Lucene search
K

115 matches found

CVE
CVE
added 2025/07/16 1:5 p.m.40 views

CVE-2025-40923

CVE-2025-40923 affects Plack-Middleware-Session for Perl prior to 0.35, where the default session id generator uses a SHA-1 hash seeded with rand, epoch time, and PID, making session IDs predictable. Fedora advisory notes a fix to version 0.36, using Crypt::SysRandom for secure session IDs. The v...

7.3CVSS6.7AI score0.00329EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/16 1:5 p.m.6 views

CVE-2025-40923 Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

7.3AI score0.00329EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.3 views

Plack::Middleware::Session 安全漏洞

Plack::Middleware::Session is a Plack open source minimalist session library for Plack. A security vulnerability exists in Plack::Middleware::Session versions prior to 0.35 that stems from insecure session ID generation...

7.3CVSS6.4AI score0.00329EPSS
Exploits0References6
NVD
NVD
added 2024/02/13 5:15 a.m.22 views

CVE-2023-52431

The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie if signed cookies are disabled...

8.8CVSS6.7AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2024/02/13 5:15 a.m.6 views

CVE-2023-52431

The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie if signed cookies are disabled...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References2
Prion
Prion
added 2024/02/13 5:15 a.m.12 views

Cross site request forgery (csrf)

The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie if signed cookies are disabled...

7.2AI score0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.7 views

Plack-Middleware-XSRFBlock Security Vulnerability

Plack-Middleware-XSRFBlock is a plugin for blocking cross-site request forgery. A security vulnerability exists in the Plack::Middleware::XSRFBlock package version 0.0.19, which stems from the presence of a cross-site request forgery CSRF vulnerability...

8.8CVSS6.8AI score0.00244EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/13 12:0 a.m.13 views

CVE-2023-52431

The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie if signed cookies are disabled...

7AI score0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/13 12:0 a.m.17 views

CVE-2023-52431

The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie if signed cookies are disabled...

6.9AI score0.00244EPSS
Exploits0References2
CVE
CVE
added 2024/02/13 12:0 a.m.80 views

CVE-2023-52431

CVE-2023-52431 affects Plack::Middleware::XSRFBlock (Perl). The module prior to version 0.0.19 allows bypassing CSRF protection via an empty form value and an empty cookie when signed cookies are disabled. The vulnerability has a high impact in CVSS terms (C/H/I/A=High, exploitable remotely with ...

8.8CVSS6.8AI score0.00244EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.7 views

PT-2024-14587 · Unknown · Plack::Middleware::Xsrfblock

Name of the Vulnerable Software and Affected Versions: Plack::Middleware::XSRFBlock versions prior to 0.0.19 Description: The issue allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie, but only if signed cookies are disabled. Recommendations: For...

8.8CVSS7.3AI score0.00244EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.3 views

SUSE CVE-2014-5269

Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static...

5CVSS6.6AI score0.02455EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.7 views

Mageia: Security Advisory (MGASA-2018-0428)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.7 views

Mageia: Security Advisory (MGASA-2014-0486)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.7AI score0.02455EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/12/16 12:0 a.m.16 views

openSUSE Security Update : perl-Plack (openSUSE-SU-2014:1639-1)

This perl-Plack update fixes the following security issue : - bnc892328: trailing slashes removed leading to source code disclosure CVE-2014-5269 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...

5CVSS5.5AI score0.02455EPSS
Exploits0References3
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.58 views

[ MDVSA-2014:235 ] perl-Plack

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:235 http://www.mandriva.com/en/support/security/ Package : perl-Plack Date : November 28, 2014 Affected: Business Server 1.0 Problem Description: Updated perl-Plack package fixes security vulnerability:...

5CVSS6.1AI score0.02455EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/11/30 12:0 a.m.16 views

Mandriva Linux Security Advisory : perl-Plack (MDVSA-2014:235)

Updated perl-Plack package fixes security vulnerability : Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files...

5CVSS5.5AI score0.02455EPSS
Exploits0References2
OSV
OSV
added 2014/11/26 10:14 a.m.9 views

MGASA-2014-0486 Updated perl-Plack package fixes security vulnerability

Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files CVE-2014-5269...

5CVSS6.2AI score0.02455EPSS
Exploits0References3
Mageia
Mageia
added 2014/11/26 10:14 a.m.26 views

Updated perl-Plack package fixes security vulnerability

Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files CVE-2014-5269...

5CVSS6.3AI score0.02455EPSS
Exploits0References2
OSV
OSV
added 2014/09/24 12:0 a.m.10 views

DLA-61-1 libplack-perl - security update

Bulletin has no description...

5CVSS6AI score0.02455EPSS
Exploits0
Rows per page
Query Builder