>> ARCHIVE: 2015-12

Huawei Wimax routers suffer from cross site request forgery, information disclosure, and system manipulation vulnerabilities.

Kodi 15 reintroduced an arbitrary file access vulnerability.

CentOS version 7.1 and Fedora version 22 abrt local root exploit. It leverages abrt-hook-ccpp insecure open() usage and abrt-action-install-debuginfo insecure temp directory usage.

Local root exploit for Redhat Enterprise Linux versions 7.0 and 7.1 that leverages abrt/sosreport.

Zenphoto version 1.4.10 suffers from a cross site scripting vulnerability.

Zenphoto version 1.4.10 suffers from a local file inclusion vulnerability.

ntop-ng versions 2.0.151021 and below suffer from a privilege escalation vulnerability.

This Metasploit module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets the ‘ping.sh’ CGI script, accessible through the Boa…