CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 0CVE-2004-0377
https://notcve.org/view.php?id=CVE-2004-0377
Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character. Desbordamiento de búfer en la función win32_stat de ActivePerl de ActiveState, y Perl de Larry Wall anterior a 5.8.3 permite a atacantes remotos ejecutar comandos arbitrarios mediante nombres de fichero que terminan en un carácter "" (barra invertida). • http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html http://marc.info/?l=bugtraq&m=108118694327979&w=2 http://public.activestate.com/cgi-bin/perlbrowse?patch=22552 http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities http://www.kb.cert.org/vuls/id/722414 https://exchange.xforce.ibmcloud.com/vulnerabilities/15732 •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2002-1271
https://notcve.org/view.php?id=CVE-2002-1271
The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx. El módulo Perl Mail:Mailer en el paquete perl-MailTools 1.47 y anteriores usa mailx como el programa de correo por defecto, lo que permite a atacantes remotos ejecutar comandos arbitrarios insertándolos en el cuerpo del correo, que es entonces procesado por mailx • http://marc.info/?l=bugtraq&m=103659723101369&w=2 http://marc.info/?l=bugtraq&m=103679569705086&w=2 http://www.debian.org/security/2003/dsa-386 http://www.iss.net/security_center/static/10548.php http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html http://www.securityfocus.com/bid/6104 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-1999-1386
https://notcve.org/view.php?id=CVE-1999-1386
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. • http://marc.info/?l=bugtraq&m=88932165406213&w=2 http://www.iss.net/security_center/static/7243.php http://www.redhat.com/support/errata/rh50-errata-general.html#perl • CWE-59: Improper Link Resolution Before File Access ('Link Following') •