:: Deepquest ::

ChurchCRM version 4.5.3 suffers from a remote SQL injection vulnerability.

ME-FI DOT version 2.2 leaves default administrative credentials installed post installation.

ME-FI DOT version 2.2 suffers from a remote SQL injection vulnerability.

The WoodMart premium theme for WordPress is vulnerable to unauthenticated arbitrary shortcodes injection in versions 7.1.0 and below. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Osprey Pump Controller version 1.0.1 has an ELF binary called Mirage_CreateSessionCode.x that contains a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass attacks. Further, session hijacking is possible due to MitM attack exploiting clear-text transmission of sensitive data including session token in URL. Session ID predictability […]

WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from an abuse of functionality vulnerability.

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated file disclosure vulnerability.

Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list (120) of the application and the password cannot be changed through any normal operation of the […]

WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from multiple cross site request forgery vulnerabilities.

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script.