>> ARCHIVE: 2020-08

Curfew e-Pass Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to gh1mau.

Daily Expenses Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

Daily Expenses Management System version 1.0 suffers from a cross site request forgery vulnerability.

Daily Expenses Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Daniel Ortiz.

Online Shopping Alphaware version 1.0 suffers from a cross site request forgery vulnerability.

Online Shopping Alphaware version 1.0 suffers from an arbitrary file upload vulnerability.

Online Shopping Alphaware version 1.0 suffers from an unauthorized administrative functionality access vulnerability.

Victor CMS version 1.0 suffers from a search remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to BKpatron.

This Metasploit module escapes from a privileged Docker container and obtains root on the host machine by abusing the Linux cgroup notification on release feature. This exploit should work against…