Download
| Alert*
oval:org.secpod.oval:def:700182
It was discovered that libwww-perl incorrectly filtered filenames suggested by Content-Disposition headers. If a user were tricked into downloading a file from a malicious site, a remote attacker could overwrite hidden files in the user"s directory. oval:org.secpod.oval:def:300198 A vulnerability has been found and corrected in perl-libwww-perl: lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Conten ... oval:org.secpod.oval:def:100868 The libwww-perl collection is a set of Perl modules which provides a simple and consistent application programming interface to the World-Wide Web. The main focus of the library is to provide classes and functions that allow you to write WWW clients. The library also contain modules that are of more ... oval:org.secpod.oval:def:100574 The libwww-perl collection is a set of Perl modules which provides a simple and consistent application programming interface to the World-Wide Web. The main focus of the library is to provide classes and functions that allow you to write WWW clients. The library also contain modules that are of more ... |