Cuerz

2 exploits Active since Sep 2021

CVE-2021-36260 NOMISEC CRITICAL WORKING POC

Hikvision IP Camera Unauthenticated Command Injection

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

164 stars

CVSS 9.8

View Code

CVE-2023-28432 NOMISEC HIGH SCANNER

Minio <RELEASE.2023-03-20T20-16-18Z - Info Disclosure

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.

10 stars

CVSS 7.5

View Code