woshinibaba222

3 exploits Active since Sep 2023
CVE-2023-42261 WRITEUP HIGH WRITEUP
Opensecurity Mobile Security Framework - Incorrect Default Permissions
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server.
CVSS 7.5
CVE-2023-49443 WRITEUP CRITICAL WRITEUP
Html-js Doracms - Brute Force
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack.
CVSS 9.8
CVE-2023-49444 WRITEUP MEDIUM WRITEUP
Html-js Doracms - XSS
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.
CVSS 5.4