>> CATEGORY: exploit

ChurchCRM version 4.5.3 suffers from a remote SQL injection vulnerability.

ME-FI DOT version 2.2 leaves default administrative credentials installed post installation.

ME-FI DOT version 2.2 suffers from a remote SQL injection vulnerability.

The WoodMart premium theme for WordPress is vulnerable to unauthenticated arbitrary shortcodes injection in versions 7.1.0 and below. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Osprey Pump Controller version 1.0.1 has an ELF binary called Mirage_CreateSessionCode.x that contains a weak session token generation algorithm that can be predicted and can aid in authentication and authorization…

WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from an abuse of functionality vulnerability.

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated file disclosure vulnerability.

Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin…

WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from multiple cross site request forgery vulnerabilities.

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter…