Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
perl vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2005-0155
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
Larry Wall Perl 5.8.0
1 EDB exploit
5
CVSSv2
CVE-2013-7329
The CGI::Application module prior to 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote malicious users to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.
Perl Cgi Application Module
7.5
CVSSv2
CVE-2019-1010263
Perl Crypt::JWT before 0.023 is affected by: Incorrect Access Control. The impact is: allow malicious users to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is:...
Perl Crypt Jwt Project
10
CVSSv2
CVE-2004-0377
Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl prior to 5.8.3 allows local or remote malicious users to execute arbitrary commands via filenames that end in a backslash character.
Activestate Activeperl
Larry Wall Perl
6.9
CVSSv2
CVE-2008-4997
dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage.
Pilot-qof Datafreedom-perl 0.1.7
2.1
CVSSv2
CVE-2005-4536
Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file.
Debian Libmail-audit-perl 2.1-5
2.1
CVSSv2
CVE-2003-0618
Multiple vulnerabilities in suidperl 5.6.1 and previous versions allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.
Perl Suidperl
Debian Debian Linux 3.0
7.5
CVSSv2
CVE-2015-8381
The compile_regex function in pcre_compile.c in PCRE prior to 8.38 and pcre2_compile.c in PCRE2 prior to 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'...
Pcre Perl Compatible Regular Expression Library
5
CVSSv2
CVE-2013-7490
An issue exists in the DBI module prior to 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
Perl Dbi
Canonical Ubuntu Linux 14.04
6.4
CVSSv2
CVE-2015-8382
The match function in pcre_exec.c in PCRE prior to 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote malicious users to obtain sensitive information from process mem...
Pcre Perl Compatible Regular Expression Library 8.36
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »