>> ARCHIVE: 2023-03

Osprey Pump Controller version 1.0.1 has an ELF binary called Mirage_CreateSessionCode.x that contains a weak session token generation algorithm that can be predicted and can aid in authentication and authorization…

WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from an abuse of functionality vulnerability.

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated file disclosure vulnerability.

Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin…

WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from multiple cross site request forgery vulnerabilities.

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter…

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the userName HTTP POST parameter…

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the eventFileSelected HTTP GET parameter…

Osprey Pump Controller version 1.0.1 suffers from a cross site scripting vulnerability.

Osprey Pump Controller version 1.0.1 allows an unauthenticated attacker to create an account and bypass authentication, thereby gaining unauthorized access to the system.