[local] Rapid7 Nexpose Installer 6.6.39 – 'nexposeengine' Unquoted Service Path
Posted by deepcore under Security (No Respond)
Archive for September, 2020
[webapps] RAD SecFlow-1v SF_0290_2.3.01.26 – Cross-Site Request Forgery (Reboot)
Posted by deepcore under Security (No Respond)
[webapps] RAD SecFlow-1v SF_0290_2.3.01.26 – Persistent Cross-Site Scripting
Posted by deepcore under Security (No Respond)
CuteNews 2.1.2 Remote Code Execution
Posted by deepcore under exploit (No Respond)
CuteNews version 2.1.2 remote code execution exploit.
Tiandy IPC / NVR 9.12.7 Credential Disclosure
Posted by deepcore under exploit (No Respond)
Tiandy IPC and NVR version 9.12.7 suffer from a credential disclosure vulnerability.
ZTE F602W CAPTCHA Bypass
Posted by deepcore under exploit (No Respond)
The ZTE F602W router suffers from a CAPTCHA bypass vulnerability.
Mobile Shop System 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Mobile Shop System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Gnome Fonts Viewer 3.34.0 Heap Corruption
Posted by deepcore under exploit (No Respond)
Gnome Fonts Viewer version 3.34.0 suffers from a heap corruption vulnerability.
Microsoft Internet Explorer 11 Use-After-Free
Posted by deepcore under exploit (No Respond)
Microsoft Internet Explorer 11 use-after free exploit that triggers when Array.sort() is called with a comparator function. The two arguments are untracked by the garbage collector.
Tea LaTex 1.0 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Tea LaTex version 1.0 suffers from an unauthenticated remote code execution vulnerability.