Show filters
333 Total Results
Displaying 211-220 of 333
Sort by:
Attacker Value
Unknown

CVE-2008-6474

Disclosure Date: March 16, 2009 (last updated October 04, 2023)
The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection.
0
Attacker Value
Unknown

CVE-2009-0486

Disclosure Date: February 09, 2009 (last updated October 04, 2023)
Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
0
Attacker Value
Unknown

CVE-2009-0129

Disclosure Date: January 15, 2009 (last updated October 04, 2023)
libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
0
Attacker Value
Unknown

CVE-2008-5305

Disclosure Date: December 10, 2008 (last updated October 04, 2023)
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
0
Attacker Value
Unknown

CVE-2008-5302

Disclosure Date: December 01, 2008 (last updated October 04, 2023)
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
0
Attacker Value
Unknown

CVE-2008-5303

Disclosure Date: December 01, 2008 (last updated October 04, 2023)
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
0
Attacker Value
Unknown

CVE-2008-4997

Disclosure Date: November 07, 2008 (last updated November 08, 2023)
dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage.
0
Attacker Value
Unknown

CVE-2008-4798

Disclosure Date: October 30, 2008 (last updated October 04, 2023)
The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL.
0
Attacker Value
Unknown

CVE-2008-3502

Disclosure Date: August 06, 2008 (last updated October 04, 2023)
Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.
0
Attacker Value
Unknown

CVE-2008-3285

Disclosure Date: July 24, 2008 (last updated October 04, 2023)
The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.
0