15 matches found
CVE-2026-8500
Web::Passwd (Perl)
PT-2026-40831
Name of the Vulnerable Software and Affected Versions Web::Passwd version 0.03 Description Web::Passwd, a small CGI application for managing htpasswd files via the htpasswd command, allows remote code execution. The user parameter is not validated or escaped before being used as the final argumen...
CVE-2024-58041
Smolder versions through 1.51 for Perl uses insecure rand function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Smolder::DB::Developer uses t...
CVE-2024-58135
Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...
Request Tracker Default Credentials
It is possible to log into the Best Practical Solutions Request Tracker RT application by providing default credentials. A remote attacker can exploit this to gain administrative control. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...
LedgerSMB / SQL-Ledger admin.pl Admin Authentication Bypass
The remote host is running LedgerSMB or SQL-Ledger, a web-based double-entry accounting system. The version of LedgerSMB or SQL-Ledger on the remote host contains a design flaw that can be leveraged by a remote attacker to bypass authentication and gain administrative access of the application...
Community Link Pro login.cgi file Parameter Arbitrary Command Execution
The remote host is running Community Link Pro, a web-based application written in Perl. The remote version of this software fails to sanitize user input to the 'file' parameter of the 'login.cgi' script of shell metacharacters before using it to run a command. An unauthenticated attacker can...
Open WebMail Shell Escape Arbitrary Command Execution
According to its banner, the version of Open WebMail installed on the remote host may allow execution of arbitrary shell commands due to its failure to ensure shell escape characters are removed from filenames and other strings before trying to read from them. %NASLMINLEVEL 70300 C Tenable Networ...
GLSA-200504-26 : Convert-UUlib: Buffer overflow
The remote host is affected by the vulnerability described in GLSA-200504-26 Convert-UUlib: Buffer overflow A vulnerability has been reported in Convert-UUlib where a malformed parameter can be provided by an attacker allowing a read operation to overflow a buffer. The vendor credits Mark Martine...
Convert-UUlib: Buffer overflow
Background Convert-UUlib provides a Perl interface to the uulib library, allowing Perl applications to access data encoded in a variety of formats. Description A vulnerability has been reported in Convert-UUlib where a malformed parameter can be provided by an attacker allowing a read operation t...
Ikonboard ikonboard.cgi Multiple Parameter SQL Injection
The remote server is running IkonBoard, a Web Bulletin Board System written in Perl. The remote version of this software fails to sanitize user-supplied input to multiple variables in the 'ikonboard.cgi' script. An attacker can exploit this flaw to launch SQL injection attacks. %NASLMINLEVEL 7030...
Ошибка переполнения буффера в aGsm версии 2.35c и в последней developer-версии (beta)...
Доброго времени суток! Мною обнаружена ошибка переполнения буффера и вероятно возможность удалённого исполнения вредоносного кода в последних версиях aGsm. Заключается она в следующем: При обработке ответа от Half-Life серверов, aGsm, как выяснилось, не проверяет длинну строки hostname, а копируе...
Cross-Referencing Linux vulnerability
Info. ----- + Type: To gain visibility + Software: Cross-Referencing Linux. + Verions: until 0.9.2 + Exploit: Si. + Autor: Albert Puigsech Galicia + Contact: [email protected] Introduction. ------------- Cross-Referencing Linux, as known as LXR, allow read all linux kernel source using a web...
Image Display System 0.8.1 - Directory Existence Disclosure
Image Display System 0.8.1 - Directory Existence Disclosure source: https://www.securityfocus.com/bid/4870/info IDS Image Display System is an web based photo album application written in Perl. IDS is freely available and is maintained by Ashley M. Kirchner. Users can confirm the existence and...
Image Display System 0.8.1 - Directory Existence Disclosure
source: https://www.securityfocus.com/bid/4870/info IDS Image Display System is an web based photo album application written in Perl. IDS is freely available and is maintained by Ashley M. Kirchner. Users can confirm the existence and location of various directories residing on the IDS host. This...