Boss Mini 1.4.0 - local file inclusion

Exploit Title: Boss Mini 1.4.0 - local file inclusion Date: 07/12/2023 Exploit Author: nltt0 https://github.com/nltt-br CVE: CVE-2023-3643 ''' / \ | | / | | / / | | \ --. | | / | |/ | ' \ / |/ / | --. \ | /\ | | | | | | | | | | \ // / /,||,|| ||, |/|// / | |/ ''' from requests import...

openssl: Certificate policy check not enabled

A flaw was found in OpenSSL. The X509VERIFYPARAMadd0policy function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass t...

CVE-2023-46993

In TOTOLINK A3300R V17.0.0cu.557B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection...

PT-2023-26563 · Mindsdb +1 · Mindsdb +1

Name of the Vulnerable Software and Affected Versions: MindsDB versions prior to 23.7.4.0 Description: The issue concerns the MindsDB's AI Virtual Database, which allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with verify=False disabl...

CVE-2023-33740

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

CVE-2023-33740

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

Improper access control

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

PT-2023-24465 · Luowice · Luowice

Name of the Vulnerable Software and Affected Versions: luowice version 3.5.18 Description: The issue allows attackers to access cloud source code information due to incorrect access control. This is achieved by modifying the Verify parameter in a warning message. Recommendations: For luowice...

CVE-2020-22819

MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter...

CVE-2020-22819

MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter...

Sql injection

MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter...

MKCMS SQL注入漏洞

MKCMS is a content management system. A SQL injection vulnerability exists in MKCMS version V6.2, which stems from the verify parameter of its /ucenter/active.php component that allows an attacker to achieve SQL injection...

CVE-2020-22819

MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter...

CVE-2020-22819

CVE-2020-22819 affects MKCMS V6.2, with a SQL injection in the /ucenter/active.php endpoint via the verify parameter. Public documents consistently describe an SQLi vulnerability in MKCMS 6.2 hosted parameter, leading to high-impact confidentiality/integrity/availability (CVSS 3.1 base 9.8). Root...

CVE-2020-22819

MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter...