Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/12/20 1:8 p.m.27 views

Unsanitized input returned in response is conducive to XSS exploitation

Description During the initial installation process it was identified that the "Create user" form that collects user data, does not properly sanitize the data entry and then prints them on the screen with an error message without any apparent validation, thus allowing the insertion of HTML or...

5.8CVSS6.1AI score0.00577EPSS
Exploits1References3
Huntr
Huntr
added 2022/12/15 11:57 p.m.27 views

Blind Stored XSS in administration panel

Description Blind stored XSS : any visitor user without any privilege can create "Proposal for a new FAQ" at the following URL https://roy.demo.phpmyfaq.de/index.php?action=add&cat=0 and add XSS payload in "Your question" input field allows any anonymous visitor can steal admin cookies also...

5.8CVSS5.9AI score0.00562EPSS
Exploits0
Huntr
Huntr
added 2022/11/24 5:34 a.m.27 views

AddressSanitizer: heap-buffer-overflow in alloc.c 246:11

Description ================================================================= ==19339==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000001015 at pc 0x0000004872d8 bp 0x7ffdef721150 sp 0x7ffdef720910 WRITE of size 2 at 0x606000001015 thread T0 Detaching after fork from child proce...

4.4CVSS7.9AI score0.00423EPSS
Exploits1
Huntr
Huntr
added 2022/11/15 12:49 p.m.27 views

Stack-Based Buffer Overflow in gf_sg_proto_field_is_sftime_offset

Description Stack-Based Buffer Overflow in gfsgprotofieldissftimeoffset at vrmlproto.c:1295. version git log commit 05eaac875354682942b70c790bcd62cb5f4cc825 grafted, HEAD - master, origin/master, origin/HEAD Author: Jean Le Feuvre Date: Mon Nov 14 18:07:45 2022 +0100 fixed msvc warnings ./MP4Box...

4.4CVSS7.7AI score0.00391EPSS
Exploits1
Huntr
Huntr
added 2022/10/17 6:49 a.m.27 views

Use After Free in function bt_quickfix

Description Use After Free in function at buffer.c:5715 . vim version git log commit 3f0092c141824356b55b11cd3985baaf4df65334 grafted, HEAD - master, tag: v9.0.0777, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S poc13huaf.dat -c :qa!...

4.4CVSS8.6AI score0.00373EPSS
Exploits0
Huntr
Huntr
added 2022/09/04 8:16 p.m.27 views

Desktop APP XSS to RCE

📝 Description Bypass disabled plugins configuration According to its default configuration, drawio desktop disables the use of custom plugin and must be using --enable-plugins to enable it. In addition, draw.io allows you to configure the application mainly the interface using a json file...

4.4CVSS7AI score0.01282EPSS
Exploits1
Huntr
Huntr
added 2022/08/28 4:42 p.m.27 views

Improper Authentication

Description There are two permissions not working correctly: The Licenses - View and Modify License Files & the Self - Create API Keys permission. License Files Files can be uploaded to licenses. There is a permission for users called View and Modify License Files. However, this permission is...

4CVSS4.5AI score0.0072EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/18 2:47 p.m.27 views

Weak Password Requirements

Description The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts. Proof of Concept Steps to reproduce 1. Login to admin account. 2. Drom user account setup create a new user. 3. Full the form username user3 and...

7.5CVSS2.4AI score0.00757EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/18 6:18 a.m.27 views

NULL Pointer Dereference in function sug_filltree

Description NULL Pointer Dereference in function sugfilltree at vim/src/spellfile.c:5600. vim version git log commit 4875d6ab068f09df88d24d81de40dcd8d56e243d grafted, HEAD - master, tag: v9.0.0224, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/poc2null.d...

1.9CVSS0.6AI score0.00469EPSS
Exploits1
Huntr
Huntr
added 2022/07/28 6:44 p.m.27 views

Format string modifiers in card label

Description When adding a new video device with v4l2loopback-ctl that contains a card label with format string modifiers the kernel driver interprets these when querying the device capabilities, thus leaking kernel memory stack contents. The vulnerability requires the attacker to have access to t...

2.9CVSS2.1AI score0.00324EPSS
Exploits1References1
Huntr
Huntr
added 2022/07/18 8:34 a.m.27 views

xss via improper parsing of javascript: url

Description A URL like javascript://example.com%0aalert1 will get incorrectly recognised as a file: protocol. It has nothing to do with escaping as the common characters such as &, , if parsed.protocol !== "javascript" res.send"CLICK ME!" app.listen9999;...

