The UltraSVCam ActiveX Control 'UltraSVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraSVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include Bullet Type ICL5132 and Bullet Type ICL5452.

UCanCode has active-x vulnerabilities which allow for remote code execution and denial of service attacks.

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

DiskBoss version 7.7.14 Input Directory local buffer overflow proof of concept exploit.

Amcrest Dahua NVR Camera IP2M-841 denial of service proof of concept exploit.

The Linux kernel failed to properly initialize some entries the proto_ops struct for several protocols, leading to NULL being derefenced and used as a function pointer. By using mmap(2) to map page 0, an attacker can execute arbitrary code in the context of the kernel. Several public exploits exist for this vulnerability, including spender's wunderbar_emporium and rcvalle's ppc port, sock_sendpage.c. All Linux 2.4/2.6 versions since May 2001 are believed to be affected: 2.4.4 up to and including 2.4.37.4; 2.6.0 up to and including 2.6.30.4

Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privsec. WfsDelay is set to 24h, since this is how often a chkrootkit scan is scheduled by default.

This Metasploit module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault (GPF) when executing a SYSRET instruction with a non-canonical address in the RCX register. However, Intel processors check for a non-canonical address prior to dropping privileges, causing a GPF in privileged mode. As a result, the current userland RSP stack pointer is restored and executed, resulting in privileged code execution.

This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects using LD_PRELOAD, resulting in privileged code execution.

•An in silico clinical trial is underway with the 3DEXPERIENCE platform to evaluate the Living Heart simulated 3D heart for transforming how new devices can be tested •Five-year extension of their collaborative research agreement aims to spur medical device innovation by enabling innovative, new product designs •Both Dassault Systèmes and the FDA recognize the transformative impact of modeling and simulation on public health and patient safety

•Dassault Systèmes collaborated with SATS, Asia’s leading food solutions and gateway services provider, to boost operational efficiency, minimize food waste •Growth in airline passenger travel underscores need for sustainable excellence in aerospace industry-related commercial services •Digital twin experience with the 3DEXPERIENCE platform bridges the gap between the virtual and real for in-flight catering production

• The 3DEXPERIENCE Platform combines modeling, simulation, data science, artificial intelligence and collaboration in the virtual world to achieve sustainable innovation in life sciences • Dassault Systèmes, together with Medidata Solutions, will lead the digital transformation of life sciences in the age of personalized medicine and patient-centric experience • Connecting the 3DEXPERIENCE Platform with Medidata’s Clinical Trial platform connects the dots between research, development,...