[SECURITY] Fedora 43 Update: perl-CGI-Simple-1.282-1.fc43

Simple totally OO CGI interface that is CGI.pm compliant...

EUVD-2010-4380

Malware in sbrugna...

EUVD-2003-0609

Malware in sbrugna...

EUVD-2012-5418

Malware in sbrugna...

EUVD-2010-4379

Malware in sbrugna...

Oracle Linux 6 : perl (ELSA-2011-0558)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0558 advisory. - 692862 - lc launders tainted flag, CVE-2011-1487 Tenable has extracted the preceding description block directly from the Oracle Linux security...

K55423848: CGI.pm and CGI::Simple vulnerabilities CVE-2010-2761 and CVE-2010-4410

Security Advisory Description CVE-2010-2761 The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers a...

K15867: Perl vulnerabilities CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667

Security Advisory Description CVE-2012-5195 Heap-based buffer overflow in the Perlrepeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service memory consumption and crash or possibly...

CVE-2016-4561

Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...

CVE-2016-4561

Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...

Cross site scripting

Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...

CVE-2016-4561

Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...

CVE-2016-4561

Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...

CVE-2016-4561

CVE-2016-4561 affects ikiwiki’s CGI.pm cgierror function, where an XSS exists in error messages for ikiwiki before 3.20160506. Exploitation could inject script/HTML in victims’ sessions. Public advisories note mitigation via updates to ikiwiki (e.g., Debian/DSA-3571-1, Mageia MGASA-2019-0113, Deb...

ikiwiki -- XSS vulnerability

Mitre reports: Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...

Oracle Solaris Third-Party Patch Update : perl-58 (cve_2012_5526_configuration_vulnerability1)

The remote Solaris system is missing necessary patches to address security updates : - Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly...

Oracle Solaris Third-Party Patch Update : perl-512 (cve_2012_5195_heap_buffer)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the Perlrepeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service...

openSUSE Security Update : FastCGI (openSUSE-2011-102)

added FastCGI-fixdeprecatedapi.patch: bnc735882 Fixes an issue where CGI.pm received CGI variables from previous requests. CVE-2011-2766 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Debian Security Advisory DSA 2587-1 (libcgi-pm-perl - HTTP header injection)

It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers. OpenVAS Vulnerability Test $Id: deb25871.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2587-1 using...

Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Windows)

The host is installed with Active Perl and is prone to HTTP header injection vulnerability. OpenVAS Vulnerability Test $Id: gbactiveperlcgipmmoduleheaderinjevulnwin.nasl 6086 2017-05-09 09:03:30Z teissa $ Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability Windows Author...