•Annual event in Shanghai gathers global decision-makers to discuss digital trends, insights and best practices for sustainable manufacturing in the Industry Renaissance •Speakers include thought leaders from ABB, Accenture, China Center for Information Industry Development, FAW Group Corporation, Huawei, IDC, SATS •Interactive workshops featuring the 3DEXPERIENCE platform highlight the transformative role of virtual worlds on the creation of new customer experiences

•Customers can seamlessly extend their design to manufacturing ecosystem to the cloud with the integrated 3DEXPERIENCE.WORKS portfolio, enabling new levels of functionality, collaboration, agility and operational efficiency •Latest release of 3D design and engineering portfolio features hundreds of enhancements, new capabilities and workflows to accelerate and improve product development •Over six million SOLIDWORKS users can innovate products faster with better performance and streamlined...

●Electric air mobility pioneer used the 3DEXPERIENCE platform on the cloud to develop prototype in two years ●“Reinvent the Sky” industry solution experience provides full data security in a single, standards-based environment ●Dassault Systèmes enables companies of all sizes to create new categories of sustainable air mobility systems that will change how the world travels

Multiple Microsoft Windows 98/ME/2000/XP/2003 HTML Help file loading hijack vulnerabilities exist. Proof of concept included.

A vulnerability associated with Use of Hard-coded Credentials (CWE-798) exists in Simulation Process Intelligence (3DOrchestrate Services) on premises licensed program. The security risk is evaluated as High (CVSS v.3.0 Base Score 8.0) and affects all 3DEXPERIENCE releases (from 3DEXPERIENCE R2014x to 3DEXPERIENCE R2020x).

BIOVIA Pipeline Pilot Chemistry SDK 2019

BIOVIA Pipeline Pilot Chemistry SDK 2020

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Building a Long Range Directional Listening Device -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Written by -Q- ==============

Qualys discovered a local privilege escalation in OpenBSD's dynamic loader (ld.so). This vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and yields full root privileges. They developed a simple proof of concept and successfully tested it against OpenBSD 6.6 (the current release), 6.5, 6.2, and 6.1, on both amd64 and i386; other releases and architectures are probably also exploitable.

This Metasploit module exploits a vulnerability in the OpenBSD ld.so dynamic loader (CVE-2019-19726). The _dl_getenv() function fails to reset the LD_LIBRARY_PATH environment variable when set with approximately ARG_MAX colons. This can be abused to load libutil.so from an untrusted path, using LD_LIBRARY_PATH in combination with the chpass set-uid executable, resulting in privileged code execution. This module has been tested successfully on OpenBSD 6.1 (amd64) and OpenBSD 6.6 (amd64).

Microsoft Windows WizardOpium local privilege escalation exploit.

CoronaBlue aka SMBGhost proof of concept exploit for Microsoft Windows 10 (1903/1909) SMB version 3.1.1. This script connects to the target host, and compresses the authentication request with a bad offset field set in the transformation header, causing the decompresser to buffer overflow and crash the target.

Microsoft Windows SMB version 3.1.1 suffers from a code execution vulnerability.

Microsoft Windows 10 SMB version 3.1.1 SMBGhost local privilege escalation exploit.

The Windows "net use" network logon type-3 command does not prompt for authentication when the built-in Administrator account is enabled and both remote and originating systems suffer from password reuse. This also works as "standard" user but unfortunately we do not gain high integrity privileges. However, it opens the door and increases the attack surface if the box we laterally move to has other vulnerabilities present.

Microsoft Windows suffers from an NtFilterToken ParentTokenId incorrect setting that allows for elevation of privileges.

In Microsoft Windows, by using the poorly documented SE_SERVER_SECURITY Control flag it is possible to set an owner different to the caller, bypassing security checks.

This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:program fileshello.exe; The Windows API will try to interpret this as two possible paths: C:program.exe, and C:program fileshello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some software such as OpenVPN 2.1.1, OpenSSH Server 5, and others have the same problem.

ASP Dynamika version 2.5 suffers from arbitrary file upload and remote SQL injection vulnerabilities.

ASP Dynamika version 2.5 suffers from a cross site scripting vulnerability.

The ZyXEL P-660HN-T1 V2 rpWLANRedirect.asp page is missing authentication and discloses an administrator password.