Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.

This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya versions below 6.3.0.2. A malicious user can upload an ASP file to an arbitrary directory without previous authentication, leading to arbitrary code execution with IUSR privileges.

This Metasploit module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 (9004 for version 8) which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or ASPX file to the web root leading to arbitrary code execution as NETWORK SERVICE or SYSTEM. This Metasploit module has been tested successfully on versions 11.3.0.355, 10.0.51.135, 10.0.50.107, 10.0.0.143, 9.0.30.248 and 8.0.2.51.

This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This Metasploit module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.

School ERP Pro version 1.0 suffers from an arbitrary file read vulnerability.

GitLab version 12.9.0 suffers from an arbitrary file read vulnerability.

i-doit Open Source CMDB version 1.14.1 suffers from an arbitrary file deletion vulnerability.

MPC Sharj version 3.11.1 suffers from an arbitrary file download vulnerability.

webTareas version 2.0.p8 suffers from an arbitrary file deletion vulnerability.

QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and (potentially) arbitrary execution of code.

ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.

Integria IMS version 5.0.86 suffers from an arbitrary file upload vulnerability that allows for remote command execution.

Dokeos versions 1.8.6.1 and 1.8.6.3 suffer from a remote file upload vulnerability via an fckeditor.

IBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.

Linear eMerge E3 versions 1.00-06 and below arbitrary file upload remote root code execution exploit.

Online Book Store version 1.0 suffers from an arbitrary file upload vulnerability.

Joomla GMapFP component version 3.30 suffers from an arbitrary file upload vulnerability.

WordPress Event-Registration plugin version 5.43 suffers from an arbitrary file upload vulnerability.

Playable version 9.18 for iOS suffers from script insertion and arbitrary file upload vulnerabilities.

Air Sender version 1.0.2 for iOS suffers from an arbitrary file upload vulnerability.

HardDrive version 2.1 for iOS suffers from an arbitrary file upload vulnerability.

Online Clothing Store version 1.0 suffers from an arbitrary file upload vulnerability.

PHP-Fusion version 9.03.50 suffers from an arbitrary file upload vulnerability.

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.851 suffers from an arbitrary database dropping vulnerability.

This Metasploit module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root.

The Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.

Source Engine CS:GO BuildID: 4937372 arbitrary code execution exploit.

SGI IRIX versions 6.4.x and below run-time linker (rld) arbitrary file creation exploit.

This Metasploit module exploits a remote arbitrary file write vulnerability in SolidWorks Workgroup PDM 2014 SP2 and prior. For targets running Windows Vista or newer the payload is written to the startup folder for all users and executed upon next user logon. For targets before Windows Vista code execution can be achieved by first uploading the payload as an exe file, and then upload another mof file, which schedules WMI to execute the uploaded payload. This Metasploit module has been tested successfully on SolidWorks Workgroup PDM 2011 SP0 on Windows XP SP3 (EN) and Windows 7 SP1 (EN).

Air Transfer Iphone version 1.3.9 suffers from remote denial of service and unauthenticated file access vulnerabilities.

This Metasploit module exploits a shell command injection vulnerability in the libnotify plugin. This vulnerability affects Metasploit versions 5.0.79 and earlier.

Research by fDi Intelligence reveals which countries receive more than their ‘expected share’ of FDI. 

Serbia’s minister of finance, Siniša Mali, explains why the country is one of Europe's economic stars, and how its FDI levels have risen on the back of this.

Foreign investment into Serbia is growing at a healthy pace thanks to its attractive automotive manufacturing industry and highly regarded free zones.

Serbia’s technology cluster is gaining momentum and attracting FDI, for both its software and hardware expertise.

Serbia’s 15 free zones are driving forward an ongoing flurry of foreign investment in the country’s buoyant manufacturing scene, especially in automotives.

GE Renewable Energy announced the shipment of the four tower sections that will be part of GE’s Haliade-X 12 MW prototype to be installed later this summer in Maasvlakte-Rotterdam (NL). The four segments at tower manufacturer GRI’s site in Seville, will be arriving in the Netherlands before the end of the month.

Global wind turbine makers are expanding manufacturing capacity in India to boost exports from the South Asian nation even as the country’s domestic industry faces headwinds.

A utility worker at the Delta 6 wind park in Brazil has been injured following yet another collapse of a General Electric (GE) turbine, bringing the total number of turbines to have failed in the America’s to five in 2019.

Serbia seeks to unblock investment in renewable energy after adopting legislation that opens gas and power markets in line with European Union guidelines.

One or two new runners for the units at the 355-MW Brazeau Power Station in Alberta, Canada, would allow owner TransAlta Corp. to better optimize revenue and provide valuable ancillary services. Modeling of the various upgrade options allowed the utility to arrive at the most valuable solution.

The European Commission's Climate Change Committee has approved a transfer of US$19.3 million in funding for tidal energy developer Atlantis Resources from the Kyle Rhea project to its 398-MW MeyGen project.

Test operations are under way at Norte Energia's 11.2-GW Belo Monte hydropower plant, developer Norte Energia said in a statement.

GE Renewable Energy and Future Wind said this week that they have signed an agreement to install the first Haliade-X 12-MW wind turbine prototype in Maasvlakte-Rotterdam this summer. The deal includes five years of testing and a 15-year full service Operation and Maintenance agreement.

This week Siemens Gamesa said it signed its third contract in so many years with Voltalia in Brazil to supply wind turbines for wind farms the company is building.