Show filters
333 Total Results
Displaying 241-250 of 333
Sort by:
Attacker Value
Unknown

CVE-2007-3944

Disclosure Date: July 23, 2007 (last updated October 04, 2023)
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.
0
Attacker Value
Unknown

CVE-2007-3409

Disclosure Date: June 26, 2007 (last updated February 03, 2024)
Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
Attacker Value
Unknown

CVE-2007-3377

Disclosure Date: June 25, 2007 (last updated October 04, 2023)
Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.
0
Attacker Value
Unknown

CVE-2007-3295

Disclosure Date: June 20, 2007 (last updated October 04, 2023)
Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the English folder, modifying English/HelpCentre.lng file to contain Perl statements, and then invoking the help action in YaBB.pl.
0
Attacker Value
Unknown

CVE-2007-2996

Disclosure Date: June 04, 2007 (last updated October 04, 2023)
Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships with Perl."
0
Attacker Value
Unknown

CVE-2007-2459

Disclosure Date: May 02, 2007 (last updated October 04, 2023)
Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.
0
Attacker Value
Unknown

CVE-2007-1349

Disclosure Date: March 30, 2007 (last updated October 04, 2023)
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
0
Attacker Value
Unknown

CVE-2007-1489

Disclosure Date: March 16, 2007 (last updated October 04, 2023)
Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability.
0
Attacker Value
Unknown

CVE-2007-1359

Disclosure Date: March 08, 2007 (last updated October 04, 2023)
Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.
0
Attacker Value
Unknown

CVE-2007-0669

Disclosure Date: February 08, 2007 (last updated October 04, 2023)
Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.
0