PT-2026-31107

Name of the Vulnerable Software and Affected Versions Movable Type affected versions not specified Description Movable Type contains a code injection vulnerability that could allow an attacker to execute arbitrary Perl script. This could lead to webshell access. Recommendations At the moment, the...

EUVD-2006-3813

Malware in sbrugna...

CVE-2009-2946

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...

RHEL 6 / 7 : rh-perl524-mod_perl (RHSA-2018:2826)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2826 advisory. - modperl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess CVE-2011-2767 Note that Nessus has not...

CVE-2013-1437

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value...

NewStart CGSL MAIN 4.05 : mod_perl Vulnerability (NS-SA-2019-0134)

The remote NewStart CGSL host, running version MAIN 4.05, has modperl packages installed that are affected by a vulnerability: - modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is ...

Fedora 28 : mod_perl (2018-0ddef94854)

This release fixes CVE-2011-2767 vulnerability an arbitrary Perl code execution in the context of the httpd server by disabling sections in non-server-level configuration. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

Fedora 29 : mod_perl (2018-f6a5b71464)

This release fixes CVE-2011-2767 vulnerability an arbitrary Perl code execution in the context of the httpd server by disabling sections in non-server-level configuration. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

USN-3825-2: mod_perl vulnerability

USN-3825-1 fixed a vulnerability in modperl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jan Ingvoldstad discovered that modperl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation....

USN-3825-1: mod_perl vulnerability

Jan Ingvoldstad discovered that modperl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code...

CentOS Update for mod_perl CESA-2018:2737 centos6

Check the version of modperl SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882952";...

[SECURITY] [DLA 1507-1] libapache2-mod-perl2 security update

Package : libapache2-mod-perl2 Version : 2.0.91624218-2+deb8u3 CVE ID : CVE-2011-2767 Debian Bug : 644169 Jan Ingvoldstad discovered that libapache2-mod-perl2 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there ...

CVE-2015-0898

futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors...

CVE-2015-0898

futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors...

CVE-2014-7180

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for 1 eccert.pl and 2 ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files...

Code injection

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for 1 eccert.pl and 2 ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files...

CVE-2014-7180

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for 1 eccert.pl and 2 ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files...

CVE-2012-5697

The btinstall installation script in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 uses weak permissions 777 for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files...

CVE-2012-5697

CVE-2012-5697 relates to the Smartphone Pentest Framework (SPF) web GUI in frameworkgui/, where the btinstall script sets world-writable permissions (777) on all files. This permits a local attacker to read sensitive files and potentially inject arbitrary Perl code via direct access to the files,...

Design/Logic Flaw

Eval injection vulnerability in frontview/lib/nphandler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."...