>> ARCHIVE: 2016-09

AnoBBS version 1.0.1 suffers from a remote file inclusion vulnerability.

MP3 Cutter version 1.1.0 suffers from a registration bypass flaw.

This is an additional EXTRABACON module for Cisco ASA version 9.2(3). This does not use the same shellcode as the Equation Group version, but accomplishes the same task of disabling…

Peel Shopping version 8.0.2 suffers from an object injection vulnerability.

Kajona version 4.7 suffers from cross site scripting and directory traversal vulnerabilities.

MyBB version 1.8.6 suffers from a cross site request forgery vulnerability. Additionally, it stores passwords using weak hashing and sends password in clear text via email.

MyBB version 1.8.6 suffers from a remote SQL injection vulnerability.

MyBB version 1.8.6 suffers from improper validation of data passed to eval allowing for the disclosure of the database password.

Oxwall version 1.8.0 build 9900 suffers from cross site scripting and open redirection vulnerabilities.

This Metasploit module obtains root privileges from any host account with access to the Docker daemon. Usually this includes accounts in the docker group.