Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/06/20 4:57 p.m.31 views

UI REDRESSING

Description Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills...

5.8CVSS0.9AI score0.00638EPSS
Exploits1References3
Huntr
Huntr
added 2022/06/06 8:54 p.m.31 views

Stored XSS via Deserialization of Stylesheets

Description Diagram files can contain stylesheets which basically consist of key value pairs that influence the appearance of digram elements. When adding a stylesheet mxStylesheet element it is possible to execute JavaScript code when used in combination with the internal include element. Usuall...

3.5CVSS1.6AI score0.00607EPSS
Exploits1
Huntr
Huntr
added 2022/06/06 7:9 p.m.31 views

use after free in skipwhite

Description When fuzzing vim commit 1d97db3d9 works with latest build and latest commit 3760bfddc per this time of this report, I discovered a use after free. Proof of Concept Here is the minimized poc bash spe!fl norm0z= norm0yy no0 Psvc sil!norm0 norm0 How to build bash LD=lld AS=llvm-as...

6.8CVSS7.4AI score0.01411EPSS
Exploits1
Huntr
Huntr
added 2022/06/03 4:20 p.m.31 views

Out-of-bounds write in function append_command

Description Out-of-bounds write in function appendcommand at exdocmd.c:3447 vim version git log commit bfaa24f95343af9c058696644375d04e660f1b00 HEAD - master, tag: v8.2.5052, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocobw6s.dat -c :qa!...

6.8CVSS7.7AI score0.01527EPSS
Exploits1
Huntr
Huntr
added 2022/05/27 1:18 a.m.31 views

Local Command Injection Post-Installation of Dependencies

Description grav version x";touch pwned "/user/plugins/problems sh: 1: cd: can't cd to x SUCCESS cloned https://github.com/getgrav/grav-plugin-error - x";touch pwned "/user/plugins/error sh: 1: cd: can't cd to x SUCCESS cloned https://github.com/getgrav/grav-plugin-markdown-notices - x";touch pwn...

7.5AI score
Exploits0
Huntr
Huntr
added 2022/05/21 2:15 p.m.31 views

Use of Uninitialized Function Pointer

Description When providing a crafted input binary to radare2, the context-readaddr function pointer is never initialized before use. This is due to the switch statement responsible for the assignment not finding a matching value for its switch cases. Calling function c static bool...

6.8CVSS7.4AI score0.00855EPSS
Exploits1
Huntr
Huntr
added 2022/04/26 10:30 a.m.31 views

Cross-site Scripting (XSS)

Proof of Concept 1 Login to the webapplication 2 Navigate to the below URL URL :- https://demo.livehelperchat.com/siteadmin/system/languages/updated/true/sa/HEXX%22%3E%3Ca%20onmouseover=alert11122%3EDEXX%3Ca Below some image POC...

4.3CVSS5.1AI score0.00622EPSS
Exploits1
Huntr
Huntr
added 2022/04/23 3:9 p.m.31 views

Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function

Description Out-of-bounds OOB read vulnerability exists in rbinjavabootstrapmethodsattrnew function in Radare2 5.6.9. This is similar with CVE-2022-0518 and CVE-2022-0521. Version radare2 5.6.9 27745 @ linux-x86-64 git.conti commit: 14189710859c27981adb4c2c2aed2863c1859ec5 build: 2022-04-2311:05:...

5.8CVSS6.4AI score0.01005EPSS
Exploits3References2
Huntr
Huntr
added 2022/04/23 8:34 a.m.31 views

Stored Cross Site Scripting vulnerability in the checked_out_to parameter

Description The checkedoutto is not escaped, which leads to a XSS problem. Proof of Concept 1. 1.Login to the demo account 2. 2.Report-Depreciation Report 3. 3.Choose a Asset and goto Assets menu and check it out. new a location which is '" and check the asset to this location 4. 4.Return to...

3.5CVSS1.4AI score0.00765EPSS
Exploits1
Huntr
Huntr
added 2022/04/14 12:14 p.m.31 views

Use of Out-of-range Pointer Offset

Description This issue occur in the version 8.2.4739 Proof of Concept ➜ vim git:master ✗ echo -n AO8A9C4K/QAKaWZ7e3t7e30tPigzKSg/PWEpezAsMSYKaWZ7e2Z7eyAtPig/PVk8ezAsMTB9Yb7dMH1hvt17MRAALS6zNQAAAAr/AF0KgAr1 | base64 -d POC1 ➜ vim git:master ✗ ./src/vim -u NONE -i NONE -n -X -Z -e -m -s -S POC1 -c...