2.3AI score
Exploits0
Huntr
Huntr
added 2022/06/29 3:36 p.m.27 views

Integer Overflow in function lsr_translate_coords

Description Integer Overflow in function lsrtranslatecoords at laser/lsrdec.c:853 gpac version git log commit ea3af7c8242d1a82657dc3a518df5a5b1b5e27ed HEAD - master, origin/master, origin/HEAD Author: Romain Bouqueau Date: Tue Jun 28 19:25:58 2022 +0200 POC ./MP4Box -bt ./pocintof1s.dat...

4.4CVSS0.1AI score0.00379EPSS
Exploits1
Huntr
Huntr
added 2022/06/20 7:14 a.m.27 views

Heap-based Buffer Overflow in function utf_ptr2char

Description Heap-based Buffer Overflow in function utfptr2char at mbyte.c:1794 vim version git log commit e366ed4f2c6fa8cb663f1b9599b39d57ddbd8a2a HEAD - master, tag: v8.2.5136, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pochbo3s.dat -c...

6.8CVSS7.6AI score0.01473EPSS
Exploits1
Huntr
Huntr
added 2022/06/16 2:9 p.m.27 views

InvenTree Deploys a Weak Password Change Mechanism

Description When setting a new user password, InvenTree does not require knowledge of the original password or using another form of authentication. Proof of Concept 1. Log in as a regular user 2. Go to the account settings link 3. Select Set Password 4. Enter any 8-character password string this...

1AI score
Exploits0References1
Huntr
Huntr
added 2022/06/11 8:44 a.m.27 views

Stored XSS in Part Description

Description The application inventree is vulnerable to Stored XSS in part description field. Proof of Concept Video PoC link: https://drive.google.com/file/d/1ZFgWiVpalxZ8zGeDrErezjZCQjB3VP-w/view?usp=sharing...

3.5CVSS0.4AI score0.00751EPSS
Exploits1
Huntr
Huntr
added 2022/06/07 8:29 a.m.27 views

Bypass of last fix

Description last fix can be bypass because in this line we should consider the case \r\r or even \r too. Proof of Concept javascript const http = require"http"; const parseUrl = require"parse-url"; const url = parseUrl'jav\r\r\rascript://%0aalert1'; console.logurl const server =...

4.3CVSS0.2AI score0.00857EPSS
Exploits1
Huntr
Huntr
added 2022/05/24 2:39 p.m.27 views

Send messenger to another user with any sender account

Description Send messenger to another user with any sender account Proof of Concept 1. Login with account A. 2. When click to the message box of the user Victim X we have the id of this message page in URL, such as https://docker.trudesk.io/messages/628ceabe32b93e62146a7d75 is the URL of message ...

5.5CVSS0.01953EPSS
Exploits1References2
Huntr
Huntr
added 2022/05/18 2:6 p.m.27 views

Business Logic error lead to race condition

Description I have found Business logic Bug in para application free User can create more than 1 app even after App limit reached Proof of Concept 1 - Go to https://paraio.com/apps 2 - Create a new app 3- Enter the name of app 4- Intercept the request in burp suite and send into intruder and sele...

4.3CVSS5.6AI score0.0096EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/18 12:23 p.m.28 views

Server Side Request Forgery

Description There are two SSRF's in the draw-image-export2 repository, both work on the domain convert.diagrams.net One is a Blind SSRF the other one a Full Response SSRF. Blind SSRF The first one is simple and can be invoked by accessing the following URL:...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/05/15 9:49 a.m.27 views

Allowing long password leads to denial of service in polonel/trudesk

Description The trudesk application allows to sending a very long password 10000000 characters it's possible to cause a denial of service attack on the server. This may lead to the website becoming unavailable or unresponsive. Usually, this problem is caused by a vulnerable password hashing...

4CVSS0.1AI score0.00927EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/08 10:5 a.m.27 views

Authentication Bypass Using an Alternate Path or Channel

Steps to reproduce 1. 1. Log into Administrator account 2. 2. Navigate to User section 3. 3. Create a new User, call it testUser pass is 12345678 4. 4. Navigate to Groups section and create a new group, call it testGroup 5. 5. Give a "manage:group" permission for testGroup and assign testUser...

