Oce Colorwave 500 printer suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities.

QRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens (UUIDs). QRadar fails to validate if the user-supplied token is in the correct format. Using path traversal it is possible for authenticated users to impersonate other users, and also to executed arbitrary code (via Java deserialization). The code will be executed with the privileges of the Tomcat system user.

Easy Transfer version 1.7 for iOS suffers from cross site scripting and directory traversal vulnerabilities.

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution.

This is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of popular products including HP, Amazon, Apache, Cisco, etc. The idea is that often archive extraction libraries have no mitigations against directory traversal attacks. If an application uses it, there is a risk when opening an archive that is maliciously modified, and results in the embedded payload to be written to an arbitrary location (such as a web root), and results in remote code execution.

Solaris version 11.4 xscreensaver local privilege escalation exploit.

This Metasploit module exploits a vulnerability in xscreensaver versions since 5.06 on unpatched Solaris 11 systems which allows users to gain root privileges. xscreensaver allows users to create a user-owned file at any location on the filesystem using the -log command line argument introduced in version 5.06. This module uses xscreensaver to create a log file in /usr/lib/secure/, overwrites the log file with a shared object, and executes the shared object using the LD_PRELOAD environment variable. This module has been tested successfully on xscreensaver version 5.15 on Solaris 11.1 (x86) and xscreensaver version 5.15 on Solaris 11.3 (x86).

iFileExplorer Free for iPod Touch / iPhone version 2.8 suffers from a remote directory traversal vulnerability.

Checkview version 1.1 for iPhone / iPod Touch suffers from a directory traversal vulnerability.

iPhone/iPad Phone Drive version 1.1.1 suffers from a directory traversal vulnerability.

The Twitter 5.0 application for iPhone grabs images over HTTP and due to this, allows for a man in the middle attack / image swap. Proof of concept included.

This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ versions 5.x before 5.11.2 for Windows. The module tries to upload a JSP payload to the /admin directory via the traversal path /fileserver/..\admin\ using an HTTP PUT request with the default ActiveMQ credentials admin:admin (or other credentials provided by the user). It then issues an HTTP GET request to /admin/.jsp on the target in order to trigger the payload and obtain a shell.

This tool is a wrapper for the reaver WPS attack toolkit. As there is no automatic way to prescan, decide, and then start the attack, this wrapper takes care of it. Written in perl.

This Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.

In 2015, the state of Louisiana consumed more energy per capita than any other state, according to the U.S. Energy Information Administration. Although this may not come as a complete surprise — the state's warm, muggy climate makes air conditioning a must — it's clear that Louisiana's energy-use profile needs a drastic transformation.

The Energy Wise Alliance (EWA), a small nonprofit based in New Orleans, is determined to do just that. Along the way, the organization has gotten a boost from Microsoft's MileIQ app.

MileIQ is a mobile app from Microsoft that automatically tracks the miles you've traveled and records all of your tax-deductible and reimbursable mileage. It's kind of like using a Fitbit, except you're tracking your driving. You can report your business drives on demand and claim your reimbursements or maximize your tax deductions. The average MileIQ user is logging $6,900 per year.

Building a More Energy-Efficient Community

EWA works to make energy efficiency more accessible to everyone. The organization works primarily with low-income families, tenants, and others who would otherwise be left out of the green energy revolution. EWA accomplishes its goals through both workshops and equipment upgrades at homes and businesses.

Its Energy Smart for Kids program teaches students throughout the state how to lead a more energy-efficient lifestyle. These hourlong sessions cover the pitfalls of nonrenewable energy and detail more sustainable alternatives. At the end of each session, EWA volunteers hand out energy-efficiency starter kits so students can apply what they learned at home.

Much like the rest of EWA's programs, Energy Smart for Kids serves underserved and underprivileged communities. In fact, many of the schools that EWA serves are Title 1 schools — schools whose students generally come from lower-income households.

Aside from schools, EWA also helps nonprofits become more sustainable.

Making Nonprofits Greener and More Cost-Efficient

Nonprofits can benefit from EWA's work by way of simple but effective power-saving retrofits. EWA also provides volunteer labor and donates the materials for the retrofits, which means added cost savings. And as we all know, cost-saving programs are like gold dust for nonprofits.

For example, volunteers from EWA revitalized the Victorian-era headquarters of the Alliance Française, a nonprofit dedicated to preserving Francophone heritage in the New Orleans community, with sustainable retrofits. As part of these upgrades, EWA sealed cracks, gaps, and openings; installed additional insulation; and programmed new thermostats.

In addition, EWA gave the Alliance Française's volunteers a hands-on demonstration of behavioral changes so that they could bring this knowledge back home. EWA anticipated that the Alliance Française would save a total of $2,000 to $3,000 as a result of these green improvements.

EWA's staff members also actively save money and operate more efficiently through the use of the mile-tracking app MileIQ.

Saving Time and Money with MileIQ

This method, as you can imagine, was time-consuming, and it brought with it the risk of human error. Most people can't possibly remember every single trip they make with their car, after all.

"MileIQ is super accurate and takes the forgetting out of the equation," said Jamie Wine, executive director of EWA.

For Kevin Kellup, education coordinator at EWA, MileIQ has been a game-changer. Jamie explained, "Kevin drives like crazy from school to school," racking up miles on his personal car. Now, thanks to MileIQ, Kevin can get more fairly and accurately reimbursed for his constant traveling.

