Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.

Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.

Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.

This Metasploit module exploits a stack buffer overflow vulnerability in the handling of the TextBytesAtom records by Microsoft PowerPoint Viewer. According to Microsoft, the PowerPoint Viewer distributed with Office 2003 SP3 and earlier, as well as Office 2004 for Mac, are vulnerable. NOTE: The vulnerable code path is not reachable on versions of Windows prior to Windows Vista.

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.

Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot is needed to restart the webserver to make any modification to the device.

This Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.

(Please visit the site to view this video)

If you're a frequent visitor to our site, you might notice a few changes in the coming weeks. That's because we're making some big improvements and are proud to announce the upcoming launch of the newly redesigned TechSoup.org.

As a social enterprise, we never stop working to better serve nonprofits that share in our commitment to building a more equitable planet. In fact, TechSoup currently works with more than 965,000 NGOs in 236 countries and territories and has facilitated over $9 billion in U.S. market value of in-kind technology and funding.

To that end, we've created a refreshed, modern web presence to streamline access to all our traditional and beloved products and services. It will also serve as the place where TechSoup technologies and services are first announced.

The new TechSoup.org has been optimized for mobile devices, so you'll be able to experience all the new functionality wherever you go. We've also built the site with accessibility in mind on several fronts. And we're launching a new blog.

Our new website will officially go live in early November.

A Streamlined User Experience

Nonprofits who are regular visitors to TechSoup will find a streamlined catalog that makes finding product offers and solutions easier and more efficient. Additionally, the home page has been reconfigured, sending a clearer message of who we are and what we offer as an organization.

"We reduced clutter and developed a cleaner, simpler user experience with more breathing room in the interface to encourage users to do what they are intended to do on the site," says TechSoup head of user experience Tyler Benari. "It will now be easier to benefit from offerings available in and out of our catalog, interact with others in the nonprofit community, and gain access to other TechSoup services."

Maximized for Mobile

TechSoup's updated website will be maximized for mobile devices, allowing nonprofit staffers to take advantage of the many offers on TechSoup.org right from their phone or tablet.

"It's an exciting time," Benari says. "We will now be able to literally get TechSoup into more people's hands. Redesigning the site to be more mobile-friendly will allow us to grow our community much faster and better serve the existing nonprofits we love so much."

Improved Accessibility

The newly redesigned TechSoup.org also features greater accessibility and is informed by Web Content Accessibility 2.0 Guidelines (WCAG).

"TechSoup cares very much about accessibility and enabling access for all people," Benari says, describing two key factors that have been improved upon: contrast and code. "Our new color scheme makes it easier for people with impaired vision to access content on the site, and our code was updated to better communicate with screen readers."

A New Blog Platform

Finally, we're excited to introduce our new blog, more suited to integrate existing TechSoup.org content in a single, easy-to-access location. We've given the platform an upgrade, complete with a fresh look and improved functionality aimed to make blog posts more easily shareable and to promote a more robust multimedia experience.

You'll continue to see improvements in the coming months as we receive feedback from the communities we serve. Also, be on the lookout for more information surrounding the new site, including a webinar and short video.

spanhidden

Severe threats to the environment accounted for all of the five most likely long-term risks in the WEF’s Global Risks Report 2020.

The US has the world’s strongest soft power, while China and Russia are rising in influence, according to a recent ranking from Brand Finance.

Announced greenfield projects into China plummeted in early 2020 with the US and Europe taking the lion's share of global foreign investment. 

North Rhine-Westphalia is fDi's top large region for FDI Strategy, with the Basque Country topping the table for mid-sized regions and Ireland South East first among small regions. 

This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion (CVE-2018-4233). The type confusion leads to the ability to allocate fake Javascript objects, as well as the ability to find the address in memory of a Javascript object. This allows us to construct a fake JSCell object that can be used to read and write arbitrary memory from Javascript. The module then uses a ROP chain to write the first stage shellcode into executable memory within the Safari process and kick off its execution. The first stage maps the second stage macho (containing CVE-2017-13861) into executable memory, and jumps to its entrypoint. The CVE-2017-13861 async_wake exploit leads to a kernel task port (TFP0) that can read and write arbitrary kernel memory. The processes credential and sandbox structure in the kernel is overwritten and the meterpreter payloads code signature hash is added to the kernels trust cache, allowing Safari to load and execute the (self-signed) meterpreter payload.

WhatWeb is a next-generation web scanner. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Philomène Dias, director of inward investment at Portuguese investment promotion agency Aicep, on how staff and organisation are working through lockdown.

Despite nurturing its R&D capacity, the city of Braunschweig lags its German peers in attracting FDI. Now it hopes a focus on the mobility sector will mean its technical skills are matched with investment.

The minister of foreign affairs for Belarus tells fDi why the country is keen to join the WTO and strengthen economic relations with the CIS.