |

Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. (dot dot) in the p parameter, which reads the target file and attempts to execute the line using Perl's eval function.


CGIScript.net csNews.cgi allows remote authenti

metacharacters | authenticated | CGIScriptnet | terminating | capability | Settings" | "Advanced | arbitrary | csNewscgi | execute | quotes | fields | remote | allows | users | code | Perl | text | via |

CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability.


The Apache configuration file (httpd.conf) in O

configuration | Apache | file |

The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.


csLiveSupport.cgi in CGIScript.net csLiveSuppor

csLiveSupportcgi | csLiveSupport | CGIScriptnet | attackers | arbitrary | parameter | processed | function | execute | allows | remote | which | setup | eval | Perl | code | via |

csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.


csChatRBox.cgi in CGIScript.net csChat-R-Box al

csChatRBoxcgi | csChat-R-Box | CGIScriptnet | attackers | arbitrary | parameter | processed | function | execute | allows | remote | which | setup | eval | Perl | code | via |

csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.


csNewsPro.cgi in CGIScript.net csNews Professio

Professional | CGIScriptnet | csNewsProcgi | csNews |

csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.


Directory traversal vulnerability in Perl-HTTPd

vulnerability | Perl-HTTPd | Directory | traversal | before |

Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. (dot dot) in an unknown argument.


Buffer overflow in the CGI2PERL.NLM PERL handle

CGI2PERLNLM | attackers | overflow | Netware | service | handler | denial | Buffer | remote | allows | Novell | cause | PERL |

Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string.


Perl 5.8.1 on Fedora Core does not properly ini

Perl |

Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.


The DBI library (libdbi-perl) for Perl allows l

library | DBI |

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.


Buffer overflow in the PerlIO implementation in

implementation | overflow | PerlIO | Buffer | Perl |

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.


Integer overflow in the format string functiona

functionality | overflow | Integer | string | format |

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.


Sudo before 1.6.8 p12, when the Perl taint flag

before | Sudo |

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.


Unspecified vulnerability in Positive Software

vulnerability | Corporation | Unspecified | Software | Positive | CP+ |

Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to has unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure.


login.pl in SQL-Ledger before 2.6.21 and Ledger

SQL-Ledger | loginpl | before |

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.


PerlRun.pm in Apache mod_perl before 1.30, and

PerlRunpm | mod_perl | before | Apache |

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.


The perl extension in PHP does not follow safe_

context-dependent | restrictions | attackers | safe_mode | arbitrary | extension | function | execute | allows | follow | which | eval | code | perl | does | via | not | PHP |

The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.


Software vulnerabilities results 1 to 20 of 75     
Page: 1234