MzzdToT

3 exploits Active since Sep 2020
CVE-2023-28432 NOMISEC HIGH WORKING POC
Minio <RELEASE.2023-03-20T20-16-18Z - Info Disclosure
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
36 stars
CVSS 7.5
CVE-2023-1454 NOMISEC MEDIUM WORKING POC
jeecg-boot 3.5.0 - SQL Injection
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
8 stars
CVSS 6.3
CVE-2020-25078 NOMISEC HIGH WORKING POC
D-Link DCS-2530L <1.06.01 - Info Disclosure
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.
4 stars
CVSS 7.5