This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This module has been tested with CentOS 7 (1708). CentOS default install will require console auth for the users session. Xorg must have SUID permissions and may not start if running. On successful exploitation artifacts will be created consistent with starting Xorg.

SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.

The Microsoft Windows kernel suffers from a 64-bit pool memory disclosure vulnerability via REG_RESOURCE_REQUIREMENTS_LIST registry values.

This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:SoftwareClassesexefileshellopencommand), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.

Source Engine CS:GO BuildID: 4937372 arbitrary code execution exploit.

Snare for Squid provides a remote distribution facility for Squid proxy server logs, and is known to run on most Unix variations, including Linux, Solaris, AIX, Tru64, and Irix. Snare for Squid can be used to send data to either a remote or local SYSLOG server, or the Snare Server for centralized collection, analysis, and archival.

Whitepaper that shows how easy you can build a fuzzer for the MQTT protocol by using the Polymorph framework.

User's Guide to VAX/VMS

SAPUI5 version 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53are vulnerable to content spoofing in multiple parameters.

Open-Xchange OX App Suite suffers from a content spoofing, cross site scripting, and information disclosure vulnerabilities. Versions affected vary depending on the vulnerability.

The QuickHeal parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive (GPFLAG) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating.

Eco Equity is one of only a few Europe-based investors in medicinal cannabis from Africa and the Caribbean, an area in which the UK is missing an opportunity, according to CEO Jon-Paul Doran.

Embodied by its huge historic port and diverse population, Antwerp has long embraced globalisation. Renewed impetus from stakeholders across Belgium’s second most populous city is ensuring ample opportunities for foreign investors.

German utility EnBW has acquired French wind and solar developer and operator VALECO.

Statkraft announces it has decided to start construction of the 51.6-MW Los Lagos hydropower plant in Chile. The construction is planned to commence in August and completion is scheduled for second half of 2022.

An Abu Dhabi-based company that builds drilling platforms for oil giant Saudi Aramco plans to diversify into renewable energy by supplying gear for offshore wind farms.

Voith has received an order for the Ritom pumped storage power plant in Switzerland, which began operating in 1920 and will be replaced with a new facility.

Plans are under way to rebuild one of Ontario Power Generation’s oldest hydroelectric generating stations, which was damaged by a tornado in 2018. Constructed in 1917, the 5-MW Calabogie Generating Station has produced renewable, low-cost electricity on the Madawaska River for decades.

Saudi Arabia, the world’s biggest oil exporter, is poised to start generating wind power within three years as part of an effort to harness renewable energy to cut local demand for fossil fuels.

Last week, Corvias announced that it had entered the final phase of its geothermal installation and energy upgrades effort at the U.S. Army’s Fort Polk in West-Central Louisiana, a milestone that once complete will not only modernize the aging infrastructure but save the Army significant money and benefit military families.

The project award is valued at about $98 million, according to IEA, and will be able to power up to 115,000 average homes