Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
โ€ขadded 2021/06/14 6:15 a.m.โ€ข29 views

Cross-site Scripting (XSS) - Stored in polonel/trudesk

๐Ÿ’ฅ BUG Stored xss bug using file upload against admin . ๐Ÿ’ฅ SUMMURY Here trudesk only allow to upload image file but it can be bypassed and attacker can upload html file . As html file can serve any javascript code ,so attacker can execute any javascript code in vicitm trudesk account . ๐Ÿ’ฅ IMPACT low...

0.2AI score
Exploits0
Huntr
Huntr
โ€ขadded 2020/09/23 12:0 a.m.โ€ข29 views

Prototype Pollution in yeikos/js.merge

Overview merge is used to merge multiple objects into one object. Affected versions of this package are vulnerable to Prototype Pollution via the merge.recursive function. It can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all object...

7.5CVSS2.9AI score0.01443EPSS
Exploits0
Huntr
Huntr
โ€ขadded 2025/12/27 5:2 p.m.โ€ข28 views

Job API exposed without authorization

This report is not public...

9.8CVSS5.9AI score0.04392EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/10/11 10:42 a.m.โ€ข28 views

NULL Pointer Dereference in function gf_filter_pck_new_alloc_internal

Description NULL Pointer Dereference in function gffilterpcknewallocinternal at filtercore/filterpck.c:108. Version git log commit 5692dc729491805e0e5f55c21d50ba1e6b19e88e HEAD - master, origin/master, origin/HEAD Author: Aurelien David Date: Wed Oct 11 13:24:46 2023 +0200 ac3dmx: add remain size...

4.4CVSS6.8AI score0.00327EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/10/01 6:8 p.m.โ€ข28 views

CWE-476 leads to potential OOB Read

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the master branch as of 09/25 at commit f109bf93c9402e4e3122a7ae7846e6feae4fa222 . Description This AddressSanitizer output is indicating a OOB read that is semi-controllable, but is...

1.9CVSS6.6AI score0.00431EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/09/04 12:40 p.m.โ€ข28 views

heap-buffer-overflow in function vim_regsub_both

Description heap-buffer-overflow in vimregsubboth at regexp.c:2482 Version git log commit e073a8b79f1d3398b27f35b7920746b564a169e9 HEAD - master, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S vimregsubbothpoc -c :qa! helplang=en readonly...

4.4CVSS6.9AI score0.00606EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2023/09/01 11:9 a.m.โ€ข28 views

Cross-Site Scripting ( XSS) Via file upload

Description I tested the demo site you provided. I see that there is a file upload vulnerability which can lead to XSS. Hope you check and find a solution as soon as possible. Proof of Concept link video Poc https://drive.google.com/file/d/1LAcTulbfhGJfCmWdIel9e-SkuoQbDq/view?usp=sharing Steps 1...

7AI score0.0046EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/08/28 12:47 p.m.โ€ข28 views

heap-buffer-overflow in function avi_read media_tools/avilib.c:67 in gpac/gpac

Description Heap-buffer-overflow in MP4Box. Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.9AI score0.00306EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2023/08/18 5:22 p.m.โ€ข28 views

HTML Injection

Description I think your website is quite secure. But you overlooked the HTML Injection vulnerability ID:WSTG-CLNT-03 of OWASP. Proof of Concept 1 .Login with demo account 2 .Access the link https://demo.librenms.org/search/search=ipv4 and insert the payload search=test/b 3 .Hit enter, html...

5.5CVSS7.7AI score0.00446EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/08/11 6:44 p.m.โ€ข28 views

Heap-based Buffer Overflow

Description heap-buffer-overflow p/bf/plugin.c:176 in decode Environment radare2 5.8.9 31000 @ linux-x86-64 commit: 95b648f0907e91e10d55fc48147a7dae99029c5b Build export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan" CXXFLAGS="-fsanitize=address -static-libasan"...

7.5CVSS6.9AI score0.00926EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2023/07/05 12:33 p.m.โ€ข28 views

XSS vulnerabilities via various embeds

Description JSFiddle, Gliffy, Otter and Tldraw embeds lack sufficient input validation. Every one of them can be abused to achieve a stored XSS on a main application domain. This XSS triggers for everyone viewing the document. Proof of Concept PoC file is different for each vulnerable embed. See...

4.9CVSS6.3AI score0.00495EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/06/25 8:32 a.m.โ€ข28 views

Reflected XSS in /editor_tools/rte_image_editor

Description Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editortools/rteimageeditor endpoint Proof of Concept in File microweber/userfiles/modules/microweber/toolbar/editortools/rteimageeditor/index.php on Line 15, we can observe the source $GET'types' being saved...

