Rapid7 Nexpose Installer 6.6.39 – ‘nexposeengine’ Unquoted Service Path
>> AUTHOR: deepcore
Rapid7 Nexpose Installer 6.6.39 – ‘nexposeengine’ Unquoted Service Path
Pearson Vue VTS 2.3.1911 Installer – ‘VUEApplicationWrapper’ Unquoted Service Path
RAD SecFlow-1v SF_0290_2.3.01.26 – Persistent Cross-Site Scripting
RAD SecFlow-1v SF_0290_2.3.01.26 – Cross-Site Request Forgery (Reboot)
Tiandy IPC and NVR version 9.12.7 suffer from a credential disclosure vulnerability.
CuteNews version 2.1.2 remote code execution exploit.
The ZTE F602W router suffers from a CAPTCHA bypass vulnerability.
Mobile Shop System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Gnome Fonts Viewer version 3.34.0 suffers from a heap corruption vulnerability.
Microsoft Internet Explorer 11 use-after free exploit that triggers when Array.sort() is called with a comparator function. The two arguments are untracked by the garbage collector.