>> ARCHIVE: 2017-06

Robert version 0.5 suffers from cross site request forgery, cross site scripting, remote SQL injection, and directory traversal vulnerabilities.

Sophos Cyberoam with firmware versions 10.6.4 and below suffer from a cross site scripting vulnerability.

GravCMS Core version 1.4.2 suffers from a persistent cross site scripting vulnerability.

Perch CMS version 3.0.3 suffers from cross site scripting and remote file upload vulnerabilities.

Xavier PHP Login Script and User Management Admin Panel version 2.4 suffers from a remote SQL injection vulnerability.

Utilizing the DCOS Cluster’s Marathon UI, an attacker can create a docker container with the ‘/’ path mounted with read/write permissions on the host server that is running the docker…

Craft CMS version 2.6 suffers from cross site scripting and remote file upload vulnerabilities.

Various WiMAX CPEs are vulnerable to an authentication bypass. An attacker can set arbitrary configuration values without prior authentication. The vulnerability is located in commit2.cgi (implemented in libmtk_httpd_plugin.so).

This Metasploit module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked…