Microsoft Windows TCPIP Finger Command finger.exe that ships with the OS, can be used as a file downloader and makeshift C2 channel. Legitimate use of Windows Finger Command is to send Finger Protocol queries to remote Finger daemons to retrieve user information. However, the finger client can also save the remote server response to disk […]
A race condition exists with munmap() downgrades in Linux kernel versions since 4.20.
RAD SecFlow-1v version SF_0290_2.3.01.26 suffers from a persistent cross site scripting vulnerability.
Rapid7 Nexpose Installer version 6.6.39 suffers from an unquoted service path vulnerability.
RAD SecFlow-1v version SF_0290_2.3.01.26 suffers from a cross site request forgery vulnerability.
The installer in Pearson Vue VTS version 2.3.1911 suffers from an unquoted service path vulnerability.
Joomla! paGO Commerce component 2.5.9.0 suffers from an authenticated remote SQL injection vulnerability.
Pearson Vue VTS 2.3.1911 Installer – ‘VUEApplicationWrapper’ Unquoted Service Path
Tags: 0day, remote exploit