There was article in Phrack named 'RPC without borders' about quite serious security hole in SOAP::Lite module four months ago. Have it been fixed? Not yet.
What this article about? In short: you can call any Perl subroutine on side of SOAP::Lite based server. As proof I've wrote simple exploit which gives instant shell access on any box which runs SOAP::Lite based server.
Why such serious security hole haven't been fixed for so long time? I guess nobody bothered to send email to Paul Kulchenko (author of this module). So I've just sent him email about it (with my exploit attached).
In spirit of full disclosure I'm going to post that exploit on bugtraq in two weeks whenether this security hole fixed or not.
