Mohamed Shahat

55 exploits Active since Feb 2025
CVE-2025-63229 WRITEUP MEDIUM WORKING POC
Mozart FM Transmitter WEBMOZZI-00287 - XSS
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting (XSS) vulnerability in the /main0.php endpoint. By injecting a malicious JavaScript payload into the ?m= query parameter, an attacker can execute arbitrary code in the victim's browser, potentially stealing sensitive information, hijacking sessions, or performing unauthorized actions.
CVSS 5.4
CVE-2025-66953 WRITEUP HIGH WORKING POC
Nardamiteq Upc2 Firmware - CSRF
CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm endpoints
CVSS 8.8
CVE-2025-67013 WRITEUP MEDIUM WORKING POC
Etlsystems D0116s1ula-22454 Firmware - CSRF
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.
CVSS 6.5
CVE-2025-67014 WRITEUP HIGH WORKING POC
Axing Dev7113 Firmware - Improper Access Control
Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint.
CVSS 7.5
CVE-2025-67015 WRITEUP HIGH WORKING POC
Comtech Cdm-625 Firmware - Improper Access Control
Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1.
CVSS 7.5