Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/07/30 8:35 p.m.26 views

HTML injection Leads to Open redirection

Description HTML Injection Leads to Open Redirection is a dangerous web security issue. Attackers inject malicious HTML code into vulnerable websites, allowing them to execute harmful scripts in users' browsers. This may lead to unauthorized actions on users' behalf and redirect them to malicious...

4.3CVSS7.1AI score0.00379EPSS
Exploits1
Huntr
Huntr
added 2023/07/16 12:31 a.m.26 views

Stored XSS via SVG Upload

Description By uploading an SVG file containing JavaScript code in the file upload function on the administrator screen, it is possible to execute any script on the browser of the accessing user. Proof of Concept Log in to the administrator screen, access the Assets page, and upload the SVG file...

4.3CVSS7AI score0.00401EPSS
Exploits1References1
Huntr
Huntr
added 2023/07/11 8:38 a.m.26 views

Session is still valid after changing password

Description The application does not delete the old login session on the server side after changing the password. This poses a risk when a user uses a public computer and an attacker captures the login session. Even if the user has changed the password, the login session is still taken over by th...

7.5CVSS6.5AI score0.00409EPSS
Exploits0
Huntr
Huntr
added 2023/06/06 3:44 p.m.26 views

Formula Injection vulnerability in CSV export feature

Description The admidio application is vulnerable to Formula Injection/CSV injection via the Firstname, Lastname input fields. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via a a crafted excel file. Proof of Concept 1. Create a member with role Associations boa...

4.4CVSS8.3AI score0.01679EPSS
Exploits4References4
Huntr
Huntr
added 2023/06/03 8:39 p.m.26 views

CSRF on /api/graphql query executing the mutations through GET requests

Description Mutations are saveRecord or createProcess queries used in Graphql. SuiteCRM prevents CSRF in this functionality by sending a POST request with a X-Xsrf-Token header. the bug here is that, when we send a GET request, the backend does not expect the X-Xsrf-Token header. Using this, an...

6.8CVSS6.9AI score0.00302EPSS
Exploits1References3
Huntr
Huntr
added 2023/03/24 8:20 p.m.26 views

Html Injection to Open redirect

Description Step to reproduce. 1. https://demo.easyappointments.org/index.php/backend/index open this and click on create meet. 2. On first name add Open redirect payload save it. click me...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/03/22 12:12 a.m.26 views

Heap Use-After-Free in GPAC MP4Box's ogg_stream_clear Function When Processing OGG Files

A heap use-after-free vulnerability has been discovered in GPAC MP4Box's oggstreamclear function when processing OGG files. The vulnerability occurs due to improper handling of memory allocations and deallocations while processing OGG files. This leads to the use of previously freed memory, causi...

4.4CVSS7.4AI score0.00509EPSS
Exploits1
Huntr
Huntr
added 2023/03/18 3:27 p.m.26 views

Stored XSS in Properties Parameter

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.9CVSS4.9AI score0.00563EPSS
Exploits1
Huntr
Huntr
added 2023/03/06 6:28 p.m.26 views

XSS via Client Side Template Injection

Description Hi Team! First, when creating an app and in the "display title" if you change it to 7'7, and you get it, you can see your name become 49. I think it might be a remote code execution vulnerability via server side template injection, but there is a length limit : By changing Display Tit...

4.9CVSS6.4AI score0.00351EPSS
Exploits1
Huntr
Huntr
added 2023/03/06 7:55 a.m.26 views

CSV Injection in CSV files generated by the backend

1 First the admin create the event and publish it. 2 unauthenticated users go to the reservation page 3 unauthenticated users fill the fisrst name and last name as "=1+cmd|'/C calc'!A0" 4 admin download all the attendees' data as csv. 5 admin open the csv file and the calculator is opened. see th...

6.8CVSS8.5AI score0.00913EPSS
Exploits1
Huntr
Huntr
added 2023/02/22 1:21 a.m.26 views

Captcha Bypass due to invalidation of previous tokens

Description An attacker can create bypass the captcha mechanism and create multiple accounts directly Proof of Concept 1: Sign up with a new name in the application, fill the captcha and intercept the request of the submit. The request will look something like this POST...

7.5CVSS8.9AI score0.00837EPSS
Exploits1
Huntr
Huntr
added 2023/02/12 2:15 a.m.26 views

off-by-one error in function gf_text_get_utf8_line filters/load_text.c

Version MP4Box - GPAC version 2.3-DEV-rev40-g3602a5ded-master c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration:...

1.9CVSS5.7AI score0.00399EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/27 11:39 p.m.26 views

Dropdown Menu Manipulation leads to stored HTML Injection

Hello In the Cronjob we can change the Interval Time the Dropdown Menu "minutes" to a stored HTML Injection. The Vulnerabilities are 2: 1. First thing the Dropdown Menu should be fixed and nobody can alter or change anything which we will do 2. Second we can implement a stored HTML Injection with...

4.3CVSS5.8AI score0.00439EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/24 10:33 p.m.26 views

important E-Mail Input Field bypassed allowing Account Lockout and Takeover

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan [email protected] and I were able to Account Lockout Vulnerability by bypassing the Input of the E-Mail Address. The Process of...

6.5CVSS8.4AI score0.00714EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/24 5:2 p.m.26 views

Account Takeover via reset password

Description Password recovery leads to Account Take Over due to reset code leakage. Proof of Concept Create an acount in https://meta.answer.dev/ and verify mail, then log out. Go to password recovery https://meta.answer.dev/users/account-recovery, insert your email and capture the server respons...

7.5CVSS9.2AI score0.06368EPSS
Exploits4
Huntr
Huntr
added 2023/01/22 6:1 a.m.26 views

IDOR vulnerability allowing to update another user's annotations

Description IDOR vulnerability was discovered in wallabag. Proof of Concept 1. Login as a victim. 2. Create an entry and an annotation. In this case the annotation's ID is 3. 3. Login as an attacker. 4. Send the following request. request http PUT /annotations/3 HTTP/1.1 Host: localhost:8000...

4CVSS5.1AI score0.00444EPSS
Exploits1
Huntr
Huntr
added 2023/01/20 9:11 a.m.26 views

Email enumeration via sending a magic sign in link functionality

Description The sending a magic sign in link functionality is vulnerable to an email enumeration attack. Proof of Concept If you enter registered email, you will get Login Link Sent! message. If you enter non-registered email, you will get Unknown email address. message...

5CVSS5.6AI score0.0056EPSS
Exploits1
Huntr
Huntr
added 2023/01/17 9:1 a.m.26 views

Reflected XSS - Accounting Module - Maintenance - Delete Accounting Records

Description A reflected cross-site scripting XSS vulnerability exists within acct-maintenance-delete.php, which allows a malicious user to execute arbitrary JavaScript code. The vulnerable parameters are username, startdate, and enddate. Proof of Concept 1. Navigate to /acct-maintenance-delete.ph...

5.8CVSS5.6AI score0.00468EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/11 8:52 p.m.26 views

No Protection Against Bruteforce Attacks on Login Page

Description Twake does not limit unsuccessfull login attempts allowing an attacker to brute force the password of an administrator or regular user. Proof of Concept Steps to reproduce Because Twake does not rate limit authentication attempts an attacker could either bruteforce both the login and...

7.5CVSS9.1AI score0.0062EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/01 4:20 p.m.26 views

Improper Restriction of Rendered UI Layers or Frames

Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept...

5.8CVSS6.1AI score0.00456EPSS
Exploits0References1
Huntr
Huntr
added 2022/12/27 9:37 p.m.26 views

Stored XSS while creating a new post

Description After login to portal create a new post and type the following text with XSS payload Proof of Concept 1. Login to portal. 2. create a post with xss paylaod 3. save it Payload 09;& Poc: !alt textlogo logo: https://i.imgur.com/SHDZRWt.png !alt textlogo1 logo1:...

4.9CVSS5.6AI score0.00766EPSS
Exploits1
Huntr
Huntr
added 2022/12/19 1:17 p.m.26 views

Attributes are not properly handled leading to XSS

Description Attribute names and the class attribute values are not properly handled leading to XSS where a user can control either: + A class value + An attribute name. While this may not seem like a important security issue this weakness is not documented. One would assume the behaviour would...

5.8CVSS5.9AI score0.00458EPSS
Exploits0References2
Huntr
Huntr
added 2022/12/05 6:41 a.m.26 views

Lack of CSRF Token in Logout

Description we haven't csrf token in logout basically this is not really issue but in rdiffweb we have logically redirect user to last source like logout method. in this case attacker can chain two requestlogout,login that lead to dos Proof of Concept 1. send get logout request and get sessionid...

4.3CVSS5.7AI score0.00313EPSS
Exploits0
Huntr
Huntr
added 2022/11/18 7:41 p.m.26 views

3 Types of SQLi in `s` param - (Time/Boolean/Error Based)

Description I have found 3 types of SQLi on the s parameter Proof of Concept Time-Based Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time in seconds before...

7.5CVSS9.2AI score0.03954EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/04 12:45 a.m.27 views

XSS and CSP bypass in app.diagrams.net

Description The application reflects an input from the url without sanitizing it. With a csp bypass from apis.google.com its possible to execute javascript code. Proof of Concept...

5.8CVSS0.4AI score0.00624EPSS
Exploits1
Huntr
Huntr
added 2022/10/27 12:28 p.m.26 views

Link Preload XSS

Description Link preloads do not effectively confirm if the requested link is external. Parser differentials can be used to bypass existing external URL check. Root Cause payload.client.ts contains the following code on link prefetch: ts nuxtApp.hooks.hook'link:prefetch', url = if...

5.8CVSS6.2AI score0.00443EPSS
Exploits0
Huntr
Huntr
added 2022/10/07 4:16 p.m.26 views

Broken Access Controls in Patient Files

Description An authenticated user without document access has the ability to direct access any document in the system by using a url similar to this http://domain/openemr/controller.php?document&retrieve&patientid=2&documentid=19. The autoincrement identifier was also susceptible of being...

5.5CVSS8.1AI score0.00607EPSS
Exploits1
Huntr
Huntr
added 2022/10/02 6:56 p.m.26 views

SSRF in feeds

Description By looking at this URL : https://github.com/glpi-project/glpi/security/advisories/GHSA-rqgx-gqhp-x8vv, I understand that a SSRF was possible in the URL of the RSS feed, and in fact, this has been fix. Howerver, I found a bypass to CVE-2022-36112. Proof of Concept To trigger the bug,...

0.00459EPSS
Exploits0
Huntr
Huntr
added 2022/09/27 8:53 a.m.26 views

Use After Free in function did_set_string_option

Description Use After Free in function didsetstringoption at optionstr.c:2456. vim version git log commit 8279af514ca7e5fd3c31cf13b0864163d1a0bfeb grafted, HEAD - master, tag: v9.0.0598, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S...

4.4CVSS7.8AI score0.00492EPSS
Exploits1
Huntr
Huntr
added 2022/09/21 1:58 p.m.26 views

CSRF to change the email id

Description The change email ID is vulnerable to CSRF. The attacker can change the email ID of the user. Proof of Concept 1.Login into the application https://rdiffweb-demo.ikus-soft.com. 2.Open the URL...

3.5CVSS0.3AI score0.00375EPSS
Exploits1
Huntr
Huntr
added 2022/08/17 10:35 a.m.26 views

Cross-site Scripting (XSS) - Stored

Description The application uses Purify to avoid the Cross Site Scripting attack. However, On ApiAddress module from Settings, the customFields is not validated and it's used directly without any encoding or validation on ApiConfigModal.tpl. It allows attacker to inject arbitrary Javascript code ...

4.9CVSS0.3AI score0.00725EPSS
Exploits1
Huntr
Huntr
added 2022/08/16 9:36 a.m.26 views

Stored XSS in 'Table name' field via Database information function

Description When the administrator uses the Database information function, malicious code will be accidentally called and executed through two cases: 1. 1 An internal attacker local with access right to the database could insert malicious content into the table name field by creating a table in t...

4.3CVSS0.3AI score0.00409EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/02 7:43 p.m.26 views

User can do all actives with other's signature (view, get, create, update, delete,...)

Description I observed that users can view any user's signature by changing their user parameter to other's user parameter. By the same way users can create/delete/update other's signature in create signature function. View/Get other's signature: 1. Login to an account I use account receptionist...

5.5CVSS0.00609EPSS
Exploits1
Huntr
Huntr
added 2022/07/26 8:33 p.m.26 views

Improper Input Validation Leads to Privilege Escalation and Denial of Service

Description Improper input validation allows an attacker to privilege escalation and can make crash nginx server. There is no input validation in the v-add-web-domain-redirectL82, and "v-redirect-custom" input on the "Edit Web Domain" page, inputs are written directly to the...

6.5CVSS0.01076EPSS
Exploits1
Huntr
Huntr
added 2022/07/21 10:8 a.m.26 views

Unauthorized to create and edit Amendments function

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version Open Source electronic health records and medical practice management application has unauthorized create and edit on “Patient/dashboard/Amendments” with function...

6.5CVSS0.1AI score0.00703EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 6:40 a.m.26 views

Inefficient Regular Expression Complexity potentially leads to Denial of Service in

Description Inefficient regular expression complexity of lowercase and uppercase regex could lead to a denial of service attack. With a formed payload 'a' + 'a'.repeati + 'A', only 32 characters payload could take 29443 ms time execution when testing lowercase. The same issue happens with...

5CVSS1.5AI score0.01358EPSS
Exploits1References2
Huntr
Huntr
added 2022/06/29 2:34 a.m.26 views

Failure to invalidate session after password change

Description The application does not invalidate session after the password is changed which can enable attacker to continue using the compromised session. Proof of Concept 1Login to the same accounts in two different browsers https://demo.bigbluebutton.org/gl 2Change password in the 1st browser a...

9.5AI score0.0041EPSS
Exploits0References1
Huntr
Huntr
added 2022/06/25 4:51 p.m.26 views

Cross-site Scripting (XSS) - Reflected

Description Hi, i found a Reflected XSS vulnerability GET request in /index.php in phoronix test suite, Results tab. Line 45 of index.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. Proof