9CVSS6.9AI score0.01889EPSS
Exploits1
Huntr
Huntr
added 2022/04/27 8:27 a.m.27 views

Multiple Store XSS via upload svg file and the file name of attachment

Description Hi There, facturascripts is vulnerable to store XSS by upload svg file, and the filename Step to produce with svg file Login as admin or any account has role Admin-Library, access Admin - library - New and upload file svg with content: alertdocument.cookie; save this. XSS will be...

3.5CVSS5.7AI score0.00643EPSS
Exploits1
Huntr
Huntr
added 2022/04/26 8:18 a.m.27 views

Cross-site Scripting (XSS) - Stored via HTML file upload

Description rosariosis is vulnerable to Stored XSS in the File upload in Assignments by uploading an HTML file with the javascript code inside. Proof-of-Concept phish.html Test Upload File Test upload alert1 Step to reproduce From attacker side student 1.Login to the demo environment by student...

6AI score
Exploits0
Huntr
Huntr
added 2022/04/25 11:57 a.m.27 views

Buffer Over-read at parse_rawml.c:1416

Description Heap-based Buffer Overflow at parserawml.c:1416 Build git clone https://github.com/bfabiszewski/libmobi.git cd libmobi export CFLAGS="-g -O0 -lpthread -fsanitize=address" export CXXFLAGS="-g -O0 -lpthread -fsanitize=address" export LDFLAGS="-fsanitize=address" ./autogen.sh ./configure...

3.6CVSS6.7AI score0.00342EPSS
Exploits1
Huntr
Huntr
added 2022/04/23 3:0 p.m.27 views

Out-of-bounds Read in r_bin_java_constant_value_attr_new function

Description Out-of-bounds OOB read vulnerability exists in rbinjavaconstantvalueattrnew function in Radare2 5.6.9. This is similar with CVE-2022-0518 and CVE-2022-0521 Version radare2 5.6.9 27745 @ linux-x86-64 git.conti commit: 14189710859c27981adb4c2c2aed2863c1859ec5 build: 2022-04-2311:05:49...

5.8CVSS6.4AI score0.01005EPSS
Exploits3References2
Huntr
Huntr
added 2022/04/06 6:40 p.m.27 views

Out-of-bounds Read in mrb_get_args

Out-of-bounds Read in mrbgetargs in mruby/mruby Affected commit 3cf291f72224715942beaf8553e42ba8891ab3c6 Proof of Concept ruby= 0..% = 0,0,0,0,0,0,0,0,0,0,0,0,0, = 0 Below is the output from mruby ASAN build: bash= AddressSanitizer:DEADLYSIGNAL...

7.5CVSS2.3AI score0.01476EPSS
Exploits1
Huntr
Huntr
added 2022/04/01 5:54 p.m.27 views

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File

Description Formula Injection/CSV Injection in "Firstname" & "Lastname" due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept 1.Go to a Preferences from the user account and in Personal info of "Firstname" & "Lastname" insert the below payloads. 2.Payloads:-...

6.8CVSS0.1AI score0.0234EPSS
Exploits2References1
Huntr
Huntr
added 2022/03/29 3:46 a.m.27 views

Loose comparison causes IDOR on multiple endpoints

Description Live Helper Chat is vulnerable to Type Juggling on the requestPayload'hash'. The application uses a Loose Comparison to check if the user-controlled parameter is equal to an hash, this check is vulnerable because it's possible to pass other Data Types via JSON that causes the if...

5CVSS0.01231EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/27 10:55 a.m.27 views

Cross-site Scripting (XSS) - Stored

Description pimcore is vulnerable to Stored XSS at Key field in the Navigation & Properties tab of a Document page. Payload " Step to reproduce 1.Go to https://demo.pimcore.fun/admin/ and login. 2.Click on any document Home, de,... in the Documents 3.Go to Navigation & Properties tab, in the Key...

3.5CVSS0.4AI score0.01266EPSS
Exploits1
Huntr
Huntr
added 2022/02/18 6:48 a.m.27 views

Cross-site Scripting (XSS) - Reflected

Description Can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out. Proof of Concept txt https:///demo/api/logout?redirectto=/asdf" Impact Through this vulnerability, an attacker is capable to execute malicious scripts...

4.3CVSS0.6AI score0.02273EPSS
Exploits1
Huntr
Huntr
added 2022/02/16 10:39 a.m.27 views

Stack-based Buffer Overflow in vim/vim

Description Buffer overflow occurs in gaconcatshortenesc. commit : f5288c589500de0677444af4a428cfbccfccb8ce Proof of Concept poc $ echo -ne "bm9ybTEwMGdy3YAKZnUgUigpCmxldCBsaW5lPWdldGxpbmUoMSkKcmV0dSBsaW5lCmVuZGYKCmNh bGwgYXNzZXJ0X2VxdWFsKDEsUigpKQo=" | base64 -d poc ASAN $ ./src/vim.asan -u NONE...

6.8CVSS8.5AI score0.01806EPSS
Exploits1
Huntr
Huntr
added 2022/02/11 3:7 a.m.27 views

Heap-based Buffer Overflow in vim/vim

Description Heap overflow occurs in exretab. commit : 414acd342f4a66d930da34d419929985b48bd301 Proof of Concept $ echo -ne "ZnUgUihiLG4pCmxldCBvbGRfdGFic3RvcD0mdGFic3RvcApleGUicmV0ImE6bgppZiBhOm4KZXhl J3NlIHRhYnN0b3A9Jy5vbGRfdGFic3RvcAplbApjYWwgbCgiIixSKCcnLDQpCmNhbCBsKCIiLFIo...

6.8CVSS1.7AI score0.26583EPSS
Exploits1
Huntr
Huntr
added 2022/01/25 5:25 p.m.27 views

in vim/vim

Description Out of bound 1 byte read in vim. commit : 06b77229ca704d00c4f138ed0377556e54d5851f Proof of Concept $ echo -ne "c2lsMG5vcm0WcTAHMA==" | base64 -d minimizedpoc valgrind $ ./vg-in-place -s ./vim -u NONE -i NONE -n -X -Z -e -s -S ./minimizedpoc -c ":qa!" ==3442167== Invalid read of size ...

5.8CVSS7.1AI score0.01393EPSS
Exploits1
Huntr
Huntr
added 2022/01/02 12:1 p.m.27 views

Cross-site Scripting (XSS) - Reflected in microweber/microweber

Description XSS - Cross-Site Scripting is vulnerability which allows attackers to execute arbitrary javascript code in the browser of victim. PAYLOAD for firefox: a' onafterscriptexecute=alertdocument.domain c='a requires NO user-interaction PAYLOAD for all major browsers: a'...

4.3CVSS1.4AI score0.03866EPSS
Exploits1
Huntr
Huntr
added 2021/12/26 4:49 p.m.27 views

Improper Privilege Management in shelljs/shelljs

Details If ShellJS scripts running locally are using ShellJS exec function, local users on the filesystem can read the stdout of the running ShellJS process to disclose sensitive information present in the privileged process. This may leak sensitive information present in the privileged process...

3.6CVSS1.5AI score0.00427EPSS
Exploits1
Huntr
Huntr
added 2021/12/25 10:47 a.m.27 views

None in vim/vim

Description intro While fuzzing, I found an edge case in the vim9 compiler for nested functions. It seems like you can make the compiler use the same line twice, by adding another command directly after an enddef token using the | operator. Depending on the inner functions body, this either resul...

6.8CVSS0.1AI score0.01621EPSS
Exploits1
Huntr
Huntr
added 2021/10/30 10:52 p.m.27 views

SQL Injection in forkcms/forkcms

Description When deleting submissions which belong to a formular made with module FormBuilder, the parameter id is vulnerable for SQL injection. Proof of Concept - Call the URL...

4.3CVSS0.4AI score0.01111EPSS
Exploits1
Huntr
Huntr
added 2021/10/07 2:35 p.m.27 views

Path Traversal in bookstackapp/bookstack

Description A path traversal vulnerability in BookStacks export function allows for the exposure of sensitive files in local or localsecure Laravel filesystems. Proof of Concept 1: Write the following in a new page: 2: Export in contained HTML to find the .htaccess file base64 encoded 3: If the...

4CVSS1.3AI score0.01163EPSS
Exploits1
Huntr
Huntr
added 2021/10/01 8:26 p.m.27 views

Open Redirect in firefly-iii/firefly-iii

Steps: 1. Login in application and and navigate to bill section and create bill and capture the request. Web applications use different techniques to redirect users to the next page. Apps may use URL query parameters, header values, with JavaScript code, or it may be backend code. In case of this...

4.9CVSS5.1AI score0.01188EPSS
Exploits1References1
Huntr
Huntr
added 2021/09/28 9:37 a.m.27 views

in osticket/osticket

Description The forgot password can be abused to leak possible usernames due to different responses returned when a user exists or a user does not. Proof of Concept 1. Go to http://OSTICKET-SERVER/htdocs/osticket/scp/pwreset.php 2. Key in a user which does not exist, the response is: "Unable to...

