>> AUTHOR: deepcore

Osprey Pump Controller version 1.0.1 suffers from a cross site scripting vulnerability.

Osprey Pump Controller version 1.0.1 allows an unauthenticated attacker to create an account and bypass authentication, thereby gaining unauthorized access to the system.

WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from a cross site scripting vulnerability.

Osprey Pump Controller version 1.0.1 suffers from a cross site request forgery vulnerability.

WordPress WoodMart Theme versions 7.1.1 and below suffer from a cross site request forgery vulnerability due to missing nonce validation on the process_form function.

Osprey Pump Controller version 1.0.1 unauthenticated remote code execution exploit.

Osprey Pump Controller version 1.0.1 unauthenticated remote code execution exploit.

pfBlockerNG version 2.1.4_26 remote code execution exploit.

kbase_csf_kcpu_queue_enqueue() locks the kctx->csf.kcpu_queues, looks up a pointer from inside that structure, then drops the lock before continuing to use the kbase_kcpu_command_queue that was looked up. This is a classic…