>> CATEGORY: exploit

ECOA building automation systems have hardcoded SSH credentials. Many versions are affected.

ECOA building automation systems suffer from a remote privilege escalation vulnerability. Many versions are affected.

ECOA building automation systems suffer from authorization bypass and insecure direct object reference vulnerabilities. Many versions are affected.

ECOA building automation systems suffer from a local file disclosure vulnerability. Many versions are affected.

ECOA building automation systems suffer from an arbitrary file deletion vulnerability. Many versions are affected.

Backdoor.Win32.WinterLove.i malware suffers from a hardcoded credential vulnerability.

Internet Explorer suffers from an issue where incorrect JIT optimization in jscript9.dll leads to memory corruption.

This Metasploit module exploits an OGNL injection in Atlassian Confluence’s WebWork component to execute commands as the Tomcat user.

WordPress TablePress plugin version 1.14 suffers from a csv injection vulnerability.

Ionic Identity Vault versions 4.7 and below suffer from a biometric authentication bypass vulnerability on Android.