Various embodiments described herein relate to apparatus for executing software in a secure computing environment. A secure processor can be used and configured to request a context swap from a first context to a second context when switching execution from a first portion of software to a second portion of software. A context manager, which can be in communication with the secure processor, can be configured to receive and initiate a requested context swap. A trust vector verifier, which can be in communication with the secure processor and the context manager, can be configured to load a trust vector descriptor upon command from a context manager.

A method of communication in at least one electronic device is presented. In the method, a first execution thread and a second execution thread are created in the at least one electronic device. Also created is a message service for receiving messages for the first thread. A message to be transferred from the second thread to the message service of the first thread is generated. One of multiple data transfer mechanisms is selected for transferring the message from the second thread to the message service of the first thread based on a relationship between the first and second threads. This relationship may be one in which the first and second threads are executing within a single process, within different processes of the same device, or within different devices. The message is transferred to the message service of the first thread using the selected data transfer mechanism and processed in the first thread.

A computation device includes a data path element (300) including a function processing unit (4000) that executes a computation specified in a function using input data included in an event (1000) as an argument; and a control path element (2000) that detects the event (1000) by use of a return value (ret) of the function. The function processing unit (4000) includes a data calculation unit (4001) that executes a computation and outputs a first result (d0); and a control comparison unit (4002) that outputs, to the control path element (2000), a result of comparison between the input data and data for specifying the event (1000), as the return value (ret).

A system and a method are disclosed for batch execution of system calls in an operating system. In one implementation, a processing device configures a system call batching buffer table in a user space of an operating system, the system call batching buffer table including a plurality of system call units, associates a system call number with the system call batching buffer table, and issues a trap instruction to a kernel of the operating system to execute at least one of the plurality of system call units, the trap instruction including the system call number.

In one embodiment, a method includes obtaining a link to a video program; obtaining metadata that relates to the program and that defines, for a specified time point in the program, annotations to be invoked at the specified time point; wherein the annotations comprise: a graphic image; one or more filters, each of the filters comprising a key and one or more matching values; and optionally a reference to a video segment, an electronic document, program code statements, or a programmatic call; during playing the video, detecting that the video program is playing at the specified time point; in response to the detecting: for each particular annotation for the specified time point, retrieving a current value for the key, and causing to display the graphic image associated with that particular annotation only when the current value of the key matches one of the matching values of one of the filters.

An on-demand executable system includes an application acquisition engine configured to acquire a first application that is programmed to perform a first function and a second function. An applet extractor includes a function analyzer configured to analyze the first application to identify functions that the first application is programmed to perform. The identified functions include the first function. The applet extractor includes a code analyzer configured to analyze code of the first application to identify first code segments that implement the first function. The applet extractor includes an applet packager configured to package the first code segments into a first executable. An executable request servicer is configured to, in response to a request, transmit the first executable to a user device.

The system provides a method and apparatus for the dynamic distribution, deployment, and configuration of optimizable code modules for use with software workflows running on a single compute device or across a network connected grid of compute devices. The system comprises one or more collections of software and data modules stored in a content catalog, conforming to a defined interface, and having metadata conforming to a schema that enables the modules to be statically or dynamically optimized by the controlling workflow and a workflow manager. The system provides a service that enables code modules to be located, deployed, configured, and updated by the controlling workflow, the workflow manager, or a remote manager.

When the problem occurs, you are unable to perform any workflow actions in a SAS solution that uses SAS Workflow Services.

A Texas appeals court has issued a stay of execution for a death row inmate on grounds he is intellectually disabled.

The court held Mukesh Singh, Vinay Sharma, Akshay Thakur and Pawan Gupta guilty for rape, murder, destroying evidences and unnatural offence of the girl based on the testimony of the male companion and medical reports of the victim. Ram Singh, the primary accused commited suicide in Tihar Jail while in police custody. The juvenile, Mohd. Afroz was tried under The Juvenile Justice laws for rape and murder of girl and a maximum sentence of 3 years was given to him. All the four adult convicts were given a death sentence and were executed on 20th March, 2020.

Recovery is expected in Q2; upgraded to ‘Add’ given recent correction and other positives; TP cut to Rs 1,310.

I have a SKILL script that executes the callback of a menu item, and depends on first redefining an environment variable. 