5.8CVSS5.6AI score0.01061EPSS
Exploits0
Huntr
Huntr
โ€ขadded 2023/05/26 5:17 a.m.โ€ข28 views

OOB Write ops.c

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the master branch at commit 50809a45ebde327cb6fdcc727d7466e926aed713 . Description This AddressSanitizer output is indicating a write to the 0x7fd0c2103000 address, this is because the...

4.4CVSS6.8AI score0.00624EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/05/18 3:23 a.m.โ€ข28 views

NULL Pointer Dereference

Description NULL Pointer Dereference In gfisomfragmentaddsampleex isomedia/moviefragments.c:2883 Environment No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal Build sudo CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan"...

7.5CVSS6.8AI score0.00652EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/03/24 4:23 a.m.โ€ข28 views

XSS to RCE found in Trilium

Vulnerability Type Remote Code Execution RCE Authentication Required? No Affected Location - Search Notes Search Ancestor Output - Jump to Note Search Note Output - New Tab Search Notes Output Issue Summary The application contains a vulnerability where HTML characters within the title name of...

6.2AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2023/03/23 7:44 a.m.โ€ข28 views

sql injection

Description multiple sql injections due to unsanitized concatenating strings into where clause Collaborator: @ub3rsick Proof of Concept - assets controller 1- to trigger the request for sqli: go to files - assets - select a folder - right click - download as zip 2- replay the request to...

6.5CVSS8.7AI score0.0091EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/03/17 7:34 p.m.โ€ข28 views

Stored XSS in Admin Panel

Description The admin panel admin.php does not properly sanitize the text in the "Site Name" field, allowing a user with admin access to inject arbitrary HTML. This is in a similar vein to CVE-2022-4733 but still exists as of version 7.0.1-dev. Proof of Concept 1. Log in as a user with admin...

4.3CVSS6.8AI score0.90401EPSS
Exploits2
Huntr
Huntr
โ€ขadded 2023/03/15 3:37 p.m.โ€ข28 views

Session Fixation Vulnerability

Description It was noticed that the easyappointments application is vulnerable to Session Fixation vulnerability. The application does not generate a new easession cookie after the user authenticate successfully into the application. A malicious user is able to create a new session cookie value a...

6.8CVSS8.5AI score0.00668EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/03/11 10:31 a.m.โ€ข28 views

XSS in Document Types module in Settings

Description pimcore is vulnerable to XSS at Name field in Document Types module in Settings. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left menu bar, go to Settings - Document Types and click on Add button to add a new record. 3.Edit the New Docume...

4.9CVSS5.2AI score0.00403EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/03/03 4:7 p.m.โ€ข28 views

null pointer dereference in class_object_index at vim9class.c:1356

Description null pointer dereference in classobjectindex at vim9class.c:1356 variable cl in classobjectindex at vim9class.c:1254 is NULL at last, reference to cl refers to NULL Version $ git log commit c727b19e9f1df36e44321d933334c7b4961daa54 HEAD - master, tag: v9.0.1374, origin/master,...

1.9CVSS6.1AI score0.00453EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/02/28 3:4 a.m.โ€ข28 views

SQL Injection in 'core/ajax/ajax_data.php'

Description There exists an SQL injection affecting the customerid parameter located in the file core/ajax/ajaxdata.php Let's take a look at the following code: https://github.com/unilogies/bumsys/blob/9dc2de204116297a7e528c38bc3b1e89bf40f907/core/ajax/ajaxdata.phpL537 sql where stockproductid =...

4CVSS7.2AI score0.00751EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/02/24 10:7 a.m.โ€ข28 views

SQL injection search function

Description Please enter a description of the vulnerability. Link POC: https://drive.google.com/drive/folders/1oFZPVrJ7lID7tDArO8spsMy1VYr4oOb?usp=sharing Proof of Concept Step 1: login https://demo.pimcore.fun/admin/ Step 2: user search function and intercept request with burp Step 3: Exploit ti...

6.5CVSS8.4AI score0.65115EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/02/17 1:51 a.m.โ€ข28 views

Reflected XSS in send2friend.php

Description There is a reflected XSS in send2friend because the 'artlang' parameter is not sanitized. Proof of Concept visit http://phpmyfaq.local/?action=send2friend&artlang=aaaa"%3E%3Cscript%3Ealert1;%3C/script%3E Fix sanitize the '$faqLanguage' variable in...

5.8CVSS5.8AI score0.01644EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/02/12 8:21 p.m.โ€ข28 views

XSS in hyperlink when create FAQ News

Description Stored Cross-Site Scripting XSS through hyperlinks refers to a type of security vulnerability that occurs when an attacker injects malicious code into a hyperlink, which is then stored in the application's database or web server. When a user clicks on the infected hyperlink, the...

4.9CVSS5.3AI score0.00532EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/02/09 11:29 p.m.โ€ข28 views

RCE by Server Side Template Injection

Description Hi, During my testing, I discovered that it is possible to inject code into the system through the "first name" field. This vulnerability allows for server-side template injection, which can lead to arbitrary code execution. The impact of this vulnerability is potentially significant...

7.5CVSS9.7AI score0.01799EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/02/09 12:41 a.m.โ€ข28 views

Stored DOM-based Cross-site Scripting in Tags Functionality

Description A stored, DOM-based cross-site scripting vulnerability exists in answer version 1.0.4 within the question tagging functionality. Steps Step 1. Log in. Step 2. Proceed to create a new question. Populate the Title and Body input. Step 3. Click on the Add tag button, shown in the followi...

4.9CVSS4.8AI score0.0062EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2023/01/19 5:26 a.m.โ€ข28 views

SSL certificate verification disabled

Description When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived...

4CVSS7AI score0.00526EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2023/01/11 1:34 a.m.โ€ข28 views

Froxlor 2.0.6 Remote Command Execution via Arbitrary File Write and Server Side Template Injection

Description Froxlor 2.0.6 Stable is suffering from Remote Command Execution that was achieved by chaining two bugs, the first one is an arbitrary file write on the logging feature, which allows an authenticated attacker to point the log file to any writable path even if it was the web server...

6.5CVSS9.3AI score0.97653EPSS
Exploits8References1
Huntr
Huntr
โ€ขadded 2023/01/05 8:9 a.m.โ€ข28 views

Stored XSS by link markdown

Description The site allows link markdown but does not validate, resulting in XSS. Proof of Concept Create new memo with payload Click me! Hold Ctrl and click to Click me!, a alert with content is domain name appear...

4.9CVSS5.5AI score0.00645EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/12/29 1:5 p.m.โ€ข28 views

Local File Read through Improper Filename Validation

Description This vulnerability occur because there is no filename validation on logoimagelogin and logoimageheader on import and export function. Attacker can use path traversal payload to leak local file such as /etc/passwd or froxlor config file. Proof of Concept 1. Go to import function on...

1.7CVSS5.4AI score0.00729EPSS
Exploits2References1
Huntr
Huntr
โ€ขadded 2022/12/26 11:6 a.m.โ€ข29 views

Stored XSS with CSP bypass through JS file upload

Description I've seen here: https://github.com/usememos/memos/blob/main/server/resource.goL268 that has been implemented the CSP with "default-src 'self'" configuration. This configuration can be bypassed if I'm able to upload a js file, and then call it from another files while they both resides...

4.9CVSS5.6AI score0.00498EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2022/12/25 6:43 a.m.โ€ข28 views

Path Traversal when upload file

metersphere allow users to upload file, but not check the file name. Poc can be found in the link...

6.5CVSS2.6AI score0.00717EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2022/12/08 3:56 a.m.โ€ข28 views

Cross Site Scripting (XSS) Reflected

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept https://github.com/phpipam/phpipam/blob/master/app/subnets/mail-notify-subnet.php look in line 94-9...

5.8CVSS5.9AI score0.00448EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2022/10/18 3:11 a.m.โ€ข28 views

Floating point exception in function num_divide at eval

Floating point exception in function numdivide at eval.c:70...

1.9CVSS1.7AI score0.00463EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/10/04 1:9 p.m.โ€ข29 views

Stored XSS via SVG File

Description flatpresshas a feature to upload file "uploader" and display from "media manager". By uploading SVG files, the users can perform Stored XSS attack. Copy the following code and save as filename.svg. Proof of Concept alertdocument.domain 1. login to...

4.9CVSS5.8AI score0.00535EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/09/23 10:30 a.m.โ€ข28 views

No Limit in length of username , results in memory consumption/DOS attack

Description There must be a fixed length for user input parameters like username. Allowing users to enter long strings may result in a DOS attack or memory corruption Proof of Concept 1Go to https://rdiffweb-demo.ikus-soft.com/admin/users endpoint . 2Click on add user 3Here you will see that ther...

5CVSS1.9AI score0.00721EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/09/22 3:58 p.m.โ€ข28 views

Stack-based Buffer Overflow in function ex_finally

Description stack-buffer-overflow in exfinally function Proof of Concept https://raw.githubusercontent.com/xiowane/testfile/main/test ASAN console ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /src/results/crashes/test -c :qa! =================================================================...

4.4CVSS7.6AI score0.00528EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2022/09/14 2:8 a.m.โ€ข28 views

Heap-based Buffer Overflow in function utfc_ptr2len

Description Heap-based Buffer Overflow in function utfcptr2len at vim/src/mbyte.c:2125. vim version git log commit 470a14140bc06f1653edf26ab0b3c9b801080353 grafted, HEAD - master, tag: v9.0.0461, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S...

4.4CVSS7.8AI score0.00501EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/08/25 10:20 p.m.โ€ข28 views

Stored Cross-Site Scripting (XSS)

Description It is possible to upload HTML files containing JavaScript Payload to the FileStorage as a low-privilege user with the corresponding permissions. When opening the HTML file via an indirect link, the JavaScript Code is executed. Proof of Concept Steps to reproduce: 1. Login to the backe...

4.9CVSS5.8AI score0.00722EPSS
Exploits0
Huntr
Huntr
โ€ขadded 2022/08/24 3:59 p.m.โ€ข28 views

ZipSlip Symlink variant allows to read any file within OctoPrint Box

Using the ZipSlip symlink variant, it is possible to steal any file from the OctoPrint remote server via an upload of a maliciously crafted archive as a language pack and download the stolen files within a backup archive. To set up the Octoprint web application, we used the dockerized version bas...

1.4CVSS1.4AI score0.00405EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/08/22 2:35 a.m.โ€ข28 views

Exposure of "Forgot Password" Token on Comments Controller Leads to Account Takeover

Hello there! Hope you are doing great! Description While digging into your app's source code, I noticed that the getComment function, that can be found on CommentController, had an IDOR, but when I went to an actual instance of Tooljet and tested it, I noticed that it's way worse than that! ๐Ÿ˜ฑ Thi...

6.8CVSS0.00703EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/08/19 5:53 p.m.โ€ข28 views

Persistent Cross Site Scripting - LayoutEditor Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On LayoutEditor module from Settings, the type of fieldModel-label parameter is "Text" but it is not validated and it's used directly without any encoding or validation on LayoutEditor/EditField.tpl. It...

4.9CVSS5.5AI score0.00529EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/08/17 12:3 a.m.โ€ข28 views

Use After Free in function find_var_also_in_script

Description Use After Free in function findvaralsoinscript at vim/src/evalvars.c:3174 vim version git log commit 887748742deae3d6de7aa0fdbb042afe1ccf5e7a grafted, HEAD - master, tag: v9.0.0222, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/poc3huaf.dat -...

4.4CVSS7.6AI score0.00497EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/08/15 3:57 a.m.โ€ข28 views

Heap-based Buffer Overflow in function latin_ptr2len

Description Heap-based Buffer Overflow in function latinptr2len at vim/src/mbyte.c:1088 . vim version git log commit 249e1b903a9c0460d618f6dcc59aeb8c03b24b20 grafted, HEAD - master, tag: v9.0.0213, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S poc4hbo.dat -c :qa!...

4.4CVSS7.6AI score0.00452EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/08/03 11:54 a.m.โ€ข28 views

parser bypass and make SSRF attack

parse-url inproperly detecting protocol,resource and Pathname . This allow to bypass protocol check . Also this bug make ssrf check bypass\ \ lets check normal url result for parse-url import parseUrl from "parse-url"; console.logparseUrl"http://nnnn@localhost:808/?id=xss" protocols: 'http' ,...

6.4CVSS0.4AI score0.00907EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/07/06 8:55 a.m.โ€ข28 views

No Rate Limit On Reset Password Page

Description I have identified that when Reset Password for account , the request has no rate limit which then can be used to loop through one request. This can annoy to the root users sending mass password to one email. A rate limiting algorithm is used to check if the user session or IP-address...

7.4AI score
Exploits0
Huntr
Huntr
โ€ขadded 2022/07/04 2:33 p.m.โ€ข28 views

Stored Cross-site Scripting (XSS) leads to Account Takeover

๐Ÿ”’๏ธ Requirements - Be able to edit or create documents. - Click of a user on the link. ๐Ÿ“ Description The markdown's link creation feature does not properly sanitize url input, which allows to use error event to execute javascript. Furthermore, due to a lack of HttpOnly flag on sessions cookie, it i...

3.5CVSS5.9AI score0.0065EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/06/29 6:55 a.m.โ€ข28 views

Out-of-bounds Read in function ins_bytes

Description Out-of-bounds Read in function insbytes at change.c:968 vim version git log commit 9610f94510220c783328e1857af87a6ae7bc20b4 HEAD - master, tag: v9.0.0014, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocobr4s.dat -c :qa!...

6.8CVSS7.6AI score0.013EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/06/17 11:58 a.m.โ€ข28 views

Reflected XSS on /editor_tools/module

Description Reflected XSS with filter bypass on /editortools/module using type= parameter. Proof of Concept https://demo.microweber.org/demo/editortools/module?type="alert"xss" The value of the "type" parameter is injected into the source code of the page at line 38. Since the value of the "type"...

4.3CVSS0.02907EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/06/15 9:25 a.m.โ€ข28 views

Possible prototype pollution in Schema.path

Description Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Affected versions of this package are vulnerable to Prototype Pollution. The Schema.path function is vulnerable to prototype pollution when setting the schema object. This vulnerability allows...

7.5CVSS2.6AI score0.32676EPSS
Exploits1References2
Total number of security vulnerabilities4072