4.3CVSS6.2AI score0.01466EPSS
Exploits1
Huntr
Huntr
added 2022/04/04 7:11 a.m.31 views

Heap-based Buffer Overflow in libr/bin/format/ne/ne.c

This vulnerability is of type heap-buffer-overflow. And after quick investigation I think it is very likely to be successfully exploited to remote code execution. The bug exists in latest stable release radare2-5.6.6 and lastest master branch 8317a34b7e4ab731e230dcdd81adc9323c5b518b, updated in...

6.8CVSS7.8AI score0.00827EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/23 1:8 p.m.31 views

Stored XSS in Tooltip

Description The Classes in Data Objects have the Tooltip field. It is vulnerable to XSS attack. Proof of Concept STEP1: login https://demo.pimcore.fun/admin/ STEP2: Settings-Data Objects-Classes. Then choose an item, like product Data-AccessoryPart AP-compatibleTo。 STEP3: add payload in tooltip...

3.5CVSS1.2AI score0.0079EPSS
Exploits1
Huntr
Huntr
added 2022/03/21 5:15 a.m.31 views

Reflected Cross Site Scripting

Vulnerability Type Reflected Cross Site-Scripting XSS Affected URL https://localhost/openemr-6.0.0/interface/main/calendar/index.php Affected Parameters “newname” Authentication Required? Yes Issue Summary A reflected XSS vulnerability found in “/interface/main/calendar/index.php” that allows Adm...

3.5CVSS0.5AI score0.00592EPSS
Exploits2References1
Huntr
Huntr
added 2022/03/15 9:42 a.m.31 views

URL Confusion When Scheme Not Supplied

Description This is a URL confusion vulnerability. When parsing a URL without a scheme and with excessive slashes, like ///www.example.com, URI.js will parse the hostname as null and the path as /www.example.com. Such behaviour is different from that exhibited by browsers, which will parse...

5.8CVSS6.5AI score0.00787EPSS
Exploits1
Huntr
Huntr
added 2022/03/12 2:18 a.m.31 views

Stored xss in showdoc through file upload

Description Hi. This is a bypass to the report in https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf/ . It fails to check for files with the extension .shtml which leads to stored xss Proof of Concept // poc.shtml adsasdadsdsa alert1 Impact Stored Xss...

3.5CVSS5.6AI score0.00538EPSS
Exploits1
Huntr
Huntr
added 2022/02/26 5:57 a.m.31 views

Server-Side Request Forgery (SSRF)

Description Alltube takes URL from the query parameter and directly uses it in the youtube-dl command, It makes any unauthenticated attacker can perform an SSRF attack and pass internal hostnames in the URL parameter and obtain information about that service from the response. Proof of Concept GE...

6.4CVSS0.4AI score0.01617EPSS
Exploits1
Huntr
Huntr
added 2022/02/19 8:13 p.m.31 views

Denial of Service

Description A malformed mdmp file causes a DoS attack and leads to resource exhaustion. Proof of Concept bash printf "%s" "TURNUJOnkwAA9f8AIwAAAAAAAAAA4FJj5gADAAAAGwAAAAAEAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAA" | base64 -d /tmp/a strace r2 /tmp/a This hangs and leads to resource exhaustion...

4.3CVSS5.9AI score0.00989EPSS
Exploits1
Huntr
Huntr
added 2022/02/10 10:32 p.m.31 views

in gravitl/netmaker

Description Netmaker is an applicaton that enable easly deployment of a mesh vpn based on Wiregaurd. To authenticate and manage users throughout the application, it is used JWT tokens. The secret key used to sign these tokens is hard-coded in the code, which means they can be faked. So, an attack...

10CVSS9.4AI score0.017EPSS
Exploits1
Huntr
Huntr
added 2022/01/23 5:21 p.m.31 views

in vim/vim

Description Stack Pointer $RSP is corrupted at function eval7t in eval.c during calling eval3, eval4, eval5, eval6, eval7... continuously while parsing too many brackets. vim version : 8.2.4195 latest commit hash : 79a6e25b79cdb35e00d8b364516103eb358d8cc7 Proof of Concept $ echo -ne...

