OS Command Exec, Unix Command Shell, Reverse TCP SSL (via perl)

Execute an OS command from PHP. Creates an interactive shell via perl, uses SSL Module Options msf use payload/php/unix/cmd/reverseperlssl msf payloadreverseperlssl show actions ...actions... msf payloadreverseperlssl set ACTION msf payloadreverseperlssl show options ...show and set options... ms...

Debian DSA-4879-1 : spamassassin - security update

Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam filter using text analysis. Malicious rule configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. C Tenable Network Security, Inc. The descriptive text and...

Debian: Security Advisory (DSA-4879-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OTRS AG Survey 跨站脚本漏洞

OTRS AG Survey is a Perl-based customer survey appliance from OTRS Germany. The tool is intended for use in sending e-mails to customers after a ticket has been closed. A cross-site scripting vulnerability exists in OTRS AG Survey that can be exploited by an attacker to execute malicious code in...

FHEM File Inclusion Vulnerability

FHEM is a Perl-based server-side program from the FHEM community for controlling smart devices for house automation. The program runs as a server and you can control it directly via web or smartphone front-end, telnet or TCP / IP to automate some common tasks in your home, such as switching on/of...

Debian DLA-2107-1 : spamassassin security update

Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. For Debian 8 'Jessie', these problems have been fixed in...

USN-4265-2: SpamAssassin vulnerabilities

USN-4265-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a...

[SECURITY] [DSA 4615-1] spamassassin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4615-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...

Debian DLA-2037-1 : spamassassin security update

Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. CVE-2018-11805 Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. CVE-2019-12420 Specially crafted mulitpar...

Debian: Security Advisory (DLA-2037-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2037-1] spamassassin security update

Package : spamassassin Version : 3.4.2-0+deb8u2 CVE ID : CVE-2018-11805 CVE-2019-12420 Debian Bug : 946652 946653 Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. CVE-2018-11805 Malicious rule or configuration files, possibly downloaded from an...

[SECURITY] [DSA 4584-1] spamassassin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4584-1] spamassassin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 14, 2019 https://www.debian.org/security/faq -...

TWiki Injection Vulnerability

TWiki is the U.S. Peter Thoeny software developers of a set of Perl-based open source Wiki program , is a Web-based site collaboration platform , it can be used for project development management , document management , knowledge base management and other collaborative work . There is an injectio...

USN-3811-3: SpamAssassin vulnerabilities

USN-3811-1 fixed a vulnerability in spamassassin. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code...

This Week in Security News: Fake Apps & Malicious Bots

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how the adoption of mobile banking services has grown as an opportunity for scammers with fake banking apps. Also, see how Trickbot...

How to Create a Perl Based Custom Monitor on NetScaler

This article describes how to create a Perl based Custom Monitor on NetScaler. Background The NetScaler appliance has a lot of different monitors inbuilt, but there are use cases these monitors do not cover. For this NetScaler supports monitors of type USER, which brings the possibility to run...

Bugzilla Privilege Escalation Security Patch

Developers and organizations that use the Bugzilla open source bug-tracking system should upgrade to current versions after the disclosure of details of a vulnerability in its email-based permissions process. The flaw, CVE-2015-4499, was patched last week in versions 4.2.15, 4.4.10 and 5.0.1 afte...

Leif M. Wright everythingform.cgi 2.0 Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2101/info An input validation vulnerability exists in Leif M. Wright's everything.cgi, a Perl-based form design tool. The script fails to properly filter shell commands from user-supplied input to the 'config' field. As a...

Aardvark Topsites PHP <= 4.2.2 (lostpw.php) Remote Include Exploit

No description provided by source. !/usr/bin/perl Aardvark Topsites PHP =4.2.2 Remote Command Execution Exploit Copyright c 2006 cijfer cijfer@netti!fi All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to 'http://target.com/dir' cijfer$ to set your PHP shell...