The most important benefit of Microsoft's MileIQ for Jamie is that his staff can be correctly reimbursed for mileage. He wants to show staff members that he values their time and effort spent traveling, which MileIQ really helps him achieve.

For nonprofits, particularly small ones like EWA, it's always great when the team can receive fair compensation for its hard work. "The staff doesn't get paid much," Jamie said. And considering how important staff members' work is to the community, every penny matters. That's also where TechSoup comes in.

TechSoup's Role: "Essential"

Through TechSoup, eligible nonprofits can get MileIQ at 80 percent off the subscription rate. "Without TechSoup," Jamie noted, "this huge step up in technology" would not have been possible. The MileIQ discount program from Microsoft has made acquiring MileIQ way easier on the nonprofit's pocket.

Having also previously obtained Microsoft Office 365 and QuickBooks Online through TechSoup, Jamie said, "TechSoup is a great equalizer." He mentioned that TechSoup helps a small nonprofit to grow into a technologically advanced organization. He added, "The super discounted products from TechSoup are like the pot of gold at the end of the rainbow."

Getting MileIQ Premium

Eligible nonprofits can get MileIQ at 80 percent off the individual subscription rate through TechSoup and can request an unlimited number of individual subscriptions. In addition to individual subscriptions, MileIQ is now included with an Office 365 Business Premium license. Nonprofits who currently do not have an Office 365 license can visit Microsoft's Office 365 for nonprofits page to register.

This blog post was written by Nicholas Fuchs.

spanhidden

Poor infrastructure and political instability deter tourism, but small and manageable steps to avoid chaos and promote hospitality can work wonders.

The chief executive of Ras Al Khaimah Economic Zone (RAKEZ), shares his views over the perks of free zones in emerging markets. 

California, long a progressive leader on renewable energy and climate change mitigation, has neglected a key market segment for renewable energy: the “community-scale,” or “wholesale distributed generation” (DG), market. This market segment is defined as projects below 20 megawatts that connect to the distribution grid and export power to the grid for sale.

Bernie Sanders wants renewable energy to power U.S. homes and vehicles by 2030 -- and he wants to do it by enlisting the federal government in building and running new solar, wind and geothermal electricity projects.

A utility worker at the Delta 6 wind park in Brazil has been injured following yet another collapse of a General Electric (GE) turbine, bringing the total number of turbines to have failed in the America’s to five in 2019.

Unusually still weather in the upper Midwest and Great Plains in late 2018 has already taken a bite out of earnings at NextEra Energy Inc. and Avangrid Inc., which both operate large wind farms. Other wind generators have yet to report fourth-quarter results, including Pattern Energy Group Inc., TerraForm Power Inc. and Clearway Energy Inc.

In early February, during DistribuTECH, the Smart Electric Power Alliance (SEPA) hosted a workshop to discuss what requirements are necessary for successful distributed energy resource management systems (DERMS) deployment.

Global manufacturer Apple today announced it has nearly doubled the number of suppliers that have committed to run their Apple production on 100 percent clean energy, bringing the total number to 44. Because of this partnership between Apple and its suppliers, Apple will exceed its goal of bringing 4 gigawatts of renewable energy into its supply chain by 2020, with over an additional gigawatt projected within that timeframe.

Bernie Sanders wants renewable energy to power U.S. homes and vehicles by 2030 -- and he wants to do it by enlisting the federal government in building and running new solar, wind and geothermal electricity projects.

Fully electric delivery trucks, cargo vans, shuttle vehicles, and transit and school buses are all due to become increasingly common as fleets go green and diesels are retired. That’s where a recent surge of interest in mobile-charging solutions comes in. As a backup plan for the times when charge points and infrastructure won’t quite...

The Trump administration is weighing a broad array of strategies for keeping coal and nuclear power plants online as a matter of national security, with options ranging from invoking a 68-year-old law to a three-year-old one, according to a senior Energy Department official.

A recent report by the Energy Futures Initiative (EFI), established by former Energy Secretary Ernest Moniz, and the National Association of State Energy Officials confirms that the energy sector as a whole grew 2 percent last year, which is .3 percent more than the national job growth percentage of 1.7 percent.

A new partnership between Enel and InnoCentive focuses on the power of the crowd to solve many of the world’s sustainable energy challenges.

In early February, during DistribuTECH, the Smart Electric Power Alliance (SEPA) hosted a workshop to discuss what requirements are necessary for successful distributed energy resource management systems (DERMS) deployment.

News related to the worldwide marine hydrokinetics industry from November-December 2014

News related to the marine hydrokinetics industry in North America for December 2014

New power-generating units at Kenya’s Olkaria I plant are saving East Africa’s biggest economy about 2.2 billion shillings ($24 million) a month on fuel costs, according to the country’s biggest electricity producer.

Long-frustrated wind and solar developers in Australia can now get to work on more than A$14 billion ($11 billion) in projects after a new renewable energy target passed parliament.

According to a press release from Aquamarine Power, the marine hydrokinetic (MHK) Wave Power Offtake Device (WavePOD) 10th-scale prototype, a project run jointly by Aquamarine Power, Bosch Rexroth and Carnegie Wave Energy, has received US$3.1 million in new funding. 

Lignum Vitae North America LLC will donate bearings to any of the 20 teams advancing to the next phase in the Wave Energy Prize Challenge sponsored by the U.S. Department of Energy’s Water Power Program.