4.6CVSS9.3AI score0.00609EPSS
Exploits1
Huntr
Huntr
added 2022/01/19 11:56 a.m.31 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

Description CSRF issues deleting the content of the website since it is having no CSRF token validation. Request POST /demo/api/content/delete HTTP/1.1 Host: demo.microweber.org User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:96.0 Gecko/20100101 Firefox/96.0 Accept: / Accept-Language:...

4.3CVSS0.8AI score0.00679EPSS
Exploits1
Huntr
Huntr
added 2022/01/19 11:48 a.m.31 views

in microweber/microweber

Description Sensitive information as part of the error is getting disclosed during the upload of an unrestricted file. Steps to Reproduce Instance 1 1. Log in to the application https://demo.microweber.org 2. Add a new post and upload an SVG file and you will see an error message getting Popped o...

4CVSS6.6AI score0.01151EPSS
Exploits1
Huntr
Huntr
added 2022/01/17 3:5 p.m.31 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you add media query at "Settings" = "Thumbnails" = "Video Thumbnails" in the pimcore service. Proof of Concept txt XSS POC...

4.3CVSS0.2AI score0.0154EPSS
Exploits1
Huntr
Huntr
added 2022/01/04 2:4 p.m.31 views

in vim/vim

Description A heap-based OOB read of size 1 occurs when a user tries to open a vim session file specified below. This happens regardless of any command line options that could be specified to restrict vim, such -Z and -m. This bug has been found on default vim build lastest commit hash...

6.8CVSS8.7AI score0.01739EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/09 4:42 a.m.31 views

Improper Access Control in snipe/snipe-it

Description Regular users with DENY set to all models permissions can still view model information via the /models/id/clone endpoint due to no authorize'view' permission being set. Proof of Concept 1: Create regular user and set DENY to all permissions in asset models. 2: Login as the user 3:...

4CVSS2.3AI score0.00697EPSS
Exploits1
Huntr
Huntr
added 2021/10/29 9:48 a.m.31 views

Use of Uninitialized Variable in vim/vim

Greetings, A Stack Buffer Overflow issue was discovered in Vim. The POC file is reduced to the absolute minimum to reproduce the problem. Please see sanitizer output and the "trimmed" POC file link below. System info OS version : Ubuntu 20.04.2 LTS + Clang 12 with ASan Vim Version : master2446ec9...

4.6CVSS7.6AI score0.00591EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/21 10:17 a.m.31 views

Cross-site Scripting (XSS) - Stored in shopware/shopware

Description Stored XSS when add media file with format .svg allows for arbitrary execution of JavaScript Proof of Concept // PoC.req POST /shopware/backend/mediaManager/upload?albumID=-10 HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2021/10/18 8:47 p.m.31 views

Cross-site Scripting (XSS) - Stored in osticket/osticket

Description As it is written on github profile, osTicket is a widely-used open source support ticket system. During source code research I discovered bad uploaded file type check, which is controlled by user. Unauthenticated user can upload malicious html/js file. FROM OWASP:: Cross-Site Scriptin...

5.8CVSS6AI score0.00624EPSS
Exploits1
Huntr
Huntr
added 2021/09/26 9:33 p.m.31 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in khodakhah/nodcms

Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...

Exploits0References1
Huntr
Huntr
added 2021/07/04 7:48 p.m.31 views

Cross-site Scripting (XSS) - Stored in aimeos/aimeos-laravel

✍️ Description Integrated online shop based on Laravel 6 LTS and the Aimeos e-commerce framework this webapp is vulnerabel for stored xss thru filename 🕵️‍♂️ Proof of Concept 💥 Impact This vulnerability is capable admin ac takeover , XSS...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2021/06/15 6:52 a.m.31 views

in polonel/trudesk

💥 BUG Unprivileged user can subscribs others to a ticket 💥 IMPACT user with lower level permission can subscribe others to a ticket 💥 STEP TO REPRODUCE 1. First from admin goto http://localhost:8118/teams and create a team called team2.\ Now goto http://localhost:8118/accounts/agents and add new...

