Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
โ€ขadded 2023/02/24 6:1 p.m.โ€ข2009 views

Unauthenticated OS Command Injection in stamparm/maltrail

Description Maltrail /tmp/bbq'...

3.4AI score
Exploits0
Huntr
Huntr
โ€ขadded 2023/02/20 8:50 a.m.โ€ข810 views

Jquery UI 1.13.1 in use which is vulnerable to CVE-2022-31160

Description Jquery UI 1.13.1 in use which is vulnerable to CVE-2022-31160 Proof of Concept 1 Go to https://demo.limesurvey.org/tmp/assets/15bf41ab/jquery-ui.min.js and note that jquery-ui 1.13.1 is in use. 2 Check...

6.4AI score0.01933EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/07/22 6:42 p.m.โ€ข467 views

Privilege Escalation admin user to root user

Description "admin" user has sudo rights and can gain root access. By default sudo installation "admin" group has root rights. "admin" user created by hestia installation and this user is also in "admin" group. if the attackers access "admin" user, can gain root access. Proof of Concept...

5.8CVSS0.8AI score0.01035EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2023/02/20 2:52 a.m.โ€ข435 views

Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203

Description Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203 Proof of Concept 1 Go to https://localhost/Cockpit/modules/App/assets/vendor/lodash.js?ver=2.3.9-1676855050 and note that lodash version is 4.17.15 2 Go to https://localhost/Cockpit/ 3 Open Web Devloper tools Ctrl+Shift+I usin...

1.7CVSS6.6AI score0.05213EPSS
Exploits2References1
Huntr
Huntr
โ€ขadded 2021/10/23 7:19 p.m.โ€ข328 views

Cross-Site Request Forgery (CSRF) in pterodactyl/panel

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Firefox, Chrome and Safari. Fix You use POST instead of GET. To expand: One way ANY could be abused here is that ...

0.2AI score
Exploits0
Huntr
Huntr
โ€ขadded 2022/04/09 5:49 a.m.โ€ข323 views

ZeroTierOne for windows local privilege escalation because of incorrect directory privilege

Description When administrators install zerotierone for windows, it will install ZeroTierOneService, the ImagePath of it is C:\ProgramData\ZeroTier\One\zerotier-onex64.exe๏ผŒhowever, the permission of C:\ProgramData\ZeroTier\One\ is incorrect, an attacker with low privilege can get system privilege...

7.2CVSS5.1AI score0.00392EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/04/18 2:37 p.m.โ€ข316 views

CKeditor 4.20.2 in use which is vulnerable to CVE-2023-28439

Description CKeditor 4.20.2 in use which is vulnerable to CVE-2023-28439 Proof of Concept 1 Go to https://demo.limesurvey.org/tmp/assets/a89a2fb4/ckeditor.js and note that version:"4.20.2" 2 Go to https://github.com/LimeSurvey/LimeSurvey/blob/master/assets/packages/ckeditor/ckeditor.js to verify...

6.8AI score0.00725EPSS
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/26 9:12 a.m.โ€ข316 views

Inefficient Regular Expression Complexity in axios/axios

โœ๏ธ Description A ReDoS regular expression denial of service flaw was found in the axios package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar attack ref: https://nvd.nist.gov/vuln/detail/CVE-2020-7753...

7.8CVSS0.3AI score0.08515EPSS
Exploits3
Huntr
Huntr
โ€ขadded 2022/10/26 12:38 p.m.โ€ข296 views

Unauthenticated, Stored XSS to RCE via SNMP Trap

Description LibreNMS offers the ability to handle SNMP traps as documented here. One of the SNMP trap handlers called HPFault creates an event with the message "Fault - Unhandled ..." when receiving a trap with an unknown type. The type of this event is set to the received, unknown type, which is...

0.4AI score
Exploits0
Huntr
Huntr
โ€ขadded 2022/05/01 5:46 a.m.โ€ข245 views

Stored XSS Via Markdown payload at HackerOne Settings

Description Rengine supports automatic vulnerability reporting to hackerone the module included a feature to customize the report using a markdown editor. Although it was blocking some malicious payloads, the Cross-Site Scripting was found exploitable via a special payload. Proof of Concept 1. Go...

