40 matches found
SUSE CVE-2026-11527
Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...
CVE-2026-11527 Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle
Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...
EUVD-2026-36660
Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...
Linux Distros Unpatched Vulnerability : CVE-2026-11527
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle...
PT-2026-49109
Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in make filehandle. Config::IniFiles:: make filehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd",...
EUVD-2012-2437
Malware in sbrugna...
OPENSUSE-SU-2024:10146-1 perl-Config-IniFiles-2.94-1.1 on GA media
These are all security issues fixed in the perl-Config-IniFiles-2.94-1.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2012-2451
The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be...
Config::IniFiles symbolic links vulnerability
Symbolic links vulnerability on temporary files creation...
[USN-1543-1] Config-IniFiles vulnerability
========================================================================== Ubuntu Security Notice USN-1543-1 August 20, 2012 libconfig-inifiles-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Gentoo Security Advisory GLSA 201208-05 (Config-IniFiles)
The remote host is missing updates announced in advisory GLSA 201208-05. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Fedora Update for perl-Config-IniFiles FEDORA-2012-7763
Check for the Version of perl-Config-IniFiles OpenVAS Vulnerability Test Fedora Update for perl-Config-IniFiles FEDORA-2012-7763 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Fedora Update for perl-Config-IniFiles FEDORA-2012-7763
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Gentoo Security Advisory GLSA 201208-05 (Config-IniFiles)
The remote host is missing updates announced in advisory GLSA 201208-05. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...
Ubuntu Update for libconfig-inifiles-perl USN-1543-1
Ubuntu Update for Linux kernel vulnerabilities USN-1543-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15431.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for libconfig-inifiles-perl USN-1543-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH,...
Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libconfig-inifiles-perl vulnerability (USN-1543-1)
It was discovered that the perl Config::IniFiles module created temporary files in an unsafe manner. A local user with write access to the directory containing a configuration file that Config-IniFiles manipulates could exploit this to overwrite arbitrary files. Note that Tenable Network Security...
GLSA-201208-05 : Perl Config-IniFiles Module: Insecure temporary file usage
The remote host is affected by the vulnerability described in GLSA-201208-05 Perl Config-IniFiles Module: Insecure temporary file usage The Perl Config-IniFiles module uses predicatable temporary file names. Impact : A local attacker could perform symlink attacks to overwrite arbitrary files with...
Perl Config-IniFiles Module: Insecure temporary file usage
Background Config-IniFiles is a Perl module for reading .ini-style configuration files. Description The Perl Config-IniFiles module uses predicatable temporary file names. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running th...
CVE-2012-2451
The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be...
CVE-2012-2451
The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be...