CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0618
https://notcve.org/view.php?id=CVE-2003-0618
Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions. Múltiples vulnerabilidades en suidperl 5.6.1 y anteriores permiten a un usuario local obtener información sensible sobre ficheros para los que el usuario no tiene permisos adecuados. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426 http://www.debian.org/security/2004/dsa-431 http://www.securityfocus.com/bid/9543 https://exchange.xforce.ibmcloud.com/vulnerabilities/15012 •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 3CVE-2003-1365
https://notcve.org/view.php?id=CVE-2003-1365
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0065.html http://search.cpan.org/~smylers/CGI-Lite-2.02/Lite.pm http://securityreason.com/securityalert/3237 http://use.perl.org/~cbrooks/journal/10542 http://www.securityfocus.com/archive/1/311414 http://www.securityfocus.com/bid/6833 https://exchange.xforce.ibmcloud.com/vulnerabilities/11308 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2131
https://notcve.org/view.php?id=CVE-2002-2131
Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. (dot dot) in an unknown argument. • http://citrustech.net/~chrisj/perl-httpd/INFO.txt http://www.iss.net/security_center/static/10992.php http://www.securityfocus.com/bid/6497 •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2002-1271
https://notcve.org/view.php?id=CVE-2002-1271
The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx. El módulo Perl Mail:Mailer en el paquete perl-MailTools 1.47 y anteriores usa mailx como el programa de correo por defecto, lo que permite a atacantes remotos ejecutar comandos arbitrarios insertándolos en el cuerpo del correo, que es entonces procesado por mailx • http://marc.info/?l=bugtraq&m=103659723101369&w=2 http://marc.info/?l=bugtraq&m=103679569705086&w=2 http://www.debian.org/security/2003/dsa-386 http://www.iss.net/security_center/static/10548.php http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html http://www.securityfocus.com/bid/6104 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-1999-1386
https://notcve.org/view.php?id=CVE-1999-1386
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. • http://marc.info/?l=bugtraq&m=88932165406213&w=2 http://www.iss.net/security_center/static/7243.php http://www.redhat.com/support/errata/rh50-errata-general.html#perl • CWE-59: Improper Link Resolution Before File Access ('Link Following') •