1 Click Audio Converter version 2.3.6 suffers from an active-x buffer overflow vulnerability.

BarcodeWiz ActiveX Control versions prior to 6.7 suffers from a buffer overflow vulnerability.

Linux/ppc shellcode which connects /bin/sh to a host. connect-core5.s is appended.

In the macOS kernel, the XNU function wait_for_namespace_event() in bsd/vfs/vfs_syscalls.c releases a file descriptor for use by userspace but may then subsequently destroy that file descriptor using fp_free(), which unconditionally frees the fileproc and fileglob. This opens up a race window during which the process could manipulate those objects while they're being freed. Exploitation requires root privileges.

•Fifteen new disruptive projects and startups from Belgium, China, France, India, South Africa and the U.S. join the 3DEXPERIENCE Lab accelerator program •New incubator and fab lab partners including Centech in Canada and OuiCrea in China will empower early stage projects from the outset •Since 2015, the 3DEXPERIENCE Lab has evaluated nearly 500 projects and grown its network of mentors to 1,200

•Survey of 3,000 consumers in the U.S., China and France examines views on personalization in healthcare, mobility, retail, and home and city environments •Personalization in healthcare, prioritized over other categories, will require AI, 5G and home assistant technologies to achieve, according to respondents •Consumers will pay on average 25.3% more for personalization, but they expect a savings in return •Generation X, millennials, and Generation Z are more willing to pay and share data...

CoronaBlue aka SMBGhost proof of concept exploit for Microsoft Windows 10 (1903/1909) SMB version 3.1.1. This script connects to the target host, and compresses the authentication request with a bad offset field set in the transformation header, causing the decompresser to buffer overflow and crash the target.

Telerik ASP.NET AJAX RadEditor Control versions 2014.1.403.35 and 2009.3.1208.20 suffer from a persistent cross site scripting vulnerability.

The No cON Name 2019 call for papers has been announced. It will be held in Barcelona, Spain, from November 14th and 15th, 2019.

RootedCON is a technology congress that will be held in Madrid (Spain) March 5th through the 7th, 2020. With an estimated seating from 2,000 and 2,500 people, is the most relevant specialized congress that is held in the country, and one of the most relevant in Europe, with attendee profiles ranging from students, Law Enforcement Agencies to professionals in the technology and information security market and, even, just passionate people.

The 16th CarolinaCon will be hosted in Charlotte at the Embassy Suites April 10th through the 11th, 2020.

This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

Citrix Application Delivery Controller and Citrix Gateway directory traversal remote code execution exploit.

SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.

Symantec Endpoint Protection versions 14.2.5323.2000, 14.2.5569.2100, and 14.2.5587.2100 suffer from a race condition vulnerability.

This Metasploit module exploits a stack buffer overflow in ASX to MP3 converter 3.1.3.7. By constructing a specially crafted ASX file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode. Tested on: Microsoft Windows 7 Enterprise, 6.1.7601 Service Pack 1 Build 7601, x64-based PC Microsoft Windows 10 Pro, 10.0.18362 N/A Build 18362, x64-based PC.

QRadar Community Edition version 7.3.1.6 suffers from cross site request forgery and weak access control vulnerabilities.