>> CATEGORY: exploit

Tailor MS version 1.0 suffers from a cross site scripting vulnerability.

ThinkAdmin version 6 suffers from an arbitrary file read vulnerability.

Microsoft Windows TCPIP Finger Command finger.exe that ships with the OS, can be used as a file downloader and makeshift C2 channel. Legitimate use of Windows Finger Command is to…

A race condition exists with munmap() downgrades in Linux kernel versions since 4.20.

RAD SecFlow-1v version SF_0290_2.3.01.26 suffers from a persistent cross site scripting vulnerability.

Rapid7 Nexpose Installer version 6.6.39 suffers from an unquoted service path vulnerability.

The installer in Pearson Vue VTS version 2.3.1911 suffers from an unquoted service path vulnerability.

RAD SecFlow-1v version SF_0290_2.3.01.26 suffers from a cross site request forgery vulnerability.

Joomla! paGO Commerce component 2.5.9.0 suffers from an authenticated remote SQL injection vulnerability.

Tiandy IPC and NVR version 9.12.7 suffer from a credential disclosure vulnerability.