Show filters
333 Total Results
Displaying 271-280 of 333
Sort by:
Attacker Value
Unknown

CVE-2005-3962

Disclosure Date: December 01, 2005 (last updated October 04, 2023)
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
0
Attacker Value
Unknown

CVE-2005-3912

Disclosure Date: November 30, 2005 (last updated October 04, 2023)
Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl.
0
Attacker Value
Unknown

CVE-2005-3351

Disclosure Date: November 20, 2005 (last updated October 04, 2023)
SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.
0
Attacker Value
Unknown

CVE-2005-2854

Disclosure Date: September 08, 2005 (last updated October 04, 2023)
CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote attackers to use the script as a mail relay (spam proxy) via CRLF sequences in the (1) name or (2) email fields, which are injected into mail headers.
0
Attacker Value
Unknown

CVE-2005-2837

Disclosure Date: September 07, 2005 (last updated February 15, 2024)
Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm.
0
Attacker Value
Unknown

CVE-2005-2811

Disclosure Date: September 07, 2005 (last updated October 04, 2023)
Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges.
0
Attacker Value
Unknown

CVE-2005-2491

Disclosure Date: August 23, 2005 (last updated October 04, 2023)
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
0
Attacker Value
Unknown

CVE-2005-1527

Disclosure Date: August 15, 2005 (last updated February 15, 2024)
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
0
Attacker Value
Unknown

CVE-2005-0106

Disclosure Date: May 03, 2005 (last updated October 04, 2023)
SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.
0
Attacker Value
Unknown

CVE-2005-0448

Disclosure Date: May 02, 2005 (last updated October 04, 2023)
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
0