ISSA Club - KSU Chapter

Latest Vulnerabilities

php530-bypass.txt

Description: PHP version 5.3.0 suffers from a pdflib extension open_basedir bypass vulnerability.
Archived by http://www.packetstormsecurity.org

------------------------------------------------------------------------------------------

linux-pipe.txt

Description: Proof of concept local privilege escalation exploit for the Linux kernel pipe.c vulnerability.
Archived by http://www.packetstormsecurity.org

------------------------------------------------------------------------------------------

ssl-mitm.c

Description: This is a proof of concept exploit for the man-in-the-middle vulnerability related to SSL/TLS.
Archived by http://www.packetstormsecurity.org

------------------------------------------------------------------------------------------

CORE-2009-0912.txt

Description: Core Security Technologies Advisory - Blender embeds a python interpreter to extend its functionality. Blender .blend project files can be modified to execute arbitrary commands without user intervention by design. An attacker can take full control of the machine where Blender is installed by sending a specially crafted .blend file and enticing the user to open it.
Archived by http://www.packetstormsecurity.org

------------------------------------------------------------------------------------------

ebfe.cpp

Description: Remote buffer overflow exploit for the Serv-U web client version 9.0.0.5.
Archived by http://www.packetstormsecurity.org

------------------------------------------------------------------------------------------

prdelka-vs-APPLE-ptracepanic.c

Description: Mac OS X versions 10.5.6 and 10.5.7 ptrace() mutex handling denial of service exploit. This code should be run in a loop and due to problems with mutex handling in ptrace a denial of service can occur when a destroyed mutex is attempted to be interlocked by the OSX kernel giving rise to a race condition. You may need to run this code multiple times.
Archived by http://www.packetstormsecurity.org

------------------------------------------------------------------------------------------

endonesia-lfi.txt

Description: Endonesia CMS version 8.4 suffers from a local file inclusion vulnerability.
Archived by http://www.packetstormsecurity.org

------------------------------------------------------------------------------------------

Portili-V1.14.txt

Description: The Portili Personal and Team Wiki versions 1.14 and below suffer from cross site scripting, shell upload, and information and password disclosure vulnerabilities.
Archived by http://www.packetstormsecurity.org

------------------------------------------------------------------------------------------

ecourier-xss.txt

Description: The e-Courier CMS tracking site suffers from a cross site scripting vulnerability.
Archived by http://www.packetstormsecurity.org

------------------------------------------------------------------------------------------

xfw-sql.txt

Description: Xerox Fiery Webtools suffers from a remote SQL injection vulnerability in /wt3/summary.php.
Archived by http://www.packetstormsecurity.org

------------------------------------------------------------------------------------------

Click here for the latest computer security news.