•Dassault Systèmes becomes the first and only software provider today to be recognized as Groupe PSA’s preferred digital partner •Dassault Systèmes and Groupe PSA engage in long-term strategy with the intent to further deploy the 3DEXPERIENCE platform •New level of partnership will enable Groupe PSA to improve efficiency and innovation in challenging marketplace

•Annual event in Shanghai gathers global decision-makers to discuss digital trends, insights and best practices for sustainable manufacturing in the Industry Renaissance •Speakers include thought leaders from ABB, Accenture, China Center for Information Industry Development, FAW Group Corporation, Huawei, IDC, SATS •Interactive workshops featuring the 3DEXPERIENCE platform highlight the transformative role of virtual worlds on the creation of new customer experiences

•Lockheed Martin deploys the 3DEXPERIENCE platform as an engineering and manufacturing planning toolset •Multi-year collaboration aims to speed timelines and improve efficiencies of next generation products •Digital experience platform approach drives advances in complex, sophisticated aircraft innovation

Dassault Systèmes Reports First Quarter Financial Results With Recurring Software, Operating Margin and EPS At the High End of Its Non-IFRS Guidance

This Metasploit module exploits the Windows OLE automation array remote code execution vulnerability. The vulnerability exists in Internet Explorer 3.0 until version 11 within Windows 95 up to Windows 10.

Managed DSLS Service will be upgraded on Feb, 29th (starting Saturday Feb, 29th 2020 - 3AM - UTC+1)

BIOVIA Direct 2020

A vulnerability associated with Use of Hard-coded Credentials (CWE-798) exists in Simulation Process Intelligence (3DOrchestrate Services) on premises licensed program. The security risk is evaluated as High (CVSS v.3.0 Base Score 8.0) and affects all 3DEXPERIENCE releases (from 3DEXPERIENCE R2014x to 3DEXPERIENCE R2020x).

BIOVIA Direct

BIOVIA Direct

No information is available for this file.

Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem). A proof of concept exploit is included in this archive.

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

This Metasploit module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.

This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya versions below 6.3.0.2. A malicious user can upload an ASP file to an arbitrary directory without previous authentication, leading to arbitrary code execution with IUSR privileges.

DevExpress ASP.NET File Manager versions 10.2 through 13.2.8 suffer from a directory traversal vulnerability.

This Metasploit module exploits an injection vulnerability in Cogent DataHub prior to 7.3.5. The vulnerability exists in the GetPermissions.asp page, which makes insecure use of the datahub_command function with user controlled data, allowing execution of arbitrary datahub commands and scripts. This Metasploit module has been tested successfully with Cogent DataHub 7.3.4 on Windows 7 SP1.

This is a whitepaper that goes into detail on hacking ASP/ASPX websites manually.

This Metasploit module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 (9004 for version 8) which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or ASPX file to the web root leading to arbitrary code execution as NETWORK SERVICE or SYSTEM. This Metasploit module has been tested successfully on versions 11.3.0.355, 10.0.51.135, 10.0.50.107, 10.0.0.143, 9.0.30.248 and 8.0.2.51.

AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.