5.8AI score
Exploits0
Huntr
Huntr
โ€ขadded 2022/05/15 12:39 p.m.โ€ข243 views

Server Side Request Forgery via location header

Description It is possible to bypass current SSRF checks using a redirection via the location header. Proof of Concept 1. Mock a redirect endpoint using https://beeceptor.com/ 2. Add Location: http://localhost:1122as a response header and set the status code to 301 3. Listen on port 1122 4. Acces...

5CVSS7.6AI score0.01698EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2022/09/18 11:31 a.m.โ€ข232 views

BoxBilling <=4.22.1.5 - Authenticated Unrestricted File Upload - RCE

Description BoxBilling was vulnerable to Unrestricted File Upload. In order to exploit the vulnerability, an attacker must have a valid authenticated session as admin on the CMS. With at least 1 order of product an attacker can upload malicious file to hidden API endpoint that contain a webshell...

5.8CVSS0.1AI score0.44002EPSS
Exploits7References2
Huntr
Huntr
โ€ขadded 2022/10/03 11:10 a.m.โ€ข215 views

Stored XSS and possible RCE/LFI in case of misconfiguration

Description phpmyfaq has a feature to restore from a backup the entire application. An attacker with admin grant can export the configuration and re-upload the same file bypassing all the backend sanitization and controls. Proof of Concept XSS 1. - login as admin 2. - go to backup page 3. - Creat...

5.4CVSS0.3AI score0.00918EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/03/18 4:59 p.m.โ€ข213 views

Using vulnerable dependencies in package.json

Description 1. Hello team, The Showdoc is using a axios 0.17.1 dependency that is vulnerable to:๐Ÿ‘‡ 1. CVE-2021-3749 Regular Expression Denial of Service ReDoS 2. CVE-2020-28168 Server-Side Request Forgery SSRF 3. CVE-2019-10742 Denial of Service DoS Path to the file:...

1AI score0.08515EPSS
Exploits4
Huntr
Huntr
โ€ขadded 2022/01/26 3:40 p.m.โ€ข213 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Vuln : Stored XSS Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you change the value of name at "Setinngs" = "Website Settings" in the pimcore service. Proof of Concept...

3.5CVSS0.1AI score0.01438EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/07/11 3:37 p.m.โ€ข194 views

Open redirect when login successfully

Description Open redirect when login successfully via next parameter Proof of Concept POST /login?next=https://www.google.com/open-redirect HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=EUjtgvt3A20lSHYbTxBvfAxQi5gNHHzeI7Bda1HOGnWCioMA6cwQqYWXv8ONog4k User-Agent: Mozilla/5.0 Windows NT 10....

1.9AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2022/06/06 4:9 p.m.โ€ข186 views

Bypass to Remote Command Execution in uploading repository file

Description I find a bypass for CVE-2022-0415 and previous fixs. In the fix of CVE-2022-0415, gogs filter /.git/ by strings.HasSuffix and strings.Contains. However, use /.Git/ can bypass this and upload successfully Proof of Concept Create a repository in Gogs, upload a file config to the...

7.5CVSS8.6AI score0.97839EPSS
Exploits2
Huntr
Huntr
โ€ขadded 2022/06/06 11:9 a.m.โ€ข177 views

Regular Expression Denial of Service (ReDoS)

Description Affected versions of the package are vulnerable to Regular Expression Denial of Service ReDoS attacks for any string input controlled by the user. An attacker can provide a specially crafted input to the default function moment, which nearly matches the pattern being matched. This wil...

5CVSS3AI score0.04923EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/09/14 1:52 a.m.โ€ข172 views

Inefficient Regular Expression Complexity in fb55/nth-check

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in nth-check. It allows cause a denial of service when parsing crafted invalid CSS nth-checks. The ReDoS vulnerabilities of the regex are mainly due to the sub-pattern \s?:+-?\s\d+? with quantified...

5CVSS2.5AI score0.02014EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/11/07 9:25 a.m.โ€ข171 views

There is an RCE vulnerability

Description - There is an RCE vulnerability in qmpaas/leadshop https://github.com/qmpaas/leadshop v1.4.15. An attacker can access the file leadshop.php and call any existing function through GET to control the target host. The vulnerability is in the leadshop/web/leadshop.php27-61 file public...

