[FD] YSTS 11th Edition - CFP
Hello FD, Where: Sao Paulo, Brazil When: May 22nd, 2017 Call for Papers Opens: December 30th, 2016 Call for Papers Close: February 28th, 2017 http://www.ysts.org @ystscon ABOUT THE CONFERENCE you Sh0t the Sheriff is a very unique, one-day, event dedicated to bringing cutting edge talks to the top-notch professionals of the Information Security Community. The conference’s main goal is to bring the attendees to the current state of the information security world by bringing the most relevant topics from different Infosec segments of the market and providing an environment that is ideal for both networking and idea sharing. YSTS is a an exclusive, mostly invite-only security con. Getting a talk accepted, will, not only get you to the event, but after you successfully present your talk, you will receive a challenge-coin that guarantees your entry to YSTS for as long as the conference exists. Due to the great success of the previous years' editions, yes, we're keeping the good old usual format: * YSTS 11 will be held at an almost secret location only announced to whom it may concern a couple of weeks before the con * the venue will be, most likely, a very cool club or a bar (seriously, check out the pictures) * appropriate environment to network with great security folks from Brazil and abroad * since it is a one-day con with tons of talks and activities, we make sure we fill everyone with coffee, food and booze CONFERENCE FORMAT Anything Information Security related is interesting for the conference, which will help us create a cool and diverse line-up. We strictly *do not* accept commercial/ product-related pitches. Keep in mind though, this is a one-day conference, we receive a lot of submissions, so your unique research with cool demos and any other possible twist you can throw in to keep the audience engaged will surely stand out to the other papers. SPEAKER BENEFITS (and yeah, that applies only to the 30 minute-long talks) USD 1,000.00 per talk to help covering travel expenses for international speakers * Breakfast, lunch and dinner during conference * Pre-and-post-conference official party (and the unofficial ones as well) * Auditing products in traditional Brazilian barbecue restaurants * Life-time free admission for all future YSTS conferences SUBMIT YOUR PAPER http://www.tinyurl.com/ysts11cfp IMPORTANT CONTACT INFORMATION General Inquiries: b0ard/at/ysts.org Sponsorship Inquiries: sponsors/at/ysts.org We hope to see you there! Luiz Eduardo & Nelson Murilo & Willian Caprino ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
[FD] Trango Altum AC600 Default root Login
[+] Credits: Ian Ling [+] Website: iancaling.com [+] Source: http://blog.iancaling.com/post/155395764003 Vendor: = https://www.trangosys.com/ Product: == -Altum AC600 Vulnerability Details: = Trango Altum AC600′s have a default root login (root:abcd1234) that is accessible via both SSH and telnet by default. Logging in as root on this device gives you access to a Linux shell, granting you full control over the device. These credentials are not mentioned in any manuals, or on Trango's website. Affected versions: ALL VERSIONS (as of 2016/01/06) Impact: The remote attacker has full control over the device, including shell access. This can lead to packet sniffing and tampering, denial of service, and even damage to the device. Disclosure Timeline: === Vendor Notification: December 23, 2016 (no response received) Public Disclosure: January 4th, 2017 Exploitation Technique: === Remote Severity Level: Critical ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
[FD] CarolinaCon-13 - May 2017 - Call for Papers/Presenters and Attendees
h4x0rs, stuff-breakers, InfoSec pros, g33k girls, international spies, and script kidz, CarolinaCon-13 will occur on May 19th-21st 2017 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, hacking, infosec, hacking, robotics, hacking, science, hacking, global thermonuclear war, hacking, lock-picking, etc. (but mostly hacking) AND you are interested in presenting at CarolinaCon, we cordially invite you to submit your proposal. Please send; - your name or handle/alias - the presentation name/title - a brief topic abstract (1-2 paragraphs) - the estimated time-length of your presentation - a brief bio (100% optional item, but if your talk is chosen it saves the time and trouble of asking for it later) via e-mail to: speakerscarolinacon.org *NOTE: All submissions are due BY March 31, 2017 (or April 1st at the very, very latest). However we may be making some early selections again this year from among the submissions, so please be timely if you're committed to being part of the elite cadre of chosen presenters. We value diversity so please don't hesitate to propose your ideas no matter how outlandish. If you present at the Con, you will receive; - free CarolinaCon admission for yourself and one guest - one free CarolinaCon T-shirt (l33t) - free transportation between RDU airport and the conference hotel (if needed) - fame, glory, and possibly even notoriety - mad props and much love from our staff and attendees - 100 brown M&Ms (Ozzy gets 1,000 of them on his tours, but he's Ozzy and we aren't - Van Halen gets zero of them) - possibly other small perks (details still being hashed out based on budget) ATTENDEES: If you are interested in attending please visit our ultra-modern website for more details: www.carolinacon.org ...and don't forget to mark the May 19th, 2017 date on your calendar. If you have any important (as in not-dumb and not-chinese-spam) inquiries about the event you can send email to: infocarolinacon.org Peace, Vic ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Re: [FD] Persisted Cross-Site Scripting (XSS) in Confluence Jira Software
Sorry, the right title is: Persisted Cross-Site Scripting (XSS) in Confluence Software On 04-01-2017 08:57, Moritz Naumann wrote: > Hi Jodson, > > Am 03.01.2017 um 19:50 schrieb jlss: >> =[ Tempest Security Intelligence - ADV-3/2016 CVE-2016-6283 >> ]== >> >> Persisted Cross-Site Scripting (XSS) in Confluence Jira Software >> >> > your advisory mentions both Confluence and JIRA, which, as far as I > know, are separate Atalssian products. > > Are both affected? > > Thanks for clarifying, > > Moritz > > ___ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > > ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Re: [FD] Persisted Cross-Site Scripting (XSS) in Confluence Jira Software
Just to clarify the issue only affects Confluence versions < 5.10.6. You can find the original bug report at https://jira.atlassian.com/browse/CONF-43162. ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/