30 matches found
EUVD-2001-0718
Malware in sbrugna...
EUVD-2001-0454
Malware in sbrugna...
EUVD-1999-1418
Malware in sbrugna...
Ralf S. Engelschall ePerl 2.2.12 Handling of ISINDEX Query Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/151/info A bug exists in ePerl's handling of the ISINDEX queries. When ISINDEX is used, the query is passed on the command line by the web server. This would allow an attacker to execute arbitrary code via the ePerl...
FreeBSD Ports: eperl
The remote host is missing an update to the system as announced in the referenced advisory. VID 73efb1b7-07ec-11e2-a391-000c29033c32 OpenVAS Vulnerability Test $ Description: Auto generated from VID 73efb1b7-07ec-11e2-a391-000c29033c32 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
FreeBSD Ports: eperl
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD : eperl -- Remote code execution (73efb1b7-07ec-11e2-a391-000c29033c32)
David Madison reports : ePerl is a multipurpose Perl filter and interpreter program for Unix systems. The ePerl preprocessor contains an input validation error. The preprocessor allows foreign data to be 'safely' included using the 'sinclude' directive. The problem occurs when a file referenced b...
Mandrake Linux Security Advisory : eperl (MDKSA-2001:027)
Several potential buffer overflows in the ePerl package have been found by Fumitoshi Ukai and Denis Barbier. When eperl is installed setuid root, it can switch to the UID/GID of the script's owner. Although Linux-Mandrake does not ship the program setuid root, this is a useful feature which some...
Debian Security Advisory DSA 034-1 (ePerl)
The remote host is missing an update to ePerl announced via advisory DSA 034-1. OpenVAS Vulnerability Test $Id: deb0341.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 034-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian Security Advisory DSA 034-1 (ePerl)
The remote host is missing an update to ePerl announced via advisory DSA 034-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-034-1 : ePerl - remote root exploit
Fumitoshi Ukai and Denis Barbier have found several potential buffer overflow bugs in our version of ePerl as distributed in all of our distributions. When eperl is installed setuid root, it can switch to the UID/GID of the scripts owner. Although Debian doesn't ship the program setuid root, this...
CVE-2001-0733
The CVE-2001-0733 issue affects Embedded Perl (ePerl) up to version 2.2.14. The vulnerability arises from the #sinclude directive: if a file referenced by a sinclude contains an include directive for another file that contains code, the contents can be loaded and executed, enabling remote code ex...
CVE-1999-1437
The vulnerability CVE-1999-1437 affects ePerl 2.2.12, where an attacker can supply a full pathname to bar.phtml to read arbitrary files on the server and may be able to execute certain commands. This is a remote issue with potential impacts to confidentiality and integrity. The description consis...
CVE-1999-1437
ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml...
CVE-2001-0733
The sinclude directive in Embedded Perl ePerl 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a include directive that references a file that contains the code...
CVE-2001-0458
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands...
Проблемы #sinclude в EPERL (code execution)
Можно обойти директиву sinclude используя двойное включение...
bugtraq submission
All versions of the C version of ePerl 2.2 up to current version 2.2.14 http://www.engelschall.com/sw/eperl/ Severity: Low Systems Affected: Unix systems Description: ePerl allows the user to embed perl code specified inside ePerl delimiters in HTML. ePerl has the ability to "safely" include...
eperl -- Remote code execution
David Madison reports: ePerl is a multipurpose Perl filter and interpreter program for Unix systems. The ePerl preprocessor contains an input validation error. The preprocessor allows foreign data to be "safely" included using the 'sinclude' directive. The problem occurs when a file referenced by...
CVE-2001-0458
CVE-2001-0458 : Multiple buffer overflows in ePerl prior to 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands. Mandrake and Debian advisories note upgrades to 2.2.14-0.7 (or later) fix the issue; other references corroborate the vulnerability in ePerl.