7.5CVSS0.3AI score0.00936EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/03/11 9:30 p.m.โ€ข165 views

Template injection in connection test endpoint leads to RCE

Description Please enter a description of the vulnerability. Proof of Concept Run a local docker instance sh sudo docker run -p 3000:3000 --name sqlpad -d --env SQLPADADMIN=admin --env SQLPADADMINPASSWORD=admin sqlpad/sqlpad:latest Navigate to http://localhost:3000/ Click on Connections-Add...

6.5CVSS1.2AI score0.08669EPSS
Exploits12
Huntr
Huntr
โ€ขadded 2022/06/28 1:21 p.m.โ€ข162 views

Bypass open redirect protection

Description I could bypass the open redirect protection on the application after parsing the redirect function using the following payload http://[email protected]/ and the payload with the link in the following...

5.8CVSS5.1AI score0.00893EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2022/03/31 2:45 a.m.โ€ข156 views

EXIF Geolocation Data Not Stripped From Uploaded Images (vulnerability)

Vulnerability name: EXIF Geolocation Data Not Stripped From Uploaded Images vulnerability Description:- When the user uploads his profile picture, the uploaded imageโ€™s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of microweber users like their...

0.3AI score
Exploits0References4
Huntr
Huntr
โ€ขadded 2023/01/01 3:2 p.m.โ€ข155 views

Pre-auth RCE

Description An unauthenticated attacker can execute arbitrary python code by abusing js2py functionality. Also, due to the lack of CSRF protection, a victim can be tricked to execute arbitrary python code. Proof of Concept Run the command below and touch /tmp/pwnd gets executed. bash curl -i -s -...

7.5CVSS9.6AI score0.96988EPSS
Exploits13
Huntr
Huntr
โ€ขadded 2022/04/27 3:47 a.m.โ€ข150 views

Cross-site Scripting (XSS) - Stored via xHTML file upload

Description rosariosis is vulnerable to Stored XSS in the File upload in Assignments by uploading an xHTML file with the javascript code inside. Proof of Concept phish.xhtml alertdocument.domain; Step to reproduce From attacker side student 1.Login to the demo environment by student account...

0.5AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/20 11:47 a.m.โ€ข147 views

Server-Side Request Forgery (SSRF) in janeczku/calibre-web

Title Blind SSRF via URL fetch Summary calibre-web allows external URL fetching in order to upload a book cover. However, instead of external URL it is possible to point to localhost, which will be reached resulting in blind SSRF. Steps to reproduce 1. 1. As an admin give permissions to upload...

7.5CVSS7.9AI score0.00954EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2021/06/20 11:28 a.m.โ€ข144 views

in kalcaddle/kodexplorer

๐Ÿ’ฅ BUG any user can download any file ๐Ÿ’ฅ IMPACT download any kodexplorer uploaded file ๐Ÿ’ฅ STEP TO REPRODUCE 1. First goto your kodexplorer admin account and visit desktop .\ Now upload a txt file called a.txt to desktop .\ 2. Now open another browser and visit...

1.3AI score
Exploits0
Huntr
Huntr
โ€ขadded 2022/01/05 7:40 p.m.โ€ข139 views

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...

5.8CVSS7.8AI score0.01646EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/09/30 11:57 p.m.โ€ข136 views

Exposure of Sensitive Information to an Unauthorized Actor in blair2004/nexopos-4x

Description Exposure of server side sensitive information due to unhandled exception in handling request method. Proof of Concept 1. Go to this link http://v4.nexopos.com/api/nexopos/v4/crud/ns.payments-types/4 2. See that the page returns with sensitive server side data. Here is a sample...

0.3AI score
Exploits0
Huntr
Huntr
โ€ขadded 2022/10/04 1:34 p.m.โ€ข132 views

Php Remote file Inclusion and RCE

Description flatpresshas a feature to upload file "uploader" and display from "media manager". By uploading PHP files, the users can perform Php Remote file Inclusion attack and gain RCE. Copy the following code and save as test.Php note the uppercase. Proof of Concept test.Php test 1. login to...

7.5CVSS9.6AI score0.35435EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/05/13 1:30 a.m.โ€ข129 views

SSRF on /proxy

Description draw.io is vulnerable to SSRF on the /proxy endpoint. It's trivial to bypass the protections on checkUrlParameter. Proof of Concept 1. Make a request to proxy?url=http%3a//0:8080/ GET /proxy?url=http%3a//0:8080/ HTTP/1.1 Host: 127.0.0.1:8080 sec-ch-ua: "NotA:Brand";v="8",...

5CVSS7.5AI score0.08667EPSS
Exploits1References2
Huntr
Huntr
โ€ขadded 2022/12/24 8:32 a.m.โ€ข123 views

Stored XSS via XML File

Description When user upload a file with .xml extension and direct access this file, the server response with Content-type: image/svg+xml lead to processing XML as HTML file POC POST /flatpress-master/admin.php?p=uploader&action=default HTTP/1.1 Host: localhost Content-Length: 639 Origin:...

9.4AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2022/02/09 7:18 a.m.โ€ข121 views

Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot

Description In order to render raw HTML in Vue.js you may use v-html attribute, which opens a door for XSS in case of malicious input. Chatwoot actually uses it in several places, such as...

3.5CVSS5.7AI score0.04542EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/12/14 9:22 p.m.โ€ข120 views

Bypass All Captchas in the application

Description Bypass Captcha while adding a new Proposal for a new FAQ or Add question ,And send unlimited request without submit captcha code. Proof of Concept https://drive.google.com/file/d/140CMe4FLFLBmIUUbI8706bZ4zs4d7N/view?usp=sharing...

7.5CVSS9AI score0.00928EPSS
Exploits0
Huntr
Huntr
โ€ขadded 2021/09/09 11:25 a.m.โ€ข120 views

Inefficient Regular Expression Complexity in chalk/ansi-regex

โœ๏ธ Description It allows cause a denial of service when matching crafted invalid ANSI escape codes. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept // PoC.mjs import ansiRegex from 'ansi-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = "\u001B"+";".repeati10000; ansiRegex.testattackstr var timecost...

7.8CVSS2.8AI score0.03304EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/01/03 8:43 a.m.โ€ข118 views

XSS via upload pdf file

Description Hi there, It's my pleasure to submit a report to you again to maintain the safety of the project.Most users can upload files in the module named 'Resources' .We can upload pdf files.But uploading malicious pdf files will cause xss vulnerability which will cause great harm to users of...

4.9CVSS5.7AI score0.00519EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/02/08 6:19 p.m.โ€ข116 views

Stored XSS Bypass While add a new Comment

Description Stored XSS bypass in add comments function if you try to inject XSS payload like that won't work ,So I found a bypass that able to bypass cloudflare with the following payload or and click enter to add newline and click "add comment" func cc CommentController AddCommentctx gin.Context...

4.9CVSS5.2AI score0.00553EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/04/22 8:51 a.m.โ€ข112 views

Sed Injection Vulnerability

Description In Hestia Control Panel 1.5.11, several v-scripts shell scripts have sed injection vulnerabilities. By chaining these vulnerabilities, an authenticated remote attacker with low privileges can execute arbitrary code under root context. Sed injection vulnerabilities exist in the followi...

9CVSS9.1AI score0.04459EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/07/12 7:7 a.m.โ€ข111 views

Email Verification Bypass Leads To Account Takeover

Hello maintainer, i noticed that there is no ratelimit protetcion on https://book.dansmonorage.blue/confirm-email endpoint, so we can perform bruteforce attack Steps to reproduce: 1. Create a acount with victims email id 2. When the account is created, its ask for email confirmation via...

7.5CVSS0.9AI score0.11382EPSS
Exploits4
Huntr
Huntr
โ€ขadded 2023/06/28 5:0 p.m.โ€ข110 views

Vulnerable CKEditor used on version 4.2.9

Description When attaching image on mail feature, the upload using ckeditor vulnerable version that lead to RCE. Proof of Concept 1. Go to messages, 2. Write email 3. add image 4. Upload the php file. 5. access the uploaded php file in /admmyfiles/mail/images/ // PoC.js Content-Disposition:...

5.8CVSS7AI score0.00835EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/09/29 8:40 p.m.โ€ข106 views

in dbeaver/dbeaver

โœ๏ธ Description The dbeaver is vulnerable to XML External Entity XXE. An attacker that is able to provide a crafted XML file as input to the parseDocument function in the "XMLUtils.java" file may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files...

4.3CVSS0.7AI score0.00902EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/10/05 4:13 p.m.โ€ข104 views

Sensitive Cookie Without 'HttpOnly' Flag in vuestorefront/vue-storefront

โœ๏ธ Description HTTPOnly attribute is not set for session cookies "vsf-commercetools-token" in the application. Proof of Concept Check this for POC: Image Impact When a cookie doesnโ€™t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being...

0.8AI score
Exploits0
Huntr
Huntr
โ€ขadded 2022/05/04 7:11 a.m.โ€ข103 views

Cross-site Scripting (XSS) via Cookie Value

Description The is an XSS could be trigger via cookie value. Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded...

0.7AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/02 12:36 a.m.โ€ข100 views

Open Redirect in gnuboard/gnuboard5

Description php ?php includeonce'./common.php'; $g5'title' = "๋กœ๊ทธ์ธ ๊ฒ€์‚ฌ"; $mbid = isset$POST'mbid' ? trim$POST'mbid' : ''; $mbpassword = isset$POST'mbpassword' ? trim$POST'mbpassword' : ''; runevent'memberlogincheckbefore', $mbid; if !$mbid || !$mbpassword alert'ํšŒ์›์•„์ด๋””๋‚˜ ๋น„๋ฐ€๋ฒˆํ˜ธ๊ฐ€ ๊ณต๋ฐฑ์ด๋ฉด ์•ˆ๋ฉ๋‹ˆ๋‹ค.'; $mb =...

6.3AI score
Exploits0
Huntr
Huntr
โ€ขadded 2023/04/29 1:51 p.m.โ€ข99 views

Stored XSS and CSP Bypass in KiwiTCMS

Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform a Stored XSS. The problem is that the upload function permit...

6.2AI score
Exploits0
Huntr
Huntr
โ€ขadded 2022/06/01 6:43 a.m.โ€ข93 views

OS Command Injection in file editor

Description Deploy and run gogs. Proof of Concept 1. Create a repository and upload a file named config to the repository repo6. The content of the file is as follows: xml core repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true ignorecase = true precomposeunicode =...

7.5CVSS0.5AI score0.04483EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2020/09/02 12:0 a.m.โ€ข93 views

Command Injection in kylefarris/clamscan

Overview clamscan is a Use Node JS to scan files on your server with ClamAV's clamscan binary or clamdscan daemon. This is especially useful for scanning uploaded files provided by un-trusted sources. This package are vulnerable to Command Injection, itt is possible to inject arbitrary commands a...

6.8CVSS1.8AI score0.02122EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/07/07 12:59 a.m.โ€ข91 views

Mongoose Prototype Pollution Vulnerability

If an attacker has some way to control an object on the Mongo server through one way or another, it is possible to cause prototype pollution on any Mongoose client. Notably, if a poorly implemented service allows a user to control the object in findByIdAndUpdate and similar functions, this bug...

7.5CVSS6.7AI score0.0101EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/03/09 2:43 p.m.โ€ข91 views

Unrestricted file upload leads to stored XSS

Description A user can bypass checking and upload .aspx file which lead to stored XSS. Proof of Concept Log in as admin: https://demo.microweber.org/demo/admin/ Go to Websites Edit a page. Under Pictures, choose Add files Instead of uploading a normal picture, use the below request to upload an...

3.5CVSS4.6AI score0.00613EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2019/11/02 12:0 a.m.โ€ข89 views

Code Injection in mateodelnorte/meta-git

Description The meta-git module is vulnerable against command injection since the user-supplied inputs are concatenated with a command which is executed without validation. POC 1. Create a new directory and insert some test files: bash mkdir tests cd tests touch test touch secret touch files 2...

1.1AI score
Exploits0
Total number of security vulnerabilities4072