When a user interrupts the script with ctrl-C, the script cannot finish to set the environment variable back to its default value.

How can I write the script in a way that handles a user interrupt to reset the changed environment variable after the interrupt?

I have a modeless informational dialog box defined at the beginning of a SKILL script, but its contents don't display until the script finishes.

How do you get a modeless dialog box contents to display while a SKILL script is running?

procedure(myproc()

   prog((myvars)

     hiDisplayAppDBox()    ; opens blank dialog box - no dboxText contents show until script completes!

     ....rest of SKILL code in script...launches child processes

   );prog

);proc

This Metasploit module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in February 2014. This Metasploit module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes rop chains for several Flash 11 versions, as exploited in the wild.

Using Advantech WebAccess SCADA Software and attacker can remotely manage industrial control systems devices like RTU's, generators, motors, etc. Attackers can execute code remotely by passing a maliciously crafted string to ConvToSafeArray API in ASPVCOBJLib.AspDataDriven ActiveX.

UCanCode has active-x vulnerabilities which allow for remote code execution and denial of service attacks.

Adobe Flash Active-X plugin version 28.0.0.137 remote code execution proof of concept exploit.

This Metasploit module exploits the Windows OLE automation array remote code execution vulnerability. The vulnerability exists in Internet Explorer 3.0 until version 11 within Windows 95 up to Windows 10.

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root.

Microsoft Windows SMB version 3.1.1 suffers from a code execution vulnerability.

This Metasploit module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.

LW-N605R devices allow remote code execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.

The Telerik UI for ASP.NET AJAX insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the software's underlying host.

This Metasploit module exploits a vulnerability that allows remote attackers to execute arbitrary code on vulnerable installations of Apache Shiro version 1.2.4.

This Metasploit module exploits an expression language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.

Citrix Application Delivery Controller and Citrix Gateway directory traversal remote code execution exploit.

PhreeBooks ERP version 5.2.5 suffers from a remote command execution vulnerability.

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passed to an insecure .NET deserialize call which allows for remote command execution.

Prestashop versions 1.7.6.4 and below suffer from code execution, cross site request forgery, and cross site scripting vulnerabilities.

ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.

DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).

IBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.

Linear eMerge E3 versions 1.00-06 and below arbitrary file upload remote root code execution exploit.

This Metasploit module exploits an underflow vulnerability in PHP-FPM versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certain Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code (see refs). First, it detects the correct parameters (Query String Length and custom header length) needed to trigger code execution. This step determines if the target is actually vulnerable (Check method). Then, the exploit sets a series of PHP INI directives to create a file locally on the target, which enables code execution through a query string parameter. This is used to execute normal payload stagers. Finally, this module does some cleanup by killing local PHP-FPM workers (those are spawned automatically once killed) and removing the created local file.

rConfig version 3.93 suffers from an authenticated ajaxAddTemplate.php remote code execution vulnerability.

PHPKB Multi-Language 9 suffers from an image-upload.php remote authenticated code execution vulnerability.

The Horde_Data module version 2.1.4 (and before) present in Horde Groupware version 5.2.22 allows authenticated users to inject arbitrary PHP code thus achieving remote code execution the server hosting the web application.

Pandora FMS version 7.0NG suffers from a net_tools.php remote code execution vulnerability.

This Metasploit module exploits a preauth Server-Side Template Injection vulnerability that leads to remote code execution in PlaySMS before version 1.4.3. This issue is caused by double processing a server-side template with a custom PHP template system called TPL which is used in the PlaySMS template engine at src/Playsms/Tpl.php:_compile(). The vulnerability is triggered when an attacker supplied username with a malicious payload is submitted. This malicious payload is then stored in a TPL template which when rendered a second time, results in code execution.

This Metasploit module exploits a vulnerability found in Pandora FMS 7.0NG and lower. net_tools.php in Pandora FMS 7.0NG allows remote attackers to execute arbitrary OS commands.

This Metasploit module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable, though 5.0.23 is vulnerable to a separate vulnerability. The module will automatically attempt to detect the version of the software. Tested against versions 5.0.20 and 5.0.23 as can be found on Vulhub.

Proof of concept exploit for a Microsoft VSCode python extension code execution vulnerability.

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.836 suffers from a remote command execution vulnerability.

rConfig version 3.9.4 searchField unauthenticated remote root code execution exploit.