/ 
libwww-perl-5b6
/ Mail::Cap
Security Advisories (4)
CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CPANSA-libwww-perl-2001-01 (2001-03-14)

If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for "http_proxy" permits "HTTP_PROXY" to be found, but this can be trivially set by the web client using the "Proxy:" header.

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

NAME

Mail::Cap - Parse mailcap files

DESCRIPTION

Parse mailcap files as specified in RFC 1524 - A User Agent Configuration Mechanism For Multimedia Mail Format Information. In the description below $type refers to the MIME type as specified in the Content-Type header of mail or HTTP messages. Examples of types are:

image/gif
text/html
text/plain; charset=iso-8859-1

METHODS

new()

$mcap = new Mail::Cap;
$mcap = new Mail::Cap "/mydir/mailcap";

Create and initialize a new Mail::Cap object. If you give it an argument it will try to parse the specified file. Without any arguments it will search for the mailcap file using the standard mailcap path, or the MAILCAPS environment variable if it is defined.

view($type, $file)

compose($type, $file)

edit($type, $file)

print($type, $file)

These methods invoke a suitable progam presenting or manipulating the media object in the specified file. They all return 1 if a command was found, and 0 otherwise. You might test $?" for the outcome of the command.

viewCmd($type, $file)

composeCmd($type, $file)

editCmd($type, $file)

printCmd($type, $file)

These methods return a string that is suitable for feeding to system() in order to invoke a suitable progam presenting or manipulating the media object in the specified file. It will return undef if no suitable specification exists.

field($type, $field)

Returns the specified field for the type. Returns undef if no specification exsists.

description($type)

textualnewlines($type)

x11_bitmap($type)

nametemplate($type)

These methods return the corresponding mailcap field for the type. These methods should be more convenient to use than the field() method for the same fields.

COPYRIGHT

Copyright (c) 1995 Gisle Aas. All rights reserved.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

AUTHOR

Gisle Aas <aas@oslonett.no>

Maintained by Graham Barr <bodg@tiuk.ti.com>

1 POD Error

The following errors were encountered while parsing the POD:

Around line 118:

Unterminated C<...> sequence