Posted by Black Arch on Dec 20

Dear list,

We’ve released the new BlackArch Linux ISOs along with many
improvements. They include more than 1600 tools now. The armv6h and
armv7h repositories are filled with about 1400 tools.

The x86_64 and i686 live ISOs now exceeds 6GB!

A short ChangeLog of the Live-ISOs:

– include linux kernel 4.8.13
– added more than 100 new tools
– updated all blackarch tools
– updated all system packages
– fix lxdm shutdown/reboot…

Posted by Berend-Jan Wever on Dec 20

Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 36th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161220001.html. There you can find a repro
that triggered this issue in addition to the information below, as well
as a Proof-of-Concept exploit that attempts to prove exploitability.

If you find these releases…

Posted by VMware Security Response Center on Dec 20

———————————————————————-
VMware Security Advisory

Advisory ID: VMSA-2016-0023
Severity: Important
Synopsis: VMware ESXi updates address a cross-site
scripting issue

Issue date: 2016-12-20
Updated on: 2016-12-20 (Initial Advisory)
CVE number: CVE-2016-7463

1. Summary

VMware ESXi updates address a cross-site scripting issue.

2. Relevant Releases

VMware vSphere…

Posted by ERPScan inc on Dec 20

Application: SAP Solman

Versions Affected: SAP Solman 7.1-7.31

Vendor URL: http://SAP.com

Bugs: Information Disclosure

Sent: 12.07.2016

Reported: 13.07.2016

Vendor response: 13.07.2016

Date of Public Advisory: 13.09.2016

Reference: SAP Security Note 2344524

Author: Roman Bezhan (ERPScan)

Description

1. ADVISORY INFORMATION

Title:[ERPSCAN-16-035] SAP Solman – user accounts disclosure

Advisory ID:[ERPSCAN-16-035]

Risk: high…

Posted by Celso Bento on Dec 19

A vulnerability exists in the hotlinking feature of Glype on all versions
that allow the bypass and makes possible to link directly to proxified
files or develop aplications that integrate direct linking into the url.
This was found while trying to build a DDOS tool that take advantage of
installed copies of Glype worldwide. Since it wasn’t possible to develop a
fast tool using common libraries such as jQuery this note was been
released….

Posted by Berend-Jan Wever on Dec 19

Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 35th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161219001.html. There you can find a repro
that triggered this issue in addition to the information below, it also
provides code snippets for the affected code, and a diagram that
attempts to explain the memory layout….

Posted by Elar Lang on Dec 18

Update:

2016-12-16: CVE-2016-1000271 assigned by DWF

https://security.elarlang.eu/sql-injection-in-joomla-extension-dt-register.html

Posted by dxw Security on Dec 16

Details
================
Software: Quiz And Survey Master (Formerly Quiz Master Next)
Version: 4.5.4,4.7.8
Homepage: https://wordpress.org/plugins/quiz-master-next/
Advisory report:
https://security.dxw.com/advisories/csrfstored-xss-in-quiz-and-survey-master-formerly-quiz-master-next-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)

Description…

Posted by Julien Ahrens on Dec 16

This issue does not seem to exist at all.

Among the available versions/updates for XenForo there is no version
1.5.11a as stated in this advisory. After contacting XenForo about this
advisory and the corresponding update, they told me that they are
neither aware of this vulnerability nor about the reporter.

Best Regards
Julien

Posted by Berend-Jan Wever on Dec 16

Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 34th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161216001.html. There you can find a repro
that triggered this issue in addition to the information below.

If you find these releases useful, and would like to help me make time
to continue releasing this kind of…