Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-139: Persits Software XUpload 'AddFile()' Method ActiveX Control Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-139: Persits Software XUpload 'AddFile()' Method ActiveX Control Vulnerability
# 1  
Old 01-30-2008
S-139: Persits Software XUpload 'AddFile()' Method ActiveX Control Vulnerability
XUpload is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. The risk is MEDIUM. An attacker may exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

method::signatures::modifiers

Method::Signatures::Modifiers(3pm)			User Contributed Perl Documentation			Method::Signatures::Modifiers(3pm)

NAME

       Method::Signatures::Modifiers - use Method::Signatures from within MooseX::Declare

SYNOPSIS

	   use MooseX::Declare;
	   use Method::Signatures::Modifiers;

	   class Foo
	   {
	       method bar (Int $thing) {
		   # this method is declared with Method::Signatures instead of MooseX::Method::Signatures
	       }
	   }

	   # -- OR --

	   use MooseX::Declare;

	   class My::Declare extends MooseX::Declare
	   {
	       use Method::Signatures::Modifiers;
	   }

	   # ... later ...

	   use My::Declare;

	   class Fizz
	   {
	       method baz (Int $thing) {
		   # this method also declared with Method::Signatures instead of MooseX::Method::Signatures
	       }
	   }

DESCRIPTION

       Allows you to use Method::Signatures from within MooseX::Declare, both for the "method" keyword and also for any method modifiers
       ("before", "after", "around", "override", and "augment").  Typically method signatures within MooseX::Declare are provided by
       MooseX::Method::Signatures.  Using Method::Signatures instead provides several advantages:

       o   MooseX::Method::Signatures has a known bug with Perl 5.12.x which does not plague Method::Signatures.

       o   Method::Signatures may provide substantially better performance when calling methods, depending on your circumstances.

       o   Method::Signatures error messages are somewhat easier to read (and can be overridden more easily).

       However, Method::Signatures cannot be considered a drop-in replacement for MooseX::Method::Signatures.  Specifically, the following
       features of MooseX::Method::Signatures are not available to you (or work differently) if you substitute Method::Signatures:

       Types for Invocants

       MooseX::Method::Signatures allows code such as this:

	   method foo (ClassName $class: Int $bar) {
	   }

       Method::Signatures does not allow you to specify a type for the invocant, so your code would change to:

	   method foo ($class: Int $bar) {
	   }

       "where" Constraints

       MooseX::Method::Signatures allows code like this:

	   # only allow even integers
	   method foo (Int $bar where { $_ % 2 == 0 }) {
	   }

       Method::Signatures does not currently allow this, although it is a planned feature for a future release.

       Parameter Aliasing (Labels)

       MooseX::Method::Signatures allows code like this:

	   # call this as $obj->foo(bar => $baz)
	   method foo (Int :bar($baz)) {
	   }

       This feature is not currently planned for Method::Signatures.

       Placeholders

       MooseX::Method::Signatures allows code like this:

	   method foo (Int $bar, $, Int $baz)) {
	       # second parameter not available as a variable here
	   }

       This feature is not currently planned for Method::Signatures.

       Traits

       In MooseX::Method::Signatures, "does" is a synonym for "is".  Method::Signatures does not honor this.

       Method::Signatures supports several traits that MooseX::Method::Signatures does not.

       MooseX::Method::Signatures supports the "coerce" trait.	Method::Signatures does not currently support this, although it is a planned
       feature for a future release, potentially using the "does coerce" syntax.

BUGS, CAVEATS and NOTES
       Note that although this module causes all calls to MooseX::Method::Signatures from within MooseX::Declare to be completely replaced by
       calls to Method::Signatures (or calls to Method::Signatures::Modifiers), MooseX::Method::Signatures is still loaded by MooseX::Declare.
       It's just never used.

       The "compile_at_BEGIN" flag to Method::Signatures is ignored by Method::Signatures::Modifiers.  This is because parsing at compile-time can
       cause method modifiers to be added before the methods they are modifying are composed into the Moose classes.  Parsing of methods at run-
       time is compatible with MooseX::Method::Signatures.

THANKS

       This code was written by Buddy Burden (barefootcoder).

       The import code for replacing MooseX::Method::Signatures is based on a suggestion from Nick Perez.

LICENSE

       Copyright 2011 by Michael G Schwern <schwern@pobox.com>.

       This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

       See http://www.perl.com/perl/misc/Artistic.html

SEE ALSO

       MooseX::Declare, Method::Signatures, MooseX::Method::Signatures.

perl v5.14.2							    2012-06-03					Method::Signatures::Modifiers(3pm)