DSA-2969-1 libemail-address-perl - security update

Bulletin has no description...

CVE-2012-6143

Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized...

Mandriva Linux Security Advisory : webmin (MDVSA-2014:062)

Multiple vulnerabilities was discovered and corrected in webmin : Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620 CVE-2012-2981, CVE-2012-2982, CVE-2012-2983, CVE-2012-4893, SA51201. The 1.680 version fixed security issues that could be...

MGASA-2014-0093 Updated perl-Module-Metadata package clarifies the man page

This update clarifies the module's documentation about the code it executes i.e. it does "eval" a module to determine its version number. Previously it said that it did not execute unsafe code CVE-2013-1437...

DEBIAN-CVE-2014-1626

XML External Entity XXE vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file...

UBUNTU-CVE-2014-1626

XML External Entity XXE vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file...

UBUNTU-CVE-2013-4407

HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...

MGASA-2013-0352 Updated perl-HTTP-Body packages fix CVE-2013-4407

Updated perl-HTTP-Body package fixes security vulnerability: Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to...

DSA-2801-1 libhttp-body-perl - design error

Bulletin has no description...

Debian Security Advisory DSA 2801-1 (libhttp-body-perl - design error)

Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart cou...

Perl Module-Signature module: Arbitrary code execution

Background The Perl Module::Signature module adds signing capabilities to CPAN modules. Description The ‘cpansign verify’ command will automatically download keys and use them to check the signature of CPAN packages via the SIGNATURE file. If an attacker were to replace this SHA1 with a special...

Fedora 18 : perl-Module-Metadata-1.000015-1.fc18 (2013-15157)

This update clarifies the module's documentation about the code it executes, i.e. it does 'eval' a module to determine its version number. Previously it said that it did not execute unsafe code. Note that Tenable Network Security has extracted the preceding description block directly from the...

Fedora Update for perl-Module-Metadata FEDORA-2013-15196

Check for the Version of perl-Module-Metadata OpenVAS Vulnerability Test Fedora Update for perl-Module-Metadata FEDORA-2013-15196 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora Update for perl-Module-Metadata FEDORA-2013-15157

Check for the Version of perl-Module-Metadata OpenVAS Vulnerability Test Fedora Update for perl-Module-Metadata FEDORA-2013-15157 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora Update for perl-Module-Metadata FEDORA-2013-15196

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for perl-Module-Metadata FEDORA-2013-15157

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 19 : perl-Module-Metadata-1.000015-1.fc19 (2013-15196)

This update clarifies the module's documentation about the code it executes, i.e. it does 'eval' a module to determine its version number. Previously it said that it did not execute unsafe code. Note that Tenable Network Security has extracted the preceding description block directly from the...

Novell ZENworks Mobile Management DUSAP.php Language Parameter Vulnerability

Added: 07/18/2013 CVE: CVE-2013-1082 BID: 60179 OSVDB: 91118 Background ZENworks Mobile Management ZMM offers centralized management tools that are useful for deploying new mobile devices in the workforce, whether those devices are company-issued or privately owned. ZMM ensures that users have th...

Fedora 17 : perl-Module-Signature-0.73-1.fc17 (2013-10415)

This update ensures that digest modules are only loaded from absolute paths in @INC, avoiding a potential arbitrary code execution problem CVE-2013-2145. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

Fedora 19 : perl-Module-Signature-0.73-1.fc19 (2013-10354)

This update ensures that digest modules are only loaded from absolute paths in @INC, avoiding a potential arbitrary code execution problem CVE-2013-2145. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...