7AI score
Exploits0
Huntr
Huntr
added 2021/09/01 10:54 a.m.27 views

Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte

✍️ Description Reflected XSS in POST /admin/scripts/pi-hole/php/customcname.php 🕵️‍♂️ Proof of Concept 1. Login as admin, Go to Local DNS - CNAME Records - Add a new CNAME record 2. Input alert1 in domain field and anything in target domain. 3. The Payload in post body domain is URL encoded, use a...

4.3CVSS0.2AI score0.00532EPSS
Exploits1
Huntr
Huntr
added 2023/10/08 4:50 p.m.26 views

CSRF in Payment Types

Description CSRF in Payment Types Proof of Concept 1 .Attacker send form fake to user history.pushState'', '', '/'; document.forms0.submit; 2 .User click , edited unwanted payment types Video Poc https://drive.google.com/file/d/1jI4bW5BJXGdJ7kICI-K1Kmg5y2EPw7f0/view?usp=sharing Payload Poc...

6.8CVSS6.8AI score0.00264EPSS
Exploits1
Huntr
Huntr
added 2023/10/08 2:24 p.m.26 views

Root takeover via signature spoofing

Description When an app requests "CMDBECOMEMANAGER" via prctl, couple of checks done before promoting uid as root manager. Main check relies on requester's signature. Signature control is done in checkv2signature function in kernel\apksign.c, this function accepts both V2 and V3 signatures...

7.5CVSS7.1AI score0.00582EPSS
Exploits1References1
Huntr
Huntr
added 2023/09/02 11:6 p.m.26 views

SQL injection in slug parameter

Description The /api/workspace/:slug endpoint exposes a critical SQL injection vulnerability in the slug parameter. This vulnerability arises due to the insecure handling of user-supplied data slug in the construction of a SQL query. An attacker can exploit this vulnerability by crafting a...

6.5CVSS8.1AI score0.00649EPSS
Exploits1
Huntr
Huntr
added 2023/08/09 5:10 p.m.26 views

authorized Admin Account Takeover

Description The icms2 contains a flaw in its admin account management functionality, specifically in the process of changing and resetting passwords for administrators. Through careful analysis and testing, it was observed that an authenticated administrator has the capability to change the...

5.8CVSS6.9AI score0.00453EPSS
Exploits1
Huntr
Huntr
added 2023/07/30 8:35 p.m.26 views

HTML injection Leads to Open redirection

Description HTML Injection Leads to Open Redirection is a dangerous web security issue. Attackers inject malicious HTML code into vulnerable websites, allowing them to execute harmful scripts in users' browsers. This may lead to unauthorized actions on users' behalf and redirect them to malicious...

4.3CVSS7.1AI score0.00379EPSS
Exploits1
Huntr
Huntr
added 2023/07/16 12:31 a.m.26 views

Stored XSS via SVG Upload

Description By uploading an SVG file containing JavaScript code in the file upload function on the administrator screen, it is possible to execute any script on the browser of the accessing user. Proof of Concept Log in to the administrator screen, access the Assets page, and upload the SVG file...

4.3CVSS7AI score0.00401EPSS
Exploits1References1
Huntr
Huntr
added 2023/07/11 8:38 a.m.26 views

Session is still valid after changing password

Description The application does not delete the old login session on the server side after changing the password. This poses a risk when a user uses a public computer and an attacker captures the login session. Even if the user has changed the password, the login session is still taken over by th...

7.5CVSS6.5AI score0.00409EPSS
Exploits0
Huntr
Huntr
added 2023/06/06 3:44 p.m.26 views

Formula Injection vulnerability in CSV export feature

Description The admidio application is vulnerable to Formula Injection/CSV injection via the Firstname, Lastname input fields. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via a a crafted excel file. Proof of Concept 1. Create a member with role Associations boa...

4.4CVSS8.3AI score0.01679EPSS
Exploits4References4
Huntr
Huntr
added 2023/06/03 8:39 p.m.26 views

CSRF on /api/graphql query executing the mutations through GET requests

Description Mutations are saveRecord or createProcess queries used in Graphql. SuiteCRM prevents CSRF in this functionality by sending a POST request with a X-Xsrf-Token header. the bug here is that, when we send a GET request, the backend does not expect the X-Xsrf-Token header. Using this, an...

6.8CVSS6.9AI score0.00302EPSS
Exploits1References3
Total number of security vulnerabilities4072