6.5CVSS8.6AI score0.0336EPSS
Exploits1
Huntr
Huntr
added 2021/04/30 1:50 p.m.31 views

Improper Privilege Management in chatwoot/chatwoot

✍️ Description Privilege escalation bug to add agent in a inbox 🕵️‍♂️ Proof of Concept 1. First goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list from admin account and add a user B as agent . 2. now goto https://app.chatwoot.com/app/accounts/4534/settings/inboxes/list and add a...

0.5AI score
Exploits0
Huntr
Huntr
added 2020/05/04 12:0 a.m.31 views

Command Injection in zaach/jison

Overview jison is a package that provides an API for creating parsers in JavaScript. Affected versions of this package are vulnerable to Command Injection. Arbitrary OS shell command execution is possible through a crafted command-line argument...

10CVSS4.9AI score0.03633EPSS
Exploits1References1
Huntr
Huntr
added 2023/08/19 11:50 a.m.30 views

Reflected xss in installation space parameter

Description Cross-Site Scripting XSS is a type of security vulnerability that occurs when an attacker injects malicious code, usually in the form of scripts, into a web application. This code is then executed by unsuspecting users who visit the affected web page. in this case the path of...

5.8CVSS6.1AI score0.02268EPSS
Exploits1References1
Huntr
Huntr
added 2023/07/01 7:37 p.m.30 views

Fossbilling is Vulnerable to HTML Injection During the Generation of Invoices, Which Leads To An Open Redirect Vulnerability.

Description FOSSBilling suffers from a lack of sanitization in the handling of admin input values. This issue manifests when clients attempt to generate invoices for their orders. Specifically, in the PDF generation of invoices, the company name, editable through the admin portal, is included. An...

4.3CVSS6.9AI score0.00646EPSS
Exploits0References2
Huntr
Huntr
added 2023/06/10 5:31 p.m.30 views

Directory listing in multiple endpoints

Description Teampass has directory listing by default for various endpoints that eventually discloses application-specific and user data and files. Proof of Concept Visit the following endpoint without logging in to the application. Sensitive - https://127.0.0.1/includes configs -...

5CVSS6.7AI score0.00828EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/08 8:37 p.m.30 views

XSS @ Stop Words

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Code 1: $ajaxAction = Filter::filterInputINPUTGET, 'ajaxaction', FILTERUNSAFERAW; $instanceId =...

5.8CVSS6.2AI score0.00447EPSS
Exploits0
Huntr
Huntr
added 2023/02/28 5:58 p.m.30 views

Stored xss in print generate and preview pdf

HI Team, In pimcore dev url https://11.x-dev.pimcore.fun/admin/ I found one stored xss in generate and preview pdf . The author field and title field is vulnerable to xss Step to reproduce 1. Login to dev url https://11.x-dev.pimcore.fun/admin/ 2. add a print container page in documents 3. Insert...

4.3CVSS5.3AI score0.00428EPSS
Exploits1
Huntr
Huntr
added 2023/02/14 6:6 p.m.30 views

Privilege escalation from user with "add user" to super admin

Description Before I created this submission, I read this report: https://huntr.dev/bounties/258cd498-7275-4b12-ac73-79c9ba3e58e4/. I was afraid that my submission would be a duplicate of that. After reading it carefully, I decided to make a report because my report is not exploiting the backup...

6.5CVSS8.3AI score0.00876EPSS
Exploits1
Huntr
Huntr
added 2023/02/14 4:41 a.m.30 views

heap-use-after-free in function bt_quickfix

Description heap-use-after-free in function btquickfix at buffer.c:5770 Vim Version git log commit 32ff96ef018eb1a5bea0953648b4892a6ee71658 HEAD - master, tag: v9.0.1307, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S btquickfixpoc -c :qa!...

4.4CVSS7AI score0.00528EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/06 5:29 a.m.30 views

Out of Range Pointer offset in mb_charlen of mbyte.c

Description Out of Range Pointer offset in mbcharlen of mbyte.c Vim Version git log commit 78012f55faf7444e554c0a97a589d99fa215bea9 HEAD - master, tag: v9.0.1275, origin/master, origin/HEAD POC ./vim -u NONE -X -Z -e -s -S poc01.dat -c ':qa!' Segmentation Fault GDB gdb ./vim gdb run -u NONE -X -Z...

1.7CVSS5.8AI score0.00409EPSS
Exploits1References2
Huntr
Huntr
added 2023/01/25 3:18 p.m.30 views

Privilege Escalation from customer to root

Privilege Escalation from Customer to Root First of all, sorry for the formatting of the report, but this platform is a mess. I can't attach any PoC files added chapters at the end of the report instead, can't attach any screenshots, nor provide a report as PDF. And btw markdown is only partly...

6.5CVSS9.3AI score0.01119EPSS
Exploits1
Huntr
Huntr
added 2022/12/26 6:45 a.m.30 views

Delete all note of all user in application

Description A user with login permission can delete all notes of the whole application via API DELETE https://demo.usememos.com/api/memo/$idnote Proof of Concept Link: https://drive.google.com/file/d/1P0MvqadCdTo1yxK9VBkm5ntwBvJMSZa8/view?usp=sharing...

5.5CVSS0.00761EPSS
Exploits1
Huntr
Huntr
added 2022/12/24 2:22 p.m.30 views

Delete any post for all users via IDOR

Description Delete any post for all users via IDOR Proof of Concept 1- Post anything 2- Open Burp Suite to intercept the request 3- When deleting the post, we will notice that there is DELETE /api/memo/1010 in the request, Here the post id will be 1010 4- This number can be changed and any post y...

6.4CVSS0.7AI score0.00762EPSS
Exploits1
Huntr
Huntr
added 2022/10/26 7:2 p.m.30 views

Dev Server XSS

Description The developer server unsafely renders the stack trace within errors. This can be manipulated by sending a specially crafted request. Root Cause The error-dev.vuetemplate, within @nuxt\ui-templates uses the v-html directive to render the stacktrace section of the error. vue This would...

5.8CVSS1.3AI score0.00509EPSS
Exploits1
Huntr
Huntr
added 2022/10/25 6:20 p.m.30 views

Path Traversal - Download remote files by exploiting the backup functionality (Authenticated)

Description The vulnerability found in the backup system allows an Administrator of the CMS to download any files on the remote file system not only backup files by exploiting a "Path Traversal". The vulnerability does not require any user interaction and is very simple to exploit. Proof of Conce...

7AI score
Exploits0
Huntr
Huntr
added 2022/09/29 6:36 p.m.30 views

No rate limit on email triggering during "resend email" action results in email flooding or a spam attack or a financial loss to the company itself

Description When a user is setting up 2FA , a verification code will be sent to the registered email . There is no rate limit on email triggering that will result in an email flood / does attack or will also increase the expenses on your mail server as an attacker can send 1 million emails throug...

7.5CVSS0.1AI score0.00598EPSS
Exploits0
Huntr
Huntr
added 2022/09/22 12:41 a.m.30 views

Use After Free in function process_next_cpt_value

Description Use After Free in function processnextcptvalue at insexpand.c:3227. vim version git log commit 5c645a25bb8e6d766db720a44b9ceeff39d1e92b HEAD - master, tag: v9.0.0538, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/fuzz/test/poc11huaf.dat -...

4.4CVSS7.7AI score0.00496EPSS
Exploits1
Huntr
Huntr
added 2022/09/14 9:33 a.m.30 views

Use After Free in function getcmdline_int

Description Use After Free in function getcmdlineint at vim/src/exgetln.c:2547. vim version git log commit 470a14140bc06f1653edf26ab0b3c9b801080353 grafted, HEAD - master, tag: v9.0.0461, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S...

4.4CVSS7.7AI score0.00475EPSS
Exploits1
Huntr
Huntr
added 2022/09/01 9:55 a.m.30 views

Use After Free in function do_cmdline

Description Use After Free in function docmdline at vim/src/exdocmd.c:1076. vim version git log commit 5d09a401ec393dc930e1104ceb38eab34681de64 HEAD - master, tag: v9.0.0343, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/fuzz/test/poc7huaf.dat -c :qa...

4.4CVSS0.00464EPSS
Exploits1
Huntr
Huntr
added 2022/08/22 2:50 a.m.30 views

NULL Pointer Dereference in function do_mouse

Description NULL Pointer Dereference in function domouse at vim/src/mouse.c:496 . vim version git log commit 171c683237149262665135c7d5841a89bb156f53 HEAD - master, tag: v9.0.0242, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/poc3null.dat -c :qa!...

1.9CVSS0.6AI score0.00692EPSS
Exploits1
Total number of security vulnerabilities4072