Posted by Kurt Seifried on Jan 10

Can you post a link to a patch for this issue, or to a bug entry with
additional details, or the download site at a minimum? Thanks!

Posted by Nathan McCauley on Jan 10

Docker Engine version 1.12.6 has been released to address a vulnerability
and is immediately available for all supported platforms. Users are advised
to upgrade existing installations of the Docker Engine and use 1.12.6 for
new installations.

Please send any questions to security () docker com.

==============================================================
[CVE-2016-9962] Insecure opening of file-descriptor allows privilege
escalation…

Posted by dxw Security on Jan 10

Details
================
Software: Responsive Poll
Version: 1.6.4,1.7.4
Homepage: http://codecanyon.net/item/responsive-poll/6785692
Advisory report:
https://security.dxw.com/advisories/csrfxss-in-responsive-poll-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)

Description
================
CSRF/XSS in Responsive Poll allows unauthenticated attackers to…

Posted by Fernando Mercês on Jan 09

Hi there!

This is to let you guys know we just released a new version of pev, our
open source, multi-platform toolkit to analyze PE files. We do have a hard
mission: analyze PE files without relaying on Windows API but we’ve been
achieving this with our own PE library that we called libpe, written
entirely in C, just like all other pev tools.

We’d love to hear your feedback, if you have some.

Website: http://pev.sf.net
Code:…

Posted by Fabian Fingerle on Jan 09

enigma2-plugin-extensions-webadmin Remote Code Execution

Severity: CRITICAL/TRIVIAL

Discovered by:
Fabian Fingerle (@otih__)
https://fabian-fingerle.de

enigma2-plugin-extensions-webadmin:
The enigma2-plugin-extensions-webadmin Plugin is a web frontend for the
OPKG or APT package manager. With the webadmin it’s possible to install
or remove packages, and many other functions over the webinterface of
the Dreambox. Therefore Enigma2 is the…

Posted by Celso Bento on Jan 09

A flaw exists in PHProxy 0.5b2 hotlinking feature which allow anyone using
some coding to link to proxified pages.

By default hotlinking is active to prevent users from retrieving pages
directly from the proxy requiring them to use the form. This can be easily
bypassed.

This is the same type of vulnerability found on Glype 1.4.4. Other
webproxies may be vulnerable too…

Posted by Daemon Tamer on Jan 09

The CFP for BSides Las Vegas 2017 is currently open at
https://bsideslv.org/openconf/openconf.php.

We’re accepting proposals for the following tracks:

Breaking Ground – Ground Breaking Information Security research and
conversations on the “Next Big Thing”. Interactively discussing your
research with our participants and getting feedback, input and opinion. No
preaching from the podium at a passive audience.

Common Ground – Other…

Posted by Luiz Eduardo on Jan 06

Hello FD,

Where: Sao Paulo, Brazil

When: May 22nd, 2017

Call for Papers Opens: December 30th, 2016

Call for Papers Close: February 28th, 2017

http://www.ysts.org

@ystscon

ABOUT THE CONFERENCE

you Sh0t the Sheriff is a very unique, one-day, event dedicated to
bringing cutting edge talks to the top-notch professionals of the
Information Security Community.

The conference’s main goal is to bring the attendees to the current
state of the…

Posted by Ian Ling on Jan 06

[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/155395764003

Vendor:
=================
https://www.trangosys.com/

Product:
======================
-Altum AC600

Vulnerability Details:
=====================

Trango Altum AC600′s have a default root login (root:abcd1234) that is
accessible via both SSH and telnet by default. Logging in as root on this
device gives you access to a Linux shell, granting…

Posted by Vic Vandal on Jan 06

h4x0rs, stuff-breakers, InfoSec pros, g33k girls, international spies, and script kidz,

CarolinaCon-13 will occur on May 19th-21st 2017 in Raleigh NC (USA). We are now officially accepting
speaker/paper/demo submissions for the event.

If you are somewhat knowledgeable in any interesting field of hacking, technology, hacking, infosec, hacking, robotics,
hacking, science, hacking, global thermonuclear war, hacking, lock-picking, etc. (but…