:: Deepquest ::

>> ThinkAdmin 6 Arbitrary File Read

USER: deepcore // 2020-09-16 // 0 CMT

ThinkAdmin version 6 suffers from an arbitrary file read vulnerability.

>> [webapps] Piwigo 2.10.1 – Cross Site Scripting

USER: deepcore // 2020-09-16 // 0 CMT

Piwigo 2.10.1 – Cross Site Scripting

>> [local] Windows TCPIP Finger Command – C2 Channel and Bypassing Security Software

USER: deepcore // 2020-09-16 // 0 CMT

Windows TCPIP Finger Command – C2 Channel and Bypassing Security Software

>> Microsoft Windows Finger Security Bypass / C2 Channel

USER: deepcore // 2020-09-15 // 0 CMT

Microsoft Windows TCPIP Finger Command finger.exe that ships with the OS, can be used as a file downloader and makeshift C2 channel. Legitimate use of Windows Finger Command is to…

>> Linux expand_downwards() / munmap() Race Condition

USER: deepcore // 2020-09-15 // 0 CMT

A race condition exists with munmap() downgrades in Linux kernel versions since 4.20.

>> RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting

USER: deepcore // 2020-09-15 // 0 CMT

RAD SecFlow-1v version SF_0290_2.3.01.26 suffers from a persistent cross site scripting vulnerability.

>> Rapid7 Nexpose Installer 6.6.39 Unquoted Service Path

USER: deepcore // 2020-09-15 // 0 CMT

Rapid7 Nexpose Installer version 6.6.39 suffers from an unquoted service path vulnerability.

>> RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Request Forgery

USER: deepcore // 2020-09-15 // 0 CMT

RAD SecFlow-1v version SF_0290_2.3.01.26 suffers from a cross site request forgery vulnerability.

>> Pearson Vue VTS 2.3.1911 Unquoted Service Path

USER: deepcore // 2020-09-15 // 0 CMT

The installer in Pearson Vue VTS version 2.3.1911 suffers from an unquoted service path vulnerability.

>> Joomla! paGO Commerce 2.5.9.0 SQL Injection

USER: deepcore // 2020-09-15 // 0 CMT

Joomla! paGO Commerce component 2.5.9.0 suffers from an authenticated remote SQL injection vulnerability.