Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/03/03 5:15 p.m.29 views

LFI/RFI in MLflow

Description Local and Remote File Include in MLflow Proof of Concept Start the server or UI it works on both identically bash mlflow ui --host 127.0.0.1:5001 Create a model bash curl -i -s -k -X $'POST' \ -H $'Host: 127.0.0.1:5001' -H $'User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15;...

7.5CVSS8.9AI score0.69468EPSS
Exploits2
Huntr
Huntr
added 2023/02/25 3:56 a.m.29 views

Improper Authorization

Description During testing, it was observed that sending a GET request to the following endpoint: /api/v2/parameters/core/ returns sensitive information without any authentication or authorization. Request GET /api/v2/parameters/core/ HTTP/1.1 Host: demo.modoboa.org User-Agent: 7h3h4ckv157 Accept...

6.4CVSS8.9AI score0.43756EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/30 9:18 p.m.29 views

Reseller role allowed to access to admin functionalities

Description The reseller user can access to some admin functionality just directly accessing to it by URL, even though the menu shouldn't allow it. Proof of Concept - Go to https://v2.demo.froxlor.org - Login as reseller1 - Point to: https://v2.demo.froxlor.org/adminopcacheinfo.php?page=showinfo...

4CVSS0.6AI score0.00641EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/26 4:45 a.m.29 views

An user can delete other user's post

Description As the title, an attacker can delete other user's post via post id can be bruteforce Here is video poc: https://drive.google.com/file/d/18QucWYwkpO9kVPMqNzSQ-ptwrZGk-UP9/view?usp=sharelink Proof of Concept DELETE /api/memo/$1026$ HTTP/2 Host: demo.usememos.com Cookie:...

4CVSS1.1AI score0.00713EPSS
Exploits1
Huntr
Huntr
added 2022/12/21 12:25 a.m.29 views

A user can edit private memos from other users

Description It is possible for a user to edit private memos from other users and also change their visibility, making them public. Also the user could change the visibility from Public to Private or viceversa. Steps to Reproduce 1. Log in as a user A here called "ile.maricel". 2. In another brows...

6.5CVSS0.5AI score0.00607EPSS
Exploits1References3
Huntr
Huntr
added 2022/10/27 2:7 a.m.29 views

No Rate Limit On migrate-email Endpoint Leads to Brute-force Attack

The migrate-email endpoint is requiring Email, Username, and Password parameter. This endpoint contain authentication functionality that doesn't have any protection from brute-force attack, which allows an attacker to try every possible password combination without any restriction. CWE-307:...

7.5CVSS0.8AI score0.01051EPSS
Exploits1References1
Huntr
Huntr
added 2022/10/27 1:33 a.m.29 views

User Enumeration

Description The migrate-email endpoint is requiring Email, Username, and Password parameter. The Username parameter value will be queried to userManager.Users and will returning data to user variable, if user variable contain null value, the application will return bad request with "Invalid...

5CVSS2.2AI score0.009EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/29 6:36 p.m.29 views

No rate limit on email triggering during "resend email" action results in email flooding or a spam attack or a financial loss to the company itself

Description When a user is setting up 2FA , a verification code will be sent to the registered email . There is no rate limit on email triggering that will result in an email flood / does attack or will also increase the expenses on your mail server as an attacker can send 1 million emails throug...

7.5CVSS0.1AI score0.00598EPSS
Exploits0
Huntr
Huntr
added 2022/09/18 11:50 a.m.29 views

User's session persist after permanently deleting his account

Description If a user is logged in, and an admin decided to delete his account permanently, the user is still able to perform his normal actions until his session gets expired. If a logged in user with admin role is deleted permanently, he's still able to delete other admins permanently, and if...

6.5CVSS1.5AI score0.00385EPSS
Exploits0
Huntr
Huntr
added 2022/09/05 9:16 a.m.29 views

XSS with CSP bypass on WEB instances

📝 Description Drawio WEB instancesn allows https://storage.googleapis.com in CSP script-src, abusing the XSS found in this report, it is possible to bypass the CSP and leak private diagram content. 🕵️‍♂️ Proof of Concept On the web application side, the javascript execution is protected by the...

5.8CVSS5.5AI score0.00538EPSS
Exploits1
Huntr
Huntr
added 2022/08/28 6:32 p.m.29 views

Access violation near NULL on destination operand eval.c:2603:37 in segmentation fault

Description Access violation near NULL on destination operand eval.c:2603:37 in segmentation fault Proof of Concept Faulting Frame: eval1 @ 0x0000000000d9e9d2: in /root/vim/src/vim Disassembly: 0x0000000000d9e9bd: mov rax,r14 0x0000000000d9e9c0: shr rax,0x3 0x0000000000d9e9c4: mov al,BYTE PTR...

1.9CVSS0.6AI score0.0082EPSS
Exploits1
Huntr
Huntr
added 2022/08/12 1:49 p.m.29 views

Heap-based Buffer Overflow in function compile_lock_unlock in vim/vim

Description Heap-based Buffer Overflow in function compilelockunlock at vim/src/vim9cmds.c:196 vim version git log commit 326c5d36e7cb8526330565109c17b4a13ff790ae grafted, HEAD - master, tag: v9.0.0194, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S poc2hboM.dat -c :qa!...

4.4CVSS7.6AI score0.00536EPSS
Exploits1
Huntr
Huntr
added 2022/08/07 1:28 p.m.29 views

Stored XSS on Categories

Description Title parameter in the body of POST request when creating/editing a category is vulnerable to stored XSS. Proof of Concept 1 - Go to https://demo.microweber.org/demo/admin/view:content/action:categories 2 - Create a category or edit an existing one. 3 - Modify the title to an XSS...

4.9CVSS0.2AI score0.00393EPSS
Exploits1
Huntr
Huntr
added 2022/07/15 12:54 p.m.29 views

Heap-based Buffer Overflow in function ins_compl_infercase_gettext()

Description Heap-based Buffer Overflow in function inscomplinfercasegettext at src/insexpand.c:645 vim version commit 3a393790a4fd7a5edcafbb55cd79438b6e641714 Author: Dominique Pelle Date: Thu Jul 14 17:40:49 2022 +0100 patch 9.0.0053: E1281 not tested with the old regexp engine Problem: E1281 no...

4.4CVSS7.7AI score0.00552EPSS
Exploits1
Huntr
Huntr
added 2022/07/06 5:20 a.m.29 views

Heap-based Buffer Overflow in function ins_compl_add

Description Heap-based Buffer Overflow in function inscompladd at insexpand.c:751 vim version git log commit 324478037923feef1eb8a771648e38ade9e5e05a HEAD - master, tag: v9.0.0042, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochbor4s.dat -c :qa!...

6.8CVSS7.7AI score0.01302EPSS
Exploits1
Huntr
Huntr
added 2022/06/21 10:56 a.m.29 views

Reflected XSS on /api/module

Description Reflected XSS via filter bypass on /api/module using type= parameter. Proof of Concept https://demo.microweber.org/demo/api/module?type=alert"xss"&liveedit=true&fromurl=test The value of the "type" parameter is injected into the source code of the page at line 63. Since the value of t...

4.3CVSS0.1AI score0.02811EPSS
Exploits1
Huntr
Huntr
added 2022/06/02 4:34 p.m.29 views

Unrestricted Upload of File with any dangerous extension

Description Unrestricted Upload of File with any extension Proof of Concept 1. Create a ticket 2. Upload a file with any dangerous extension 3. Intercept the request in Burp Suite, replace the Content-Type with image/jpeg POC video:...

7.5CVSS0.4AI score0.02711EPSS
Exploits1
Huntr
Huntr
added 2022/05/24 9:52 a.m.29 views

No Protection against Bruteforce attacks on Login page

Description Nakama Console does not have any limit for the number of unsuccessful login attempts in a very short period of time. Proof of Concept 1. Send a login request. 2. Capture the login request 3. Replay the login request with different password value. HTTP request http POST...

5CVSS8.7AI score0.01468EPSS
Exploits1
Huntr
Huntr
added 2022/05/16 7:24 p.m.29 views

The trudesk application allows large characters to insert in the input field "Name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in polonel / trudesk

Proof of Concept 1 - Go to Profile or https://docker.trudesk.io/profile 2 - and fill name input field with huge characters Payload :- https://drive.google.com/file/d/17-SH8ZaTqBTQGugpbh2SQtTKnJOL9NIK/view?usp=sharing Video POC :-...

4CVSS2.4AI score0.00977EPSS
Exploits1References2
Huntr
Huntr
added 2022/05/12 8:3 p.m.29 views

SSRF via Unvalidated Redirects in ProxyServlet

Description Through the ProxyServlet external content can be retrieved. This can be done by providing a URL in the url query parameter. There are a few restrictions in place, especially internal hosts are forbidden. The validation of the url parameter looks as follows:...

5CVSS0.05372EPSS
Exploits1
Huntr
Huntr
added 2022/05/12 3:10 p.m.29 views

Improper Privilege Management API V2

Description There are some api v2 doesn't check permission allow attackers to retrieve/edit information ticket,account,group,department,team,ElasticSearch Proof of Concept Get users list 1. Login. 2. Go to /api/v2/accounts?type=all. 3. Users list return. Create user with admin role 1. Get the adm...

6.5CVSS1.5AI score0.02393EPSS
Exploits1
Huntr
Huntr
added 2022/05/10 9:18 a.m.29 views

Cross-site Scripting (XSS) - Stored

Description openemr / openemr is vulnerable to Cross-site Scripting XSS - Stored Proof of Concept // Poc alertdocument.cookie steps to reproduce: 1 login open emr patient portal https://demo.openemr.io/openemr/portal/index.php 2 goto my profile in https://demo.openemr.io/openemr/portal/home.php...

4.9CVSS5.5AI score0.00537EPSS
Exploits1
Huntr
Huntr
added 2022/04/28 4:22 a.m.29 views

Buffer Over-read in function utfc_ptr2len

Description Buffer Over-read in function utfcptr2len at mbyte.c:2113 vim version git log commit 5a8fad32ea9c075f045b37d6c7739891d458f82b HEAD - master, tag: v8.2.4962, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch8s.dat -c :qa!...

6.8CVSS6.9AI score0.01252EPSS
Exploits1
Huntr
Huntr
added 2022/04/21 3:37 p.m.29 views

heap-use-after-free

Description Whilst experimenting with radare2, built from version 5.6.8, we are able to induce a vulnerability at newrbtree.c:411 in function rrbnodenext , using radare2 as a harness. 409: RAPI RRBNode rrbnodenextRRBNode node 410: rreturnvaliffail node, NULL; //use-after-free here 411: if...

4.3CVSS5.6AI score0.00793EPSS
Exploits1
Huntr
Huntr
added 2022/04/16 10:32 a.m.29 views

Command Injection vulnerability in [email protected]

Command Injection vulnerability in [email protected] git-interface describes itself as a Interface to work with a git repository in node.js Resources: Project's GitHub source code: https://github.com/yarkeev/git-interface Project's npm package: https://www.npmjs.com/package/git-interface I'm...

10CVSS0.1AI score0.03928EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/01 1:11 p.m.29 views

Out-of-bounds read

Description Out-of-bounds OOB read vulnerability exists in analop function in Radare2 5.6.7 Version bash radare2 5.6.7 27722 @ linux-x86-64 git.5.6.6 commit: e876eef2a2f758157dd6028fb01809bcedacf00f build: 2022-04-0107:03:35 Proof of Concept bash radare2 -q -A poc poc ASAN bash ==2143069==ERROR:...

4.3CVSS6.6AI score0.00907EPSS
Exploits1
Huntr
Huntr
added 2022/03/29 5:0 a.m.29 views

Weak secrethash can be brute-forced

Description The secrethash, which the application relies for multiple security measures, can be brute-forced. The hash is quite small, with only 10 characters of only hexadecimal, making 16^10 possilibities 1.099.511.627.776 . The SHA1 of the secret can be obtained via a captcha string and...

6.4CVSS0.00547EPSS
Exploits1
Huntr
Huntr
added 2022/03/28 6:1 a.m.29 views

Non Privilege User can Enable or Disable Registered

Vulnerability Type Insecure Direct Object Reference Affected URL https://localhost/openemr-6.0.0/interface/modules/zendmodules/public/Installer/manage Affected Parameters “modAction=enabled” Authentication Required? Yes Issue Summary Non-privilege users accounting & front-office can disable and...

4CVSS0.3AI score0.00863EPSS
Exploits2References1
Huntr
Huntr
added 2022/03/25 6:36 a.m.29 views

use after free in mrb_vm_exec

While fuzzing mruby I found a use after free in mruby compiled with ASAn. Proof of Concept uaf5.rb rb...

6.4CVSS8.2AI score0.01031EPSS
Exploits1
Huntr
Huntr
added 2022/03/14 2:39 p.m.29 views

Stored XSS via File Upload in star7th/showdoc in star7th/showdoc

Description Stored XSS via uploading file in .ofd format. Proof of Concept filename="test.ofd" alert1 Steps to Reproduce 1. Login into showdoc.com.cn. 2. Navigate to file library https://www.showdoc.com.cn/attachment/index 3. In the File Library page, click the Upload button and choose the test.o...

3.5CVSS5.2AI score0.03274EPSS
Exploits4
Huntr
Huntr
added 2022/03/10 2:1 a.m.29 views

Unrestricted Upload of File with Dangerous Type

Description Malicious user can bypass checking and upload .phtm or .php6 file which leads to stored XSS. Proof of Concept - Step 1: Login as admin at https://demo.microweber.org/demo/admin/ - Step 2: Go to Websites setting and Edit any page https://demo.microweber.org/demo/admin/page/24/edit -...

3.5CVSS4.9AI score0.00528EPSS
Exploits1
Huntr
Huntr
added 2022/03/04 4:32 p.m.29 views

Cross-site Scripting (XSS) - Stored

Description Stored XSS in parameter Name when save Grid Options Proof of Concept // PoC.req POST /admin/object-helper/grid-save-column-config HTTP/1.1 Host: 10.x-dev.pimcore.fun Cookie: PHPSESSID=cef9a977bc8ae8591f7b3b14bcafedf4; pimcoreadminsid=1;...

3.5CVSS5.7AI score0.00677EPSS
Exploits1
Huntr
Huntr
added 2022/02/25 2:32 a.m.29 views

Cross-site Scripting (XSS) - Stored

Description Stored XSS via upload attachment with format .xml in File Library. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept PoC.xml...

3.5CVSS0.3AI score0.00732EPSS
Exploits1
Huntr
Huntr
added 2022/02/23 12:52 p.m.29 views

Improper Access Control

Description It was found that if a user is not having access to the requested items module, a normal user with no access can still access and view the requested content. It is a more detailed explanation of the given report where it was marked as invalid :...

4CVSS1.3AI score0.00994EPSS
Exploits1
Huntr
Huntr
added 2022/02/19 4:0 a.m.29 views

Authorization Bypass Through User-Controlled Key

Description Bypass https://hackerone.com/reports/496293 via \b backspace character. Proof of Concept const parse = require'./index.js' url = parse'\bhttp://google.com' console.logurl Result: slashes: false, protocol: '', hash: '', query: '', pathname: '\bhttp://google.com', auth: '', host: '',...

7.5CVSS0.9AI score0.0222EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 4:30 a.m.29 views

Improper Access Control in chocobozzz/peertube

Description The app doesn't check the status of video when making data changes. Normal users can rating like or dislike in private videos. Proof of Concept note: I'm using instance p.lu for testing - Step 1: Login as video test1 and upload private video. Get video ID of private video - Step 2: Ca...

5.5CVSS0.1AI score0.00667EPSS
Exploits1
Huntr
Huntr
added 2022/02/13 8:0 a.m.29 views

Business Logic Errors in microweber/microweber

Description The product is vulnerable to Business Logic error through negative product amount. Proof of Concept Step 1: Login to the application, Navigate to Shops - Products - Add Product Step 2: Fill in all the required details with Pricing parameter as -100 and click on save. Here an item is...

4CVSS1.9AI score0.0062EPSS
Exploits1
Huntr
Huntr
added 2022/02/10 9:3 p.m.29 views

Exposure of Sensitive Information to an Unauthorized Actor in fgribreau/node-request-retry

Exposure of Sensitive Information to an Unauthorized Actor in FGRibreau/node-request-retry Reported on Feb 10 2022 | Timothee Desurmont Vulnerability type: CWE-200 Bug Cookies are leaked to external sites. Description js request$mysite/redirect.php?url=$attacker/, options When fetching a Redirect...

5CVSS8AI score0.01401EPSS
Exploits1
Huntr
Huntr
added 2022/01/18 4:59 p.m.29 views

in vim/vim

Description A heap-based OOB read of size 4 occurs when a user tries to open a vim session file specified below. This happens regardless of any command line options that could be specified to restrict vim, such -Z and -m. This bug has been found on default vim build lastest commit hash...

4.3CVSS7.6AI score0.0144EPSS
Exploits1
Huntr
Huntr
added 2022/01/06 12:21 p.m.29 views

in lquixada/cross-fetch

BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...

4CVSS0.01153EPSS
Exploits1
Huntr
Huntr
added 2021/12/17 4:12 p.m.29 views

Heap-based Buffer Overflow in vim/vim

✍️ Description When fuzzing vim commit cd2f8f0e0 works with latest build and latest commit 7c0fb8003 per this time of this report v8.2.3811 with clang 13 and ASan, I discovered a heap buffer overflow. Proof of Concept Here is the poc bash ev0- How to build bash LD=lld AS=llvm-as AR=llvm-ar...

6.8CVSS8.3AI score0.01831EPSS
Exploits1
Huntr
Huntr
added 2021/10/28 5:6 p.m.29 views

Path Traversal in getgrav/grav

Steps: Host the project locally. For example if address is http://127.0.0.1:8088 == visit http://127.0.0.1:8088/system/config/permissions.yaml http://127.0.0.1:8088/system/config/permissions.yaml == you will get the content of permissions.yaml file. Impact: Successful exploitation could allow an...

5CVSS2AI score0.04224EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/28 4:5 p.m.29 views

in adodb/adodb

Description An attacker can inject values into the PostgreSQL connection string by bypassing adodbaddslashes . The function can be bypassed in phppgadmin for example by surrounding the username in quotes and submitting with other parameters injected in between. Proof of Concept I'm going to use...

6.4CVSS0.6AI score0.0217EPSS
Exploits1
Huntr
Huntr
added 2021/10/26 9:52 p.m.29 views

Heap-based Buffer Overflow in vim/vim

Greetings, A Heap-based Buffer Overflow issue was discovered in Vim. The POC file is reduced to the absolute minimum to reproduce the problem. Please see sanitizer output and the "trimmed" POC file link below. System info OS version : Ubuntu 20.04.2 LTS + Clang 12 with ASan Vim Version :...

6.8CVSS0.1AI score0.01589EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/09 5:8 p.m.29 views

in bookstackapp/bookstack

Description The dompdf chroot option in Bookstack App is set to basepath, which is the Laravel root folder /var/www/bookstack. An attacker can hence load any image file in the Laravel folder /var/www/bookstack or its subdirectories via PDF exports. Proof of Concept 1: Place an image file in...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/10/05 1:53 p.m.29 views

Heap-based Buffer Overflow in vim/vim

When fuzzing vim commit 56858e4ed works with latest build with clang 12 and ASan, I discovered a heap buffer overflow. Proof of Concept Here is minimized poc sh /%.v 5/ c Extract then run crafted file with this command vim -u NONE -X -Z -e -s -S vimpoc1 -c :qa! ASan stack trace: bash...

4.3CVSS0.2AI score0.0144EPSS
Exploits1
Huntr
Huntr
added 2021/08/30 9:41 a.m.29 views

Prototype Pollution in jonschlinkert/set-value

✍️ Description set-value package is vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. 🕵️‍♂️ Proof of Concept...

5.8CVSS2AI score0.00697EPSS
Exploits0
Huntr
Huntr
added 2021/06/14 6:15 a.m.29 views

Cross-site Scripting (XSS) - Stored in polonel/trudesk

💥 BUG Stored xss bug using file upload against admin . 💥 SUMMURY Here trudesk only allow to upload image file but it can be bypassed and attacker can upload html file . As html file can serve any javascript code ,so attacker can execute any javascript code in vicitm trudesk account . 💥 IMPACT low...

0.2AI score
Exploits0
Huntr
Huntr
added 2020/09/23 12:0 a.m.29 views

Prototype Pollution in yeikos/js.merge

Overview merge is used to merge multiple objects into one object. Affected versions of this package are vulnerable to Prototype Pollution via the merge.recursive function. It can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all object...

7.5CVSS2.9AI score0.01443EPSS
Exploits0
Huntr
Huntr
added 2025/12/27 5:2 p.m.28 views

Job API exposed without authorization

This report is not public...

9.8CVSS5.9AI score0.04392EPSS
Exploits1
Total number of security vulnerabilities4072