984 matches found
perl-IO-Socket-SSL bug fix and enhancement update
An update is available for perl-IO-Socket-SSL. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
OpenSMTPD 6.6.1 Local Privilege Escalation
Exploit Title: OpenSMTPD 6.6.1 - Local Privilege Escalation Date: 2020-02-02 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.opensmtpd.org/ Version: OpenSMTPD 6.4.0 - 6.6.1 Tested on: OpenBSD 6.6, Debian GNU/Linux bullseye/sid with opensmtpd 6.6.1p1-1 CVE: CVE-2020-7247 !/usr/bin/perl...
CVE-2014-3230
The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...
DEBIAN-CVE-2014-3230
The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...
CVE-2014-3230
CVE-2014-3230 affects the libwww-perl LWP::Protocol::https module (versions 6.04–6.06) when using IO::Socket::SSL as the SSL socket class. The underlying issue is that server certificate validation can be disabled via the HTTPS_CA_DIR or HTTPS_CA_FILE environment variables. Impact described in th...
CVE-2014-3230
The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...
CVE-2014-3230
The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...
Perl Modules Detection (Linux/Unix SSH Login)
SSH login-based detection of various installed Perl modules. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
HP Smart Storage Administrator command injection
Added: 02/16/2017 CVE: CVE-2016-8523 BID: 95868 Background HP Smart Storage Administrator HP SSA is a web-based application that helps an administrator configure, manage, diagnose, and monitor HP ProLiant Smart Array Controllers and other storage devices such as host bus adapters HBAs and HP...
OpenBSD http server - denial of service vulnerability(CVE-2017-5850)
No description provided by source. !/usr/bin/perl -w curl --limit-rate 1 --continue-at 1 --header "Host: www.example.com" http://target/10mb.fs use warnings; use IO::Socket; use Parallel::ForkManager; $numforks = 50; if $ARGV \n"; sub killhttpd print "ATTACKING $ARGV0 using $numforks forks\n"; $p...
FileBuster - An Extremely Fast And Flexible Web Fuzzer
An extremely fast and flexible web fuzzer. Why another fuzzer? My main motivation was to write a script that would allow me to fuzz a website based on a dictionary but that allowed me to filter words on that dictionary based on regex patterns. This necessity came from the frustration of trying to...
Ramui Forum Script 9.0 SQL Injection
Title: Ramui forum script 9.0 SQL Injection Exploit Author: bd0rk Twitter: twitter.com/bd0rk Vendor: http://www.ramui.com/ Download: http://ramui.com/forum-script/download-v9.html Google-Dork: n/a ---Script-Kiddie protection! : Direct SQL-Path: n/a ---Script-Kiddie protection! : Description: I've...
TWiki View Script debugenableplugins Request Parameter Vulnerability
Added: 03/30/2015 CVE: CVE-2014-7236 BID: 70372 OSVDB: 112977 Background TWiki is a web-based collaboration platform written in PERL. Problem The TWiki view script does not properly sanitize the debugenableplugins parameter before using it. Resolution Upgrade to TWiki-6.0.1 or higher, or apply th...
TWiki View Script debugenableplugins Request Parameter Vulnerability
Added: 03/30/2015 CVE: CVE-2014-7236 BID: 70372 OSVDB: 112977 Background TWiki is a web-based collaboration platform written in PERL. Problem The TWiki view script does not properly sanitize the debugenableplugins parameter before using it. Resolution Upgrade to TWiki-6.0.1 or higher, or apply th...
TWiki View Script debugenableplugins Request Parameter Vulnerability
Added: 03/30/2015 CVE: CVE-2014-7236 BID: 70372 OSVDB: 112977 Background TWiki is a web-based collaboration platform written in PERL. Problem The TWiki view script does not properly sanitize the debugenableplugins parameter before using it. Resolution Upgrade to TWiki-6.0.1 or higher, or apply th...
Palringo 2.8.1 - Stack Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/use/bin/perl Exploit Title: palringo stack buffer overflow Date: 10 January 2015 Vulnerability discovered by: Mr.ALmfL9 Vendor Homepage: http://www.palringo.com/ Software Link: http://www.palringo.com/ar/sa/download/?get=winpc Version:...
Palringo 2.8.1 - Local Stack Buffer Overflow
!/use/bin/perl Exploit Title: palringo stack buffer overflow Date: 10 January 2015 Vulnerability discovered by: Mr.ALmfL9 Vendor Homepage: http://www.palringo.com/ Software Link: http://www.palringo.com/ar/sa/download/?get=winpc Version: 2.8.1 Tested on: Windows 8.1 use IO::Socket; $port = 8080;...
Incredible PBX 11 2.0.6.5.0 Remote Command Execution
!/usr/bin/perl Title: Incredible PBX remote command execution exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 1 September 2014 Coded: 21 October 2014 Published: 21 October 2014 MorXploit Research http://www.MorXploit.com Vendor: PBX in a Flash Vendor url:...
Duyuru Scripti Goster.ASP SQL injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22910/info Duyuru Scripti is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this vulnerability could permit remot...
Flatnuke <= 2.7.1 (level) Remote Privilege Escalation Exploit
No description provided by source. !/usr/bin/env perl Flatnuke = 2.7.1 level Privilege Escalation 0-day Exploit Description ----------- Flatnuke contains one flaw that may allow a user to become administrator. The issue is due to 'sections/noneLogin/section.php' script not properly sanitizing use...