Skip to main content
CVE-2023-44011 CRITICAL POC Act Now

An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Mojoportal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-43893 CRITICAL POC Act Now

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N3M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-43892 CRITICAL POC Act Now

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N3M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-43891 CRITICAL POC Act Now

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N3M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-44009 CRITICAL POC Act Now

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mojoportal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-44008 CRITICAL POC Act Now

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mojoportal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-43980 CRITICAL Act Now

Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Testsitecreator
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-4659 CRITICAL Act Now

Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Free5gc
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-20819 CRITICAL Act Now

In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Lr11 Lr12a +4
NVD
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy