Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/08/15 1:27 p.m.30 views

Improper Authorization lead a user add an arbitrary agent into Team

Description A Vulnerability in edit team function lead an user add another user via ID to Team, alternatively know the email of every user in Chatwoot Step to reproduce - login to the app -navigate to the Team setting: https://app.chatwoot.com/app/accounts/id/settings/teams/list -Create new or ed...

5.5CVSS6.9AI score0.00512EPSS
Exploits1
Huntr
Huntr
added 2022/07/12 4:18 a.m.30 views

Account Takeover

Hello team, while i was testing on https://book.dansmonorage.blue/login i noticed that there is no ratelimit protection on POST login form, so an attacker can takeover the account by brute forcing the password field Steps to reproduce: 1. go to https://book.dansmonorage.blue/login 2. Enter...

7.5CVSS7.3AI score0.01384EPSS
Exploits1
Huntr
Huntr
added 2022/07/02 4:15 p.m.30 views

Cross-site scripting - Stored via upload ".pages" file

Description In file upload function, the server allow upload .pages file with contain some javascript code lead to XSS. Proof of Concept REQUEST: POST /demo/plupload HTTP/1.1 Host: demo.microweber.org Cookie: laravelsession=r768Tqzv8h0fkjgvKdofhxgmjcorT6pwuqMKJkIb;...

3.5CVSS0.1AI score0.005EPSS
Exploits1References1
Huntr
Huntr
added 2022/07/01 6:42 p.m.30 views

Full Read Server-Side Request Forgery (SSRF)

🔒️ Requirements Privileges: None. 📝 Description The avatarUrl post parameter from /api/users.update and /api/teams.update api endpoint isn't sanitize and permit to get a full read SSRF exploitation. When updating user's or team's avatar, even if from client side we can only change it by uploading...

6.9AI score
Exploits0
Huntr
Huntr
added 2022/06/29 8:10 a.m.30 views

Integer Overflow in function del_typebuf

Description Integer Overflow in function deltypebuf at getchar.c:1204 vim version git log commit 75417d960bd17a5b701cfb625b8864dacaf0cc39 HEAD - master, tag: v9.0.0001, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocintof1s.dat -c :qa!...

6.8CVSS1AI score0.01343EPSS
Exploits1
Huntr
Huntr
added 2022/06/23 7:15 a.m.30 views

Out-of-bound read in function msg_outtrans_attr

Description Out-of-bound read in function msgouttransattr at message.c:1551 Version commit 8eba2bd291b347e3008aa9e565652d51ad638cfa HEAD - master, tag: v8.2.5151 Proof of Concept ./vim/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S pocvim01 -c :qa!...

6.8CVSS0.013EPSS
Exploits1
Huntr
Huntr
added 2022/06/20 8:3 a.m.30 views

Buffer Over-read in function put_on_cmdline

Description Buffer Over-read in function putoncmdline at exgetln.c:3540 vim version git log commit e366ed4f2c6fa8cb663f1b9599b39d57ddbd8a2a HEAD - master, tag: v8.2.5136, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pocbor2s.dat -c :qa!...

6.8CVSS7.7AI score0.01309EPSS
Exploits1
Huntr
Huntr
added 2022/06/16 5:54 a.m.30 views

Out-of-bounds Read in function suggest_trie_walk

Description Out-of-bounds Read in function suggesttriewalk at spellsuggest.c:1437 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC root@fuzz-vm0-187:/home/fuzz/fuzz/vim/afl/src ./vim -u NONE -i NONE -n -m -X -Z -e -s...

6.8CVSS7.7AI score0.01492EPSS
Exploits1
Huntr
Huntr
added 2022/06/11 9:14 a.m.30 views

Unrestricted File Upload in Part Attachment

Description The application inventree allows users to upload any file in part attachment allowing attacker to render files such as HTML in the browser. Proof of Concept Video PoC Link: https://drive.google.com/file/d/1vurBkHegeYCwbXopE5Yhyb702rYgG9FM/view?usp=sharing...

6.5CVSS1.9AI score0.02205EPSS
Exploits2References1
Huntr
Huntr
added 2022/05/30 6:54 a.m.30 views

Refelect XSS in neorazorx/facturascripts

Description /facturascripts/EditCuenta can input the taint data without sanitization by the parameter description Proof of Concept POST /facturascripts/EditCuenta HTTP/1.1 Host: 127.0.0.1 Content-Length: 1115 Cache-Control: max-age=0 sec-ch-ua: "NotA:Brand";v="8", "Chromium";v="101"...

4.3CVSS0.7AI score0.00729EPSS
Exploits1
Huntr
Huntr
added 2022/05/23 3:52 a.m.30 views

Heap-based Buffer Overflow in function utf_head_off

Description Heap-based Buffer Overflow in function utfheadoff at mbyte.c:3872 vim Version git log commit 68e64d2c1735f2a39afa8a0475ae29bedb116684 HEAD - master, tag: v8.2.5006, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S poch6s.dat -c :qa!...

6.8CVSS7.2AI score0.01315EPSS
Exploits1
Huntr
Huntr
added 2022/05/18 8:32 p.m.30 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept 1. Go to this URL:...

4.9CVSS0.6AI score0.01526EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/29 2:30 a.m.30 views

DOM XSS in microweber ver 1.2.15

Description Hi there, on your latest version docker images 3463db62a01f, vulnerable to DOM XSS. Proof of Concept...

4.3CVSS1.4AI score0.0125EPSS
Exploits1
Huntr
Huntr
added 2022/04/13 5:42 a.m.30 views

NULL Pointer Dereference

Description NULL pointer dereference in rbinnegetsegments Environment Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal radare2 5.6.7 0 @ linux-x86-64 git. commit: 5.6.7 Build export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan"...

7.1CVSS1.8AI score0.00681EPSS
Exploits1
Huntr
Huntr
added 2022/04/04 5:30 a.m.30 views

Heap buffer overflow in libr/bin/format/mach0/mach0.c

This vulnerability is of type heap-buffer-overflow. And after quick investigation I think it is very likely to be successfully exploited to remote code execution. The bug exists in latest stable release radare2-5.6.6 and lastest master branch 8317a34b7e4ab731e230dcdd81adc9323c5b518b, updated in...

6.8CVSS7.8AI score0.00725EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/31 4:41 p.m.30 views

NULL Pointer Dereference in mrb_vm_exec with super

Description NULL Pointer Dereference in mrbvmexec with super Proof of Concept o13 = Comparable.initialize||0x7f.instanceeval do super rescue caller 0..1.sortby do break end end // PoC.js ./mruby 1.rb Result ASAN:DEADLYSIGNAL =================================================================...

4.9CVSS1.3AI score0.00363EPSS
Exploits1
Huntr
Huntr
added 2022/03/29 4:14 p.m.30 views

SQL injection in RecyclebinController.php

Description From the code we can see that in line 122, the value is append to the sql query directly. The value can be from line 109. And from filter parameter . so we can use the value data to inject the database. if we set a wrong value. we can see the sql error from the log file . Proof of...

5CVSS1.1AI score0.01415EPSS
Exploits1
Huntr
Huntr
added 2022/03/21 3:43 a.m.30 views

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting

Vulnerability Type Stored Cross Site-Scripting XSS Affected URL https://localhost/openemr-6.0.0/ /interface/super/rules/index.php?action=edit!submitsummary Affected Parameters “fldtitle” Authentication Required? Yes Issue Summary Non-privilege users accounting, front-office can create new rule an...

3.5CVSS0.769EPSS
Exploits2References1
Huntr
Huntr
added 2022/03/14 12:23 p.m.30 views

Stored XSS via File Upload

Description Stored XSS via uploading file in .m3u8a format. Proof of Concept filename="poc.m3u8a" alert1 Steps to Reproduce 1.Login into showdoc.com.cn.\ 2.Navigate to file library https://www.showdoc.com.cn/attachment/index\ 3.In the File Library page, click the Upload button and choose the...

3.5CVSS5.4AI score0.00754EPSS
Exploits1
Huntr
Huntr
added 2022/02/26 2:7 p.m.30 views

Prototype Pollution

Description fullPage utils are available to developers using window.fputils. They can use these utils for their own use-case other than fullPage as well. However, one of the utils deepExtend is vulnerable to Prototype Pollution vulnerability. Javascript is "prototype" language which means when a...

7.5CVSS0.01271EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/25 11:36 a.m.30 views

Weak Password Recovery Mechanism for Forgotten Password

Description: There is no rate limit sent unlimited email victim or any email address. Proof of Concept: There is no rate limit return-password , attacker to send unlimited email to victim or any email address. Impact: Attacker can sent unlimited email to any mail address . Solution: Add 'throttle...

5CVSS1.9AI score0.01221EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/20 9:27 a.m.30 views

NULL Pointer Dereference

Description NULL pointer dereference in binsymbols.c Environment bash Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal radare2 5.6.3 27472 @ linux-x86-64 git.5.6.2 commit: d24dbb9fbb0b398a6a739847008ccef3ea7e687c POC radare2 -AA -qq ./poc poc ASAN...

7.1CVSS1.5AI score0.00928EPSS
Exploits1
Huntr
Huntr
added 2022/02/19 1:6 p.m.30 views

Cross-site Scripting (XSS) - Stored

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. I used &10 Line Feed character in the href attribute of tag to bypass th...

3.5CVSS1AI score0.01343EPSS
Exploits1
Huntr
Huntr
added 2022/02/17 4:48 p.m.30 views

Cross-site Scripting (XSS) - Generic

Description The user-controlled GET user parameter in index.php is unsanitized resulting in Cross-Site Scripting. Proof of Concept Endpoint: GET https://HOST/edit/user File: /web/edit/user/index.phpL11 // Check user argument if empty$GET'user' header"Location: /list/user/"; exit; Request...

4.3CVSS5.1AI score0.00952EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 2:30 p.m.30 views

in mruby/mruby

Description There is a NULL Pointer Dereference in aryconcat array.c:301. This bug has been found on mruby lastest commit hash ecb28f4bf463483cf914c799d086b0cfff997aee on Ubuntu 20.04 for x8664/amd64. Proof of Concept The crash is not reproducible in a debug build, so a release build config must ...

4.3CVSS0.008EPSS
Exploits1
Huntr
Huntr
added 2022/02/12 9:28 p.m.30 views

Cross-site Scripting (XSS) - Generic in librenms/librenms

Description Cross-Site Scripting vulnerability in LibreNMS v22.1.0 which allows attackers to execute arbitrary javascript code which affected Alerts module Alert Transport in Transport name field. Proof of Concept Endpoint: 1 POST http://HOST/ajaxform.php - Parameter name Payload: ' XSS will...

4.3CVSS0.2AI score0.00998EPSS
Exploits1
Huntr
Huntr
added 2022/02/11 3:44 a.m.30 views

Code Injection in publify/publify

Description The application doesn't check/filter the comments provided by the user before save to database. Attacker can't insert js code to steal admin's data but can insert html code, leads to many information security risks. Proof of Concept - Step 1: Go to...

6.4CVSS0.1AI score0.00855EPSS
Exploits1
Huntr
Huntr
added 2022/02/08 1:36 p.m.30 views

Cross-site Scripting (XSS) - Stored in ptrofimov/beanstalk_console

Description Stored XSS in parameter 'host' when add server Proof of Concept // PoC.req GET / HTTP/1.1 Host: 127.0.0.1:8088 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:97.0 Gecko/20100101 Firefox/97.0 Accept:...

3.5CVSS0.5AI score0.00635EPSS
Exploits1
Huntr
Huntr
added 2021/12/29 2:30 p.m.30 views

in vim/vim

Description A heap-based OOB read of size 1 occurs when a user tries to open a vim session file specified below. This happens regardless of any command line options that could be specified to restrict vim, such -Z and -m. This bug has been found on default vim build version 8.2.3931, commit hash...

4.3CVSS7.8AI score0.01762EPSS
Exploits1
Huntr
Huntr
added 2021/12/14 12:48 p.m.30 views

Cross-site Scripting (XSS) - Stored in meetecho/janus-gateway

Description The stored XSS vulnerability occurs in the chat window because the user's input value is inserted into the web page without verification. javascript to: username, text: result ; textroom.data text: JSON.stringifymessage, error: functionreason bootbox.alertreason; , success: function...

4.3CVSS6.3AI score0.00942EPSS
Exploits1
Huntr
Huntr
added 2021/11/10 9:2 a.m.30 views

Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack

Description Login CSRF via /register/confirm/token endpoint. Proof of Concept 1: Register account with the same username as our victim, an email confirmation will take place 2: Retrieve token from email. 3: Send a link http://BOOKSTACKAPPURL/register/confirm/token to user. 4: When the user clicks...

4CVSS0.1AI score0.00621EPSS
Exploits1
Huntr
Huntr
added 2021/08/05 12:56 p.m.30 views

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Attacker able to delete any document from Processing ticket with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/07/19 3:28 a.m.30 views

Improper Privilege Management in uvdesk/core-framework

✍️ BUG privilege escalation bug to pin a threads 🕵️‍♂️ Proof of Concept 1. Frist from admin account goto http://localhost/uvdesk/public/en/member/agents and add new user called user B with Agent role .\ Now gives user-B all tikceting permission like can update/add/edit/delete/lock/pin to a ticket...

Exploits0References1
Huntr
Huntr
added 2021/06/13 3:14 a.m.30 views

Improper Privilege Management in cortezaproject/corteza-server

💥 BUG unprivileged user can dismiss other user reminders 💥 IMPACT lower level user can dismiss other user reminders 💥 STEP TO REPRODUCE 1. First from admin goto http://localhost:18080/admin/system/user and add a new user called user B .\ Now give this user crm permission so that user B can create...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/03/31 6:18 a.m.30 views

Code Injection in trentm/json

✍️ Description json is a 'json' command tool for massaging and processing JSON on the command line. Affected versions of this package are vulnerable to Arbitrary Code Injection via the -d argument. 🕵️‍♂️ Proof of Concept curl -sL 'https://api.github.com/repos/joyent/node/issues?state=open' |...

3.6AI score
Exploits0
Huntr
Huntr
added 2021/02/13 12:0 a.m.30 views

Code Injection in unix121/i3wm-themer

Description i3wm-themer is the theme collection manager for i3-wm which is vulnerable to Arbitrary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash git clone https://github.com/unix121/i3wm-themer cd i3wm-themer/...

0.9AI score
Exploits0References1
Huntr
Huntr
added 2021/01/28 12:0 a.m.30 views

Prototype Pollution in geta/nestedobjectassign

Description nested-object-assign is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const assign = require'nested-object-assign' console.log'Before: ' + .polluted assign, JSON.parse'"proto": "polluted": true' console.log'After: ' +...

5CVSS1.7AI score0.0152EPSS
Exploits1
Huntr
Huntr
added 2020/12/14 12:0 a.m.30 views

Prototype Pollution in mout/mout

Description mout is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var mout = require"mout" var obj = console.log"Before : " + .polluted; mout.object.setobj,'proto.polluted','Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute the...

7.5CVSS2.1AI score0.02119EPSS
Exploits1
Huntr
Huntr
added 2023/10/10 12:1 p.m.29 views

heap-use-after-free in function editing_arg_idx

Description heap-use-after-free in function editingargidx at arglist.c:516 Vim Version git log commit 54844857fd6933fa4f6678e47610c4b9c9f7a091 HEAD - master, tag: v9.0.2009, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S editingargidxPOC2 -c :qa!...

4.4CVSS7AI score0.00539EPSS
Exploits1References2
Huntr
Huntr
added 2023/10/03 3:38 p.m.29 views

RXSS in onpremises version of structurizr

Description During investigation it was found that onpremises api endpoint GET parameter version is vulnerable to XSS injection: /workspace/workspaceid?version=1; Proof of Concept 1. Visit the link provided: http:///workspace/1/?version=1%22;alert1; 2. XSS injected...

5.8CVSS6.3AI score0.01222EPSS
Exploits1
Huntr
Huntr
added 2023/08/31 5:57 p.m.29 views

File Upload Vulnerability in Categories

Description I noticed, your website is very secure. But you overlooked a flaw File Upload. Proof of Concept Detail: 1 .Login vs admin demo account and access admin page. 2 .Create a category titled "test" and upload a file image. 3 .Using burp suite edit Content-type: image/html and insert payloa...

7.5CVSS6.9AI score0.0052EPSS
Exploits0
Huntr
Huntr
added 2023/08/19 3:40 p.m.29 views

DOM XSS in https://demo.librenms.org/ports

Description I noticed, your website is very secure. But you overlooked a flaw XSS Detail: 1 .Login with demo account. 2 .Go to the link: https://demo.librenms.org/ports 3 .Insert payload and press enter: test' onclick='alertdocument.cookie 4 .Click on the box hostname or port, detect XSS Proof of...

4.9CVSS6.8AI score0.00589EPSS
Exploits1
Huntr
Huntr
added 2023/08/19 11:50 a.m.29 views

Reflected xss in installation space parameter

Description Cross-Site Scripting XSS is a type of security vulnerability that occurs when an attacker injects malicious code, usually in the form of scripts, into a web application. This code is then executed by unsuspecting users who visit the affected web page. in this case the path of...

5.8CVSS6.1AI score0.02268EPSS
Exploits1References1
Huntr
Huntr
added 2023/08/13 6:39 a.m.29 views

File Upload Bypass Leads to Stored XSS

Description In the file upload feature, the system did not allow uploading files with extensions like html, ... But when uploading files with extension xhtml, it leads to XSS vulnerabilities. Proof of Concept https://drive.google.com/file/d/1MTa4st4POafaUAwn17n7ygpTrF9BXp/view?usp=sharing...

5.8CVSS6.5AI score0.00555EPSS
Exploits1References1
Huntr
Huntr
added 2023/07/22 5:24 a.m.29 views

Stored XSS in title

Description There is Stored XSS in the item title of the menu on the administrator screen. Proof of Concept Step 1. Log in to the admin screen and select Add New Item in Menu. Step 2. Specify the following Payload for the item title and save it. Step 3. Once saved, any script can be executed on t...

4.3CVSS6.2AI score0.00409EPSS
Exploits1References1
Huntr
Huntr
added 2023/06/18 7:34 a.m.29 views

Cross site scripting in Admidio 4.2.9 via headline parameter

Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. Proof...

6.3AI score
Exploits0References1
Huntr
Huntr
added 2023/04/10 4:20 p.m.29 views

An outdated dependency leads to to remote command execution vulnerability

Description A few days ago, the vm2 module of nodejs found a sandbox escape vulnerability, which was officially fixed in v3.9.15 However, a fixed vm2 version is hard-coded in the package.jsonv 3.9.11 of the jsreport-core component of jsreport, which makes it impossible to install the latest vm2...

7.5CVSS7AI score0.63186EPSS
Exploits2References1
Huntr
Huntr
added 2023/03/30 11:23 p.m.29 views

Reflected XSS in /library/custom_template/share_template.php

Description There exist a reflected XSS in /library/customtemplate/sharetemplate.php in the 'listid' parameter. Proof of Concept http://openemr.local/library/customtemplate/sharetemplate.php?listid=1;alert1;function%20xif1a=a:a:1 fix properly sanitize the listid parameter...

5.8CVSS6.3AI score0.96731EPSS
Exploits1
Huntr
Huntr
added 2023/03/23 9:49 p.m.29 views

Null pointer dereference in get_register at register.c:311

--- Description Null pointer dereference in getregister at register.c:311. ycurrent variable is 0 because of name variable. Version $ git log commit 3ea62381c527395ae701715335776f427d22eb7b HEAD - master, tag: v9.0.1425, origin/master, origin/HEAD Author: Amaan Qureshi Date: Thu Mar 23 15:45:46...

1.9CVSS6.9AI score0.00473EPSS
Exploits1
Huntr
Huntr
added 2023/03/10 8:50 p.m.29 views

EXIF Geolocation Data Not Stripped From brand logo

When the user uploads his logo, the uploaded image’s EXIF Geo-location Data does not get stripped. As a result, anyone can get sensitive information like user's Device ID, Geo Location, System Information, System version, ETC. Step to reproduce: 1. Upload logo with EXIF DATA, or download from her...

4.3CVSS6.2AI score0.00586EPSS
Exploits1
Total number of security vulnerabilities4072