•Fifteen new disruptive projects and startups from Belgium, China, France, India, South Africa and the U.S. join the 3DEXPERIENCE Lab accelerator program •New incubator and fab lab partners including Centech in Canada and OuiCrea in China will empower early stage projects from the outset •Since 2015, the 3DEXPERIENCE Lab has evaluated nearly 500 projects and grown its network of mentors to 1,200

Multiple Microsoft Windows 98/ME/2000/XP/2003 HTML Help file loading hijack vulnerabilities exist. Proof of concept included.

Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.

ASP-DEv XM Forums RC 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

This Metasploit module exploits an injection vulnerability in Cogent DataHub prior to 7.3.5. The vulnerability exists in the GetPermissions.asp page, which makes insecure use of the datahub_command function with user controlled data, allowing execution of arbitrary datahub commands and scripts. This Metasploit module has been tested successfully with Cogent DataHub 7.3.4 on Windows 7 SP1.

Telerik ASP.NET AJAX RadEditor Control versions 2014.1.403.35 and 2009.3.1208.20 suffer from a persistent cross site scripting vulnerability.

ASP Dynamika version 2.5 suffers from arbitrary file upload and remote SQL injection vulnerabilities.

AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.

ASP.NET Core version 5.-RC1 suffers from an HTTP header injection vulnerability.

ASP.NET jVideo Kit version 1.0 suffers from a remote SQL injection vulnerability.

VLC for iOS was vulnerable to an unauthenticated insecure direct object reference vulnerability allowing for an attacker to compromise media. This issue was patched in the March, 2020 release.

MPC Sharj version 3.11.1 suffers from an arbitrary file download vulnerability.

EnumJavaLibs is a tool that can be used to discover which libraries are loaded (i.e. available on the classpath) by a remote Java application when it supports deserialization.

RSA BSAFE Crypto-J versions prior to 6.2.2 suffer from improper OCSP validation and PKCS#12 timing attack vulnerabilities.

Ubiquiti Networks UniFi Cloud Key with firmware versions 0.5.9 and 0.6.0 suffer from weak crypto, privilege escalation, and command injection vulnerabilities.

RSA BSAFE SSL-J versions prior to 6.2.4 contain a heap inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

B-Sides Ljubljana will be held April 4th, 2020 in Ljubljana, Slovenia.