Osprey Pump Controller version 1.0.1 has an ELF binary called Mirage_CreateSessionCode.x that contains a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass attacks. Further, session hijacking is possible due to MitM attack exploiting clear-text transmission of sensitive data including session token in URL. Session ID predictability […]
WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from an abuse of functionality vulnerability.
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated file disclosure vulnerability.
Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list (120) of the application and the password cannot be changed through any normal operation of the […]
WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from multiple cross site request forgery vulnerabilities.
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script.
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the userName HTTP POST parameter called by index.php script.
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the eventFileSelected HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.
Osprey Pump Controller version 1.0.1 suffers from a cross site scripting vulnerability.
Osprey Pump Controller version 1.0.1 allows an unauthenticated attacker to create an account and bypass authentication, thereby gaining unauthorized access to the system.