Posted by Shawn McMahon on Oct 15

On Mon, Oct 12, 2015 at 7:20 AM, Stefan Kanthak <stefan.kanthak () nexgo de>
wrote:

Any solution that requires personally talking to 7 billion people and
achieving 100% understanding and compliance is not even in theory workable.

Oops, 7 billion and one; they made another one while I was typing this.

Oops, 7 billion and two; they made another one while you were reading it.

This has to be fixed in the OS.

Posted by Andrey Loginov on Oct 15

Hello

On behalf of UISGCON11 Organization Committee I would like to invite all persons who want to participate in our annual
Ukrainian InfoSec conference, CFP is open for submission.
UISGCON11 will be held on December, 4 in Kyiv, Ukraine, Hotel Bratislava .

Website of the event – https://11.uisgcon.org/en
To submit the paper, please fill in the form at https://11.uisgcon.org/en/call-papers or e-mail directly to talks ()
uisgcon org.

Annual…

Posted by Takeshi Terada on Oct 15

=============================================================================
Title : CakePHP Xml class SSRF Vulnerability
CVE Number : N/A (not assigned)
Affected Software : Confirmed on CakePHP v3.0.5 (prior versions may
also be affected)
Credit : Takeshi Terada of Mitsui Bussan Secure Directions, Inc.
http://www.mbsd.jp/
Issue Status : v3.0.6/2.6.6 was released which fixes this issue…

Posted by Apple Product Security on Oct 15

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and
iWork for iOS 2.6

Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now
available which address the following:

Keynote, Pages, and Numbers
Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later
Impact: Opening a maliciously crafted document may lead to
compromise of user information
Description: Multiple input validation issues existed in parsing a…

Posted by Nguyen Anh Quynh on Oct 15

Greetings,

Two months after our Blackhat USA talk, we are excited to announce the
first release, version 0.9, of Unicorn Engine, the multi-arch,
multi-platform CPU emulator framework you are all longing for!

Unicorn CPU emulator offers some unparalleled features:

– Multi-architectures: Arm, Arm64 (Armv8), M68K, Mips, PowerPC, Sparc, &
X86 (include X86_64).
– Clean/simple/lightweight/intuitive architecture-neutral API.
– Implemented in pure…

Posted by dash on Oct 15

Hi folks and gentlehackers,

as this year is almost over, what could be nicer than spending some time
in Berlin and listening to the packets? We are happy to announce the
2015 hack4 in Berlin.

What are we looking for? Basically for practical technical talks and
cool people.

Topics we want to cover:

* Malware Coding (elf / pe)
* Distributed Networks
* Sort of exploitation(stack/heap/win/*nix)
* Database tricks(e.g. mysql/postgres/oracle pwnage)…

Posted by Karn Ganeshen on Oct 15

# Exploit Title: [netis RealTek wireless router / ADSL modem Multiple
Vulnerabilities]
# Discovered by: Karn Ganeshen
# Reported on: [October 13, 2015]
# Vendor Response: [Vulnerability? What’s this?]
# Vendor Homepage: [www.netis-systems.com]
# Version Affected: [Firmware version RTK v2.1.1]

**Vulnerability Details**

* 1. Default, weak passwords for http and ftp services *

a. *HTTP accounts*
– guest/guest
– user/user
– guest/XXXXairocon…

Posted by Karn Ganeshen on Oct 15

# Exploit Title: [PROLiNK H5004NK ADSL Wireless Modem Multiple
Vulnerabilities]
# Discovered by: Karn Ganeshen
# Reported on: [October 13, 2015]
# Vendor Response: [No process to handle vuln reports]
# Vendor Homepage: [
http://www.prolink2u.com/newtemp/datacom/adsl-modem-router/381-h5004nk.html]
# Version Affected: [Firmware version R76S Slt 4WNE1 6.1R]

**Vulnerability Details**

*1. Default, weak passwords for http and ftp services *

a. *HTTP…