FreeBSD : twiki -- remote Perl code execution (21ce1840-6107-11e4-9e84-0022156e8794)

TWiki developers report : The debugenableplugins request parameter allows arbitrary Perl code execution. Using an HTTP GET request towards a TWiki server, add a specially crafted debugenableplugins request parameter to TWiki's view script typically port 80/TCP. Prior authentication may or may not...

Twiki Perl Code Execution

This is an advisory for TWiki administrators: The debugenableplugins request parameter allows arbitrary Perl code execution. TWiki http://twiki.org is an Open Source Enterprise Wiki and Web Application Platform used by millions of people. Vulnerable Software Version Attack Vectors Impact Severity...

twiki -- remote Perl code execution

TWiki developers report: The debugenableplugins request parameter allows arbitrary Perl code execution. Using an HTTP GET request towards a TWiki server, add a specially crafted debugenableplugins request parameter to TWiki's view script typically port 80/TCP. Prior authentication may or may not ...

AwStats <= 6.4 - Denial of Service

No description provided by source. !/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...

CVE-2013-0209

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injecti...

Sql injection

Eval injection vulnerability in the ldapagnteval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request...

NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/filedropper' class Metasploit3...

NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution

This module abuses a lack of authorization in the NetIQ Privileged User Manager service unifid.exe to execute arbitrary perl code. The problem exists in the ldapagnt module. The module has been tested successfully on NetIQ PUM 2.3.1 over Windows 2003 SP2, which allows to execute arbitrary code wi...

Gentoo Security Advisory GLSA 200508-07 (awstats)

The remote host is missing updates announced in advisory GLSA 200508-07. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2006-4731

Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...

PT-2005-3703 · Plain Black · Webgui

Name of the Vulnerable Software and Affected Versions: WebGUI versions prior to 6.7.3 Description: The issue allows remote attackers to execute arbitrary Perl code via multiple eval injection vulnerabilities in the following modules: 1 Help.pm, 2 International.pm, or 3 WebGUI.pm. Recommendations:...

WebGUI Perl Code Execution Vulnerabilities

Secunia Advisory: SA16682 Release Date: 2005-09-02 Critical: Highly critical Impact: System access Where: From remote Solution Status: Vendor Patch Software: WebGUI 6.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. Description: Some...

AWStats < 6.5 Perl Content-Parsing Code Execution

Binary data 2613.prm...

AwStats <= 6.4 Denial Of Service (with Advisory)

Exploit for cgi platform in category web applications ================================================ AwStats new Proto = "tcp", PeerAddr = "$server", PeerPort = "80" || die "Error\n"; print $socket "GET /cgi-bin/awstats-6.4/awstats.pl?&hack=$rp&PluginMode=:sleep HT...

AWStats 6.4 - Denial of Service

AWStats 6.4 - Denial of Service !/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...

AwStats &lt;= 6.4 Denial Of Service (with Advisory)

No description provided by source. !/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...

AWStats 6.4 - Denial of Service

!/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...

CVE-2002-1436

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request...

CVE-2002-1750

csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...

CVE-2002-0924

CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability...