Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/06/02 11:28 p.m.32 views

Path Traversal vulnerability on the endpoint '/info/refs'

Summary It seems "gogs" suffers from a Path Traversal which may lead a malicious user to access another legitimate user's git config files or issue a couple of git commands on its behalf. Steps to reproduce and Proof of Concept 1. I created two users sim4n6 and sim4n62. 2. From sim4n6 dashboard...

5.5CVSS8.2AI score0.51136EPSS
Exploits1
Huntr
Huntr
added 2022/05/25 2:44 p.m.32 views

Heap-based Buffer Overflow in function vim_regsub_both

Description Heap-based Buffer Overflow in function vimregsubboth at regexp.c:1954 vim version git log commit 4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 HEAD - master, tag: v8.2.5037, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pocobw5s.dat -...

6.8CVSS7.7AI score0.01559EPSS
Exploits1
Huntr
Huntr
added 2022/05/22 3:6 a.m.32 views

Buffer Over-read in function utf_ptr2char

Description Buffer Over-read in function utfptr2char at mbyte.c:1794 vim version git log commit 31d9948e3a2529c2f619d56bdb48291dc261233d HEAD - master, tag: v8.2.5026, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch10ns.dat -c :qa!...

6.8CVSS7.8AI score0.02481EPSS
Exploits3References2
Huntr
Huntr
added 2022/05/14 3:25 a.m.32 views

NULL Pointer Dereference in function vim_regexec_string

Description NULL Pointer Dereference in function vimregexecstring at regexp.c:2733 allows attackers to cause a denial of service application crash via a crafted input. vim version git log commit 31ad32a325cc31f0f2bdd530c68bfb856a2187c5 HEAD - master, tag: v8.2.4949, origin/master, origin/HEAD...

1.9CVSS1.2AI score0.00523EPSS
Exploits1References2
Huntr
Huntr
added 2022/05/11 10:44 a.m.32 views

Heap-based Buffer Overflow

Description Heap-based Buffer Overflow in msp430op Environment radare2 5.6.9 0 @ linux-x86-64 git. commit: 5.6.9 build: 2022-05-0112:17:49 Build export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan" CXXFLAGS="-fsanitize=address -static-libasan" LDFLAGS="-fsanitize=address...

3.6CVSS7.1AI score0.00428EPSS
Exploits1
Huntr
Huntr
added 2022/05/09 7:21 a.m.32 views

Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2

This vulnerability is of type heap-buffer-overflow. And after quick investigation I think it is very likely to be successfully exploited to remote code execution. The bug exists in latest stable release radare2-5.6.8 and lastest master branch 5a9e0a19ba07e35382776fed9da2649ac824f526, updated in M...

4.3CVSS0.3AI score0.00681EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/12 4:15 p.m.32 views

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write

Description file.copy operations in GruntJS are vulnerable to a TOC-TOU race condition leading to arbitrary file write when an attacker can create a symlink just after deletion of the dest symlink by repeatedly calling ln -s /etc/shadow2 dest/shadow2 in a while loop but right before the symlink i...

6.9CVSS0.2AI score0.00299EPSS
Exploits1
Huntr
Huntr
added 2022/04/10 10:32 a.m.32 views

Stored XSS viva .svg file upload

Description The application allows .svg files to upload which leads to stored XSS Proof of Concept 1.Download the payload from this link:- https://drive.google.com/file/d/1c1BP5bxXBxtwLfRJTrEPgMWK1yVFDF2R/view?usp=sharing 2.Login to the application with Co-admin account and go to "Settings" -...

3.5CVSS8.9AI score0.00982EPSS
Exploits1
Huntr
Huntr
added 2022/03/29 4:18 a.m.32 views

SSRF on index.php/cobrowse/proxycss/

Description Live Helper Chat is vulnerable to SSRF on the /index.php/cobrowse/proxycss endpoint. It's possible to make internal requests and see the response as an authenticated user, it's also possible to make an request with any protocol using goppher://. Proof of Concept 1. Request...

5.5CVSS0.4AI score0.0094EPSS
Exploits1
Huntr
Huntr
added 2022/03/28 3:28 p.m.32 views

heap buffer overflow in get_one_sourceline

Description When fuzzing vim commit 471b3aed3 I discovered a heap buffer overflow. I'm using ubuntu 20.04 with clang 13 Proof of Concept Here is the minimized poc bash norm300gr0 so How to build bash LD=lld AS=llvm-as AR=llvm-ar RANLIB=llvm-ranlib CC=clang CXX=clang++ CFLAGS="-fsanitize=address"...

6.8CVSS7.7AI score0.01267EPSS
Exploits1
Huntr
Huntr
added 2022/03/26 7:46 a.m.32 views

stored xss

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage Proof of Concept 1. A low-priv user create a page with the following...

3.5CVSS2AI score0.01472EPSS
Exploits1
Huntr
Huntr
added 2022/03/21 8:45 p.m.32 views

Stored XSS Leads To Session Hijacking

Description Hello everyone, During my testing on openemr at the demo available here https://demo.openemr.io/openemr, I found a Stored XSS on filename at Uploading Documents Templates which is found on Administration tab, what makes this Stored XSS really severe is the ability of stealing session...

3.5CVSS5.9AI score0.0068EPSS
Exploits1
Huntr
Huntr
added 2022/02/21 8:0 a.m.32 views

Use of Out-of-range Pointer Offset

Description This issue occur in the v8.2.4428 version. Proof of Concept sh $ echo "dnMgIDPKKSAwMGNtZGxicmVh4OvbmfsA3ykA3/8wAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAhAAAA AAAAAODr3/f/fwAAAAAAAAAAAPZRIwAAAAAAa3N5bWxpbmsgCmJcJlx6cypcenMqQGU=" | base64 -d poc $ /valgrind/vg-in-place -s ./src/vim -u NONE -i NON...

6.5CVSS0.8AI score0.01622EPSS
Exploits1
Huntr
Huntr
added 2022/02/20 9:2 p.m.32 views

Unrestricted Upload of File with Dangerous Type

Description In recent Crater version bed05fc2 tag: 6.0.4 privileged user can upload PHP file as expense receipt. Proof of Concept POST /api/v1/expenses/59/upload/receipts HTTP/1.1 Host: 172.17.0.1:8888 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:98.0 Gecko/20100101 Firefox/98.0 Accept: /...

6.5CVSS7.5AI score0.0091EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/13 7:42 p.m.32 views

Improper Access Control in salesagility/suitecrm

Description In SuiteCRM v7.12.4, affecting Users Module, any user with the User Type as Regular User could modify other users profiles via the update profile section. The prerequisite of this attack is by knowing the user record ID and username User Name respectively. The user records ID can be...

4CVSS4.8AI score0.0065EPSS
Exploits1
Huntr
Huntr
added 2022/02/05 3:3 p.m.32 views

OS Command Injection in microweber/microweber

Description OS command injection also known as shell injection is a web security vulnerability that allows an attacker to execute arbitrary operating system OS commands on the server that is running an application, and typically fully compromise the application and all its data. Very often, an...

9CVSS1.2AI score0.51193EPSS
Exploits4
Huntr
Huntr
added 2022/01/31 11:25 a.m.32 views

None in vim/vim

Description Use After Free in enterbuffer function. commit : 5703310e640c4b142a16a3ea4f45317565ae8c32 Proof of Concept bash $ echo -ne "ZnUgUigpCiAgdGFiIGxvcAogIGxldCBsOj1nCiAgZQEKbGYKZW5kZgoKY2FsIGFzYWwoIiIsUigp KQpjYWwgYXNhbCgiIixSKCkpCmNhbCBhc2FsKCIiLFIoKSkKYnchCg==" | base64 -d poc ASAN $...

6.8CVSS8.5AI score0.01395EPSS
Exploits1
Huntr
Huntr
added 2022/01/29 6:53 a.m.32 views

Heap-based Buffer Overflow in vim/vim

Description Heap Overflow in exretab. This issue was created to separate the previous issue. This bug has already been fixed with patch 8.2.4245. Proof of Concept $ echo -ne "bm9ybTBvMDAwMDAwMDAwMDAwMDAwMDAwMDD/MJMwMDAKc2lsIW5vcm0WYxwwMAkwCmZ1IFJldGFi...

6.8CVSS0.3AI score0.01541EPSS
Exploits1
Huntr
Huntr
added 2022/01/28 4:1 a.m.32 views

None in vim/vim

Description Use after free occurs in skipwhite function charset.c:1474. commit : 166788c657f4b1090a31ea37a023b1f2c78790c8 Proof of Concept $ echo -ne "ZnUgUmUwYTAoZyxuKQp+CnMvCnIwIzAKZW5kZgpzL1wlJykvXD1hMDAwKDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwLCBSZTBhMCgnJywwMDApMDA=" | base64 -d...

6.8CVSS1.3AI score0.01395EPSS
Exploits1
Huntr
Huntr
added 2022/01/08 9:42 p.m.32 views

Insecure Temporary File in mlflow/mlflow

Description mlflow package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...

5CVSS2.7AI score0.01551EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/07 6:23 p.m.32 views

in unshiftio/url-parse

Description Improperly handeling username and password . And unable to detect the hostname . Proof of Concept url-parse not able verify basic authentication credential and also wrongly verifying hostname .This allow to bypass hostname validation .\ Lets username is admin and password is...

5CVSS7.2AI score0.01782EPSS
Exploits1
Huntr
Huntr
added 2022/01/07 9:26 a.m.32 views

Heap-based Buffer Overflow in vim/vim

Description A Heap-based Buffer Overflow has been found in vim commit 2f0936c Proof of Concept base64 poc ZGVmIEZpcnN0RnVuY3Rpb24oKQogIGRlZiBTZWNvbmRGdW5vbmUKJCAgCiAgIGVuZGRCQkJCCmVu ZGRlZgojIEN/////bGUgYWxsZWZ8QkJCQgplbmRkZWYKIyBDb21waWxlIGFsbCBmdW5jdGlvbnMK ZGVmY29tcGlsZQo=...

4.3CVSS5.4AI score0.01709EPSS
Exploits1
Huntr
Huntr
added 2021/12/25 3:10 a.m.32 views

Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat

Description The htmlspecialchars function does not escape special characters like single quote, and the $prefix parameter can lead to reflected XSS Proof of Concept https://demo.livehelperchat.com/siteadmin/user/avatarbuilder/1?=1640314779051&prefix=123%27;;%20alert%27xss%27;// Impact XSS can hav...

4.3CVSS1.6AI score0.00948EPSS
Exploits1
Huntr
Huntr
added 2021/09/14 7:2 a.m.32 views

Cross-site Scripting (XSS) - Reflected in pheditor/pheditor

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.3AI score
Exploits0References2
Huntr
Huntr
added 2021/07/16 3:30 p.m.32 views

Inefficient Regular Expression Complexity in apidoc/apidoc-core

✍️ Description A ReDoS regular expression denial of service flaw was found in the apidoc-core package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar attack ref:...

0.2AI score0.03732EPSS
Exploits1
Huntr
Huntr
added 2020/11/19 12:0 a.m.32 views

Prototype Pollution in mozilla/node-convict

Description convict is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var convict = require"convict"; var obj = ; var config =...

7.5CVSS2.3AI score0.02027EPSS
Exploits1
Huntr
Huntr
added 2026/01/07 5:21 a.m.31 views

Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading

Summary A critical arbitrary code execution vulnerability exists in HuggingFace Transformers' Trainer class. The loadrngstate method at src/transformers/trainer.py:3059 calls torch.load without the weightsonly=True parameter. While a safeglobals context manager wraps this call, it provides no...

7.8CVSS6.6AI score0.00349EPSS
Exploits1
Huntr
Huntr
added 2023/09/03 7:23 p.m.31 views

SQL injection and Authentication bypass

Description The validApiKey middleware, which is responsible for verifying API keys provided in the request's Authorization header, is susceptible to SQL injection. This vulnerability can potentially lead to an authentication bypass, granting unauthorized access to API endpoints. NOTE: It's worth...

5CVSS9AI score0.00585EPSS
Exploits1
Huntr
Huntr
added 2023/08/28 7:50 p.m.31 views

Store DOM XSS in Edit configuration

Description I noticed, your website is very secure. But you overlooked a flaw XSS Proof of Concept 1 .Login vs admin demo account and access admin page. 2 .Create a category titled "test456". 3 .Go to Configuration == Edit configuration. 4 .Change the "URL of your FAQ" data field with the payload...

5.8CVSS6.7AI score0.00488EPSS
Exploits0
Huntr
Huntr
added 2023/06/07 7:33 a.m.31 views

Open Redirect on follow/unfollow user's profile action

Description The idea is similar to CVE-2022-1058 https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d/ . Browsers interpreted \example.com - https://example.com and lead to open redirect Proof of Concept The vulnerable API is lie in follow/unfollow action on user's profile. In order to...

3.6CVSS6.8AI score0.53177EPSS
Exploits2References1
Huntr
Huntr
added 2023/04/10 1:11 p.m.31 views

Github token with wide access to Nuxt related repositories leaked in the wild

Description If you visit https://nuxt.com, you will find hardcoded Github token in the source code of the page - ghpYXegsf40mjoFZMPSdntLbrGIBRZYKf0i2FoK. This token has access to multiple repositories under nuxt , nuxtlabs and nuxt-themes Github organisations. https://github.com/nuxt Admin...

7.5CVSS9.2AI score0.0074EPSS
Exploits0
Huntr
Huntr
added 2023/03/27 2:30 a.m.31 views

heap-buffer-overflow in vim_regsub_both

Description heap based buffer overflow in in vimregsubboth at regexp.c:2473 Vim Version git log commit 1a08a3e2a584889f19b84a27672134649b73da58 HEAD - master, tag: v9.0.1429, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S POCvimregsubboth -c :qa!...

4.4CVSS7.4AI score0.006EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/22 6:47 p.m.31 views

Annotation tool: token forgery using jwt secret to claim super admin role

Although the annotator tool's source code is not directly provided in the repository a docker image is provided. From there it is easy to get access to the source code by either extracting the docker tar image, which can be exported from docker itself, or connecting to the container with an...

7.5CVSS8.8AI score0.00843EPSS
Exploits1
Huntr
Huntr
added 2023/02/21 9:57 p.m.31 views

Observable Timing Discrepancy in Login Portal

Description An observable discrepancy in response times is present in the login portal. When brute forcing valid email accounts, the timing on a valid account is significantly higher than that of an invalid user account. This is likely due to the use of Bcrypt's compare function being utilized by...

5CVSS5.5AI score0.00639EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/12 6:32 p.m.31 views

Stored XSS edit Config Link

Description Stored Cross-Site Scripting XSS through hyperlinks refers to a type of security vulnerability that occurs when an attacker injects malicious code into a hyperlink, which is then stored in the application's database or web server. When a user clicks on the infected hyperlink, the...

4.9CVSS5.1AI score0.00532EPSS
Exploits1
Huntr
Huntr
added 2023/02/09 6:3 p.m.31 views

File Upload lead to Stored XSS bypass csp

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. 1-Login to your application and create a Store called “Test” make all the...

4.9CVSS5.3AI score0.00476EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/28 12:12 a.m.31 views

weak Password Policy Directory Protection

Hello, The strong Password Policy is everywhere in place. BUT The Directory Protection Part allows to bypass this strong Password Policy and setting a Password like 1. This is very easy to bruteforce. Lets see : ------ Password is set to 1 and it will get accepted. As you can see the Password got...

5CVSS7.4AI score0.00455EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/25 8:39 a.m.31 views

File Upload Type Validation Error lead to Stored XSS

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. STEPSTOREPRODUCE 1. Login to your application and create a Store called...

4.9CVSS5.3AI score0.00476EPSS
Exploits1References2
Huntr
Huntr
added 2023/01/18 4:26 a.m.31 views

Email enumeration via reset password functionality

Description User enumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system. The malicious actor is looking for differences in the server's response based on the validity of submitted credentials. The differences can be inside the...

5CVSS5.4AI score0.00639EPSS
Exploits1
Huntr
Huntr
added 2022/12/28 1:22 p.m.31 views

CSRF to add shortcuts to victim account

Description Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user Proof of Concept 1 Go to...

3.5CVSS0.7AI score0.00528EPSS
Exploits1
Huntr
Huntr
added 2022/12/12 10:58 a.m.31 views

Cross-site Scripting (XSS) - Stored

✍️ DESCRIPTION The activatetemplate parameter at line 16 of the templates.php file will be rendered at line 31 of file the dashboard.php page, without using the htmloutput function. 💥 STEP TO REPRODUCE - Login to your admin account, then visit the URL...

4.3CVSS5.7AI score0.00682EPSS
Exploits1
Huntr
Huntr
added 2022/11/04 10:30 a.m.31 views

Html Injection Reflected in Login Page

Description HTML Injection is a vulnerability in which the attacker can inject malicious html content in the login webpage. Proof of Concept Navigate to: https://demo.froxlor.org/index.php?showmessage=4&customermail=%22%3Cmarquee%3E%3Ch3%3EHTML/INJECTION/HERE%[email protected]...

5.8CVSS1AI score0.01265EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/04 12:46 a.m.31 views

Authenticated SQL injection via filename & update-instance parameters

There is a SQL injection vulnerability inside saveMeta function in AttachmentAbstract.php. When a file is being uploaded via admin/index.php?action=ajax&ajax=att&ajaxaction=upload endpoint, the filename parameter isn't being sanitized and its later on interpolated into a raw SQL query inside...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/09/15 11:31 p.m.31 views

Remote Code Execution (RCE) via Arbitrary File Write and Path Traversal

Description Immich constructs the path, filename, and file extension of uploaded files from improperly sanitized user input. Therefore, the upload function is vulnerable to a path traversal attack leading to arbitrary file write. This can lead to RCE by overwriting JavaScript files. Proof of...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2022/08/15 2:17 a.m.31 views

use after free in function generate_PCALL

Description Use After Free in function generatePCALL at vim/src/vim9instr.c:1606 vim version git log commit 249e1b903a9c0460d618f6dcc59aeb8c03b24b20 grafted, HEAD - master, tag: v9.0.0213, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S poc2huaf.dat -c :qa!...

4.4CVSS7.5AI score0.00727EPSS
Exploits1
Huntr
Huntr
added 2022/08/12 11:8 a.m.31 views

Out-of-bounds read in function check_vim9_unlet in vim/vim

Description Out-of-bounds read in function checkvim9unlet at vim/src/vim9cmds.c:95 Vim version git log commit 326c5d36e7cb8526330565109c17b4a13ff790ae grafted, HEAD - master, tag: v9.0.0194, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/hbo1min.dat -c :q...

4.4CVSS7.5AI score0.00513EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 4:21 a.m.31 views

Heap-based buffer overflow in function inc

Description Heap-based buffer overflow in function inc at misc2.c:344 Version commit 8eba2bd291b347e3008aa9e565652d51ad638cfa HEAD, tag: v8.2.5151 Proof of Concept guest@elk:/trung$ valgrind ./vimlatest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc80min3 -c :qa! ==6151== Memcheck, a memo...

6.8CVSS0.01224EPSS
Exploits1
Huntr
Huntr
added 2022/06/26 5:26 p.m.31 views

Null pointer dereference in function skipwhite

Description Null pointer dereference in function skipwhite at charset.c:1428 Version commit c101abff4c6756db4f5e740fde289decb9452efa HEAD - master, tag: v8.2.5164 Proof of Concept guest@elk:/trung$ valgrind ./vimlatest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc40min -c :qa! ==32519==...

4.3CVSS6.2AI score0.01226EPSS
Exploits1
Huntr
Huntr
added 2022/06/25 9:30 a.m.31 views

Out-of-bound write in function ml_append_int

Description Out-of-bound write in function mlappendint at memline.c:2895 Version commit 8eba2bd291b347e3008aa9e565652d51ad638cfa HEAD, tag: v8.2.5151 Proof of Concept guest@elk:/trung$ valgrind ./vim2/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/guest/trung/poc/poc35min -c ':qa!' ==28900==...

6.8CVSS7.7AI score0.01331EPSS
Exploits1
Huntr
Huntr
added 2022/06/20 4:57 p.m.31 views

UI REDRESSING

Description Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills...

5.8CVSS0.9AI score0.00638EPSS
Exploits1References3
Total number of security vulnerabilities4072