[FD] Call for Papers -YSTS X - Information Security Conference, Brazil

Hello Full-Disclosure readers and sorry for the possible cross-postings you might see, on behalf of the conference's organization team I would like to let you know that YSTS X's CFP is currently opened. YSTS 10th Edition Where: Sao Paulo, Brazil When: June 13th, 2016 Call for Papers Opens:

Re: [FD] PFSense <= 2.2.5 Directory Traversal

For the lazy; # Title : PFSense <= 2.2.5 Directory Traversal # Date : 18/12/2015 # Author : R-73eN # Tested on : PFSense 2.2.5 # Software : https://github.com/pfsense/pfsense # Vendor : https://pfsense.org/ # _____ __ # |_ _|_ __ / _| ___ / ___| ___ _ __

[FD] Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege

Hi @ll, the executable installer [°] of ESET's NOD32 antivirus, eset_nod32_antivirus_live_installer_.exe, loads and executes (at least) the rogue/bogus/malicious Cabinet.dll and DbgHelp.dll eventually found in the directory it is started from ['] (the "application directory"). For software

[FD] Faraday v1.0.16: (Group vulns by fields, Filter false-positives, Canvas plugin)

We are proud to present Faraday v1.0.16! This version comes with major changes to our Web UI, including the possibility to mark vulnerabilities as false positives. You can now create an Executive Report using only confirmed vulnerabilities, saving you even more time. A brand new feature that

[FD] giflib: heap overflow in giffix (CVE-2015-7555)

About = giflib[1] is a library for working with GIF images. It also provides several command-line utilities. CVE-2015-7555 = A heap overflow may occur in the giffix utility included in giflib-5.1.1 when processing records of the type `IMAGE_DESC_RECORD_TYPE' due to the