FreeBSD : twiki -- remote Perl code execution (21ce1840-6107-11e4-9e84-0022156e8794)

TWiki developers report : The debugenableplugins request parameter allows arbitrary Perl code execution. Using an HTTP GET request towards a TWiki server, add a specially crafted debugenableplugins request parameter to TWiki's view script typically port 80/TCP. Prior authentication may or may not...

CVE-2014-7180

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for 1 eccert.pl and 2 ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files...

Code injection

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for 1 eccert.pl and 2 ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files...

CVE-2014-7180

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for 1 eccert.pl and 2 ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files...

CVE-2012-5697

The btinstall installation script in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 uses weak permissions 777 for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files...

CVE-2012-5697

CVE-2012-5697 relates to the Smartphone Pentest Framework (SPF) web GUI in frameworkgui/, where the btinstall script sets world-writable permissions (777) on all files. This permits a local attacker to read sensitive files and potentially inject arbitrary Perl code via direct access to the files,...

Twiki Perl Code Execution

This is an advisory for TWiki administrators: The debugenableplugins request parameter allows arbitrary Perl code execution. TWiki http://twiki.org is an Open Source Enterprise Wiki and Web Application Platform used by millions of people. Vulnerable Software Version Attack Vectors Impact Severity...

twiki -- remote Perl code execution

TWiki developers report: The debugenableplugins request parameter allows arbitrary Perl code execution. Using an HTTP GET request towards a TWiki server, add a specially crafted debugenableplugins request parameter to TWiki's view script typically port 80/TCP. Prior authentication may or may not ...

Dana IRC <= 1.3 - Remote Buffer Overflow PoC

No description provided by source. - Dana IRC = 1.3 Remote Buffer Overflow POC/Crash - Discovered On: 14 JUNE 2008 Discovered By: t0pP8uZz Download: diebestenbits.de - Info - Dana Irc client suffers from a remote buffer overflow, sending a buffer of around 2k overwrites the EIP therefor crashes t...

AWStats (6.0-6.2) configdir Remote Command Execution Exploit (perl code)

No description provided by source. !/usr/bin/perl ---GHC--------------------------------- Remote command execution exploit Product: Advanced Web Statistics 6.0 - 6.2 URL:http://awstats.sourceforge.net Greets & respects to our friends: 1dt.w0lf and all rst.void.ru Special greets 2 d0G4 & cr0n for...

Tugux CMS 1.0_final Multiple Vulnerabilities

No description provided by source. +----------------------------------------------+ | Tugux CMS 1.0final Multiple Vulnerabilities | +----------------------------------------------+ Vulnerable Web-App : Tugux CMS 1.0final Vulnerability : Multiple Vulnerabilities. Author : Aodrulez. Atul Alex Cheri...

NETGEAR ReadyNAS Perl Code Evaluation

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient def initializein...

RM Downloader 3.1.3 - Local SEH Exploit (Win7 ASLR and DEP Bypass)

No description provided by source. !/usr/bin/perl Exploit Title: RM Downloader 3.1.3 Local SEH Exploit Win7 ASLR and DEP Bypass Date: July 1, 2010 Author: Node Software Link: http://www.mini-stream.net/downloads/RMDownloader.exe Version: RM Downloader 3.1.3.3.2010.06.26 Evaluation Tested on:...

Ralf S. Engelschall ePerl 2.2.12 Handling of ISINDEX Query Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/151/info A bug exists in ePerl's handling of the ISINDEX queries. When ISINDEX is used, the query is passed on the command line by the web server. This would allow an attacker to execute arbitrary code via the ePerl...

Yarssr 0.2.2 GUI.PM Remote Code Injection Vulnerability

No description provided by source. source: www.securityfocus.com/bid/26273/info Yarssr is prone to a remote code-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to inject and execute arbitrary malicious Perl code with the...

Trouble Ticket Express <= 3.01 Remote Code Execution/Directory Traversal

No description provided by source. Exploit Title: Trouble Ticket Express Remote Code Execution/Directory Traversal Author: zombiefx [email protected]:[email protected] Software Link: http://www.troubleticketexpress.com/download/ttx301.zip Version: v3.01,v3.0,v2.24,v2.21 Tested on: Linux...

AwStats <= 6.4 - Denial of Service

No description provided by source. !/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...

TClanPortal <= 1.1.3 (id) Remote SQL Injection Exploit

No description provided by source. TClanPortal Version 3 .. Search By Google :- by TriggerTG.de 2003 - Version 3 Gr33tz :- Abducter .. SQL Injection's FOunder - | [email protected] |- Devil-00 .. SQL Injection's Exploting - | [email protected] | - Security4Arab .. A'Where Home .. WE LOVE...

WordPress AdminOnline Local File Disclosure

GGGGGGGGGGGGG HHHHHHHHH HHHHHHHHH BBBBBBBBBBBBBBBBB GGG::::::::::::G H:::::::H H:::::::H B::::::::::::::::B GG:::::::::::::::G H:::::::H H:::::::H B::::::BBBBBB:::::B G:::::GGGGGGGG::::G HH::::::H H::::::HH BB:::::B B:::::B G:::::G GGGGGG H:::::H H:::::H B::::B B:::::B G:::::G H:::::H H:::::H...

Movable Type 4.2x 4.3x Upgrade Script RCE Script Injection - Ver2 (CVE-2012-6315)

A script injection and execution vulnerability has been reported in Movable Type. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary Perl code and SQL commands on the affected system...