Mantis Bug Tracker 2.3.0 – Remote Code Execution (Unauthenticated)
>> TAG: #0day
Mantis Bug Tracker 2.3.0 – Remote Code Execution (Unauthenticated)
Microsoft SQL Server Reporting Services 2016 – Remote Code Execution
Windows TCPIP Finger Command – C2 Channel and Bypassing Security Software
Piwigo 2.10.1 – Cross Site Scripting
ThinkAdmin 6 – Arbitrarily File Read
Tailor MS 1.0 – Reflected Cross-Site Scripting
RAD SecFlow-1v SF_0290_2.3.01.26 – Persistent Cross-Site Scripting
RAD SecFlow-1v SF_0290_2.3.01.26 – Cross-Site Request Forgery (Reboot)
Rapid7 Nexpose Installer 6.6.39 – ‘nexposeengine’ Unquoted Service Path
Pearson Vue VTS 2.3.1911 Installer – ‘VUEApplicationWrapper’ Unquoted Service Path