CVE-2024-58134

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...

Cougar-LG Insecure Configuration File Path Vulnerability

Cougar-LG is a set of web applications written in Perl for connecting to a router or console. A security vulnerability exists in Cougar-LG. A remote attacker could exploit this vulnerability to obtain credentials...

Perl 5.x - 'lc()' / 'uc()' TAINT Mode Protection Security Bypass

source: https://www.securityfocus.com/bid/47124/info Perl is prone to a security-bypass weakness that occurs when laundering tainted input. Attackers can leverage this issue to bypass security checks in perl applications that rely on TAINT mode protection functionality. This opens such applicatio...

Gentoo Security Advisory GLSA 200808-02 (net-snmp)

The remote host is missing updates announced in advisory GLSA 200808-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

GLSA-200512-01 : Perl: Format string errors can lead to code execution

The remote host is affected by the vulnerability described in GLSA-200512-01 Perl: Format string errors can lead to code execution Jack Louis discovered a new way to exploit format string errors in Perl that could lead to the execution of arbitrary code. This is perfomed by causing an integer wra...

InMail/InShop inmail.pl / inshop.pl XSS

The remote host is using InMail/InShop, a web applications written in Perl. An implementation error in the validation of the user input specifically in the script 'inmail.pl' in its 'acao' uri-argument and 'inshop.pl' in its 'screen' uri argument lead to an XSS vulnerability allowing a user to...