Month: April 2022

[webapps] Fuel CMS 1.5.0 – Cross-Site Request Forgery (CSRF)

[local] 7-zip – Code Execution / Local Privilege Escalation

[webapps] WordPress Plugin Elementor 3.6.2 – Remote Code Execution (RCE) (Authenticated)

[remote] Delta Controls enteliTOUCH 3.40.3935 – Cookie User Password Disclosure

[webapps] PKP Open Journals System 3.3 – Cross-Site Scripting (XSS)

[remote] Delta Controls enteliTOUCH 3.40.3935 – Cross-Site Request Forgery (CSRF)

[remote] Delta Controls enteliTOUCH 3.40.3935 – Cross-Site Scripting (XSS)

[webapps] WordPress Plugin Popup Maker 1.16.5 – Stored Cross-Site Scripting (Authenticated)

[webapps] REDCap 11.3.9 – Stored Cross Site Scripting

[remote] Verizon 4G LTE Network Extender – Weak Credentials Algorithm