The 8th edition of YSTS (You Shot The Sheriff) has announced its call for papers. It will be held in Sao Paulo, Brazil on April 14th, 2014.
3b0ac16b1c3d1f2f338ca329022283e37fe61b9f45603e36ae05e59c69b84867
Etoshop B2B Vertical Marketplace Creator version 2.0 suffers from a remote SQL injection vulnerability.
4c97856afca4f37a4169b6c77b646730273f7c0f06d478284d87bf03d17fa7c9
HP Security Bulletin HPSBMU02874 3 - Potential security vulnerabilities have been identified with HP Service Manager and ServiceCenter for Windows, Linux, HP-UX, Solaris and AIX. The Java Runtime Environment (JRE) has been updated to correct these issues. Revision 3 of this advisory.
4c70eda32ba12099ad62298acd9d2be2d0eb44814e5ae0c535f3d1fb3f8c8e9c
Classifieds Creator version 2.0 suffers from a remote SQL injection vulnerability.
469802ef4e01943e3566c6fe54ad7a3e3e9a3e84b4851b5694bd10c727f2d6c7
C2C Forward Auction Creator version 2.0 suffers a remote SQL injection vulnerability.
ae31cd335ed87386bcafdb14fe024120d0f470311e5145ece776f00d8bebba93
This whitepaper is called Modern Web Application Firewalls Fingerprinting and Bypassing XSS Filters.
65acaee3edb30787203ec67ebd4b8e85f2ced5170a1f786efb797a9df09856b3
iScripts MultiCart versions 2.4 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
8116f2279a10f7bdb72b6df08d209697707902f047a882d86a524e3a509ac792
Osclass version 3.3 suffers from cross site request forgery, remote SQL injection, and directory traversal vulnerabilities.
4fa3514459f4aca30fccd02be0cf6585b6640c1c254bb345c870f8314607400b
IBM SPSS2 21 and later suffer from use of an encryption scheme with inherent weaknesses.
c58972c405ed50c8cc26d0d54d3e71001da9a74b2fb837e0a855029df5beba68
Microsoft Online, Office and Cloud suffer from persistent encoding issues that can allow for cross site scripting.
63cf5e2791308ca0d363962ff6c757b4793ef7bcfe09f63ed76b3d045e0a8e1f
Simple Machines Forum suffers from username impersonation and clickjacking issues. These issues are are present in SMF1 up to version 1.1.18 and SMF2 up to version 2.0.5.
ec054b0bcc023ef1325986cda6d0998e1dc4e6a4098ffcf06f2400521afdec66
Red Hat Security Advisory 2013-1801-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system. A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's Local Advanced Programmable Interrupt Controller implementation. A privileged guest user could use this flaw to crash the host.
d0f1b4d682fc9cc34de66855fdecdbfa199350b9da866e2821619994c2c3dc37
Red Hat Security Advisory 2013-1829-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash.
f778761e056c7efa104a541475faedf8d662d6d1bb56cca7afb6b493634b3cde
Red Hat Security Advisory 2013-1802-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state.
488924ed85a07410046fc5c802fdf12cb089449d350cd905dea1f623e371af24
Ubuntu Security Notice 2055-1 - Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled DateInterval objects. An attacker could use this issue to cause PHP to crash, resulting in a denial of service.
c6ef991d0ccc41796972414e6d71c5b30987d4a61cbb7d2479a0c2048a6270da
Debian Linux Security Advisory 2816-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
a0155be6343e9327de45b565e42824097017d0c21bade638fa6da7395e180c7f