Lucene search

K
Larry WallPerl

12 matches found

CVE
CVE
added 2005/05/02 4:0 a.m.127 views

CVE-2005-0155

The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.

4.6CVSS6AI score0.00372EPSS
CVE
CVE
added 2007/11/07 11:46 p.m.104 views

CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

7.5CVSS9.8AI score0.11413EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.70 views

CVE-2003-0900

Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.

5CVSS6.1AI score0.00381EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.70 views

CVE-2005-0448

Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.

1.2CVSS5.8AI score0.0008EPSS
CVE
CVE
added 2005/02/07 5:0 a.m.64 views

CVE-2005-0156

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

2.1CVSS7AI score0.00386EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.60 views

CVE-2004-0452

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.

2.6CVSS5.9AI score0.00052EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.57 views

CVE-2004-0976

Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS5.8AI score0.00081EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.55 views

CVE-1999-0034

Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.

7.2CVSS7.7AI score0.00233EPSS
CVE
CVE
added 2004/05/04 4:0 a.m.47 views

CVE-2004-0377

Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.

10CVSS7.7AI score0.11512EPSS
CVE
CVE
added 2000/10/20 4:0 a.m.39 views

CVE-2000-0703

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

7.2CVSS6.9AI score0.00307EPSS
CVE
CVE
added 2005/08/04 4:0 a.m.36 views

CVE-2004-2286

Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.

7.5CVSS8.1AI score0.06157EPSS
CVE
CVE
added 2005/12/16 11:3 a.m.35 views

CVE-2005-4278

Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

7.2CVSS6.3AI score0.00075EPSS