The Hackito Ergo Sum 2014 Call For Papers has been announced. It will be held from April 24th through the 26th, 2014 in Paris France.
e4a89cb78692d049fedd19d09c3d84b94ed218080e192eece339ea68a1390f44
Gentoo Linux Security Advisory 201401-11 - Multiple vulnerabilities have been found in Perl and Locale::Maketext Perl module, the worst of which could allow a context-dependent attacker to execute arbitrary code. Versions less than 5.16.3 are affected.
92d8d5759a27b001185c6521fec4e8b39a433512603eecfa0564f8a319809a00
Gentoo Linux Security Advisory 201401-10 - Multiple vulnerabilities have been found in libexif and exif, some of which may allow execution of arbitrary code. Versions less than 0.6.21 are affected.
8e049747b64ce62958b8188f01ce787852d0b8fe60a51cc5691962b2625a6ff0
Gentoo Linux Security Advisory 201401-9 - A vulnerability in Openswan could result in execution of arbitrary code or Denial of Service. Versions less than 2.6.39 are affected.
d4e96cbeeefc87ca2407e521e745e88d0d04544a5e816c3a7aa0cb2c4f406904
Red Hat Security Advisory 2014-0045-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The JBoss Seam Remoting component provides a convenient method of remotely accessing Seam components from a web page, using AJAX. It was found that the ExecutionHandler, PollHandler, and SubscriptionHandler classes in JBoss Seam Remoting unmarshalled user-supplied XML and resolved external entities in this XML. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML External Entity attacks.
5182752535401efe3bedbcfe692f9abf8cfcd81266bb6f49bb17b538b10c8704
Red Hat Security Advisory 2014-0044-01 - Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses "lenses" as basic building blocks for establishing the mapping from files into the Augeas tree and back. A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content.
bcc04e71dd127335ad1d05c553fa9c6e4d71e2879bd3aaf659b42e8e40dbf8a0
Red Hat Security Advisory 2014-0043-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.
234078fe16c6ddf238e34a309eb50b41a8acaa76c37365c6d163ec0c9934835e
Mandriva Linux Security Advisory 2014-012 - The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. The updated packages have been upgraded to the 3.15.4 version which is not vulnerable to this issue.
b89f1b4a4e243ae1667aaeb1c78d43bed14afd1547721ce92ea804fd904255b6
Mandriva Linux Security Advisory 2014-011 - Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the Serviceability, Security, CORBA, JAAS, JAXP, and Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the Beans component did not restrict processing of XML external entities. This flaw could cause a Java application using Beans to leak sensitive information, or affect application availability. It was discovered that the JSSE component could leak timing information during the TLS/SSL handshake. This could possibly lead to disclosure of information about the used encryption keys. The updated packages provides a solution for these security issues.
b0d7eb9b9f33d4066272ecfbbec9f2e56cb4eb2af0a63f451f9dbfe4e7a36e50
Gentoo Linux Security Advisory 201401-14 - Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 7.34.0-r1 are affected.
db468e099ee0183090e4d1c7e60955a697fc5a4848c7ebb9fdb2c66ab4bb731a
Gentoo Linux Security Advisory 201401-13 - Multiple vulnerabilities have been found in VirtualBox, allowing local attackers to escalate their privileges or cause a Denial of Service condition. Versions less than 4.2.22 are affected.
6d2ece62ea5369425ee50f1c0be7833961be531fb3bbd68835b9e7eece595cd3
Gentoo Linux Security Advisory 201401-12 - Multiple vulnerabilities have been found in GNUstep Base library, the worst of which allow execution of arbitrary code. Versions less than 1.20.1 are affected.
4b51e771e759f04f2f89772e3d70ac0566ae216c477a4fdcf124150996355f97
BlueCom router model 5360/52018 remote password reset exploit.
1df37516e18bbd05eb9e2493cc89692b26c7b3fde30f10df5fca3d6f671c146f
Doodgle4Gift suffers from cross site scripting and information disclosure vulnerabilities.
ac6ed020a4de6c84c32ac4a848e07ddc0e3714af223ce17889e8945c33933635
This is a whitepaper discussing the use of cookies. Written in Persian.
876b721cfce59078081bee0f96df5067acad3fcdadc2c66fc1e1dee1cb2e1735
Autoresponder PRO suffers from a cross site scripting vulnerability.
6a72d5a41181acd1f73aa228461069b1ffc5eb74580dddd878aed9a261d39726
Teracom Modem version T2-B-Gawv1.4U10Y-BI suffers from a cross site scripting vulnerability.
8b0e8f3c15cb36092bab48e7be96a0d9a24619bc1cf953f44183dde5a9dc286a
WordPress Social Ring plugin versions 1.0 through 1.1.9 suffer from a cross site scripting vulnerability.
f2bc5ff0e51408bc5046a10752b236f95ce7898e362f2b13bd030293f6144837
WordPress Global Flash Galleries plugin suffers from an arbitrary file upload vulnerability. Note that this finding houses site-specific data.
2dd83399faca3e5d1e36f0966e5019a64279821bcb41fc8ebfee2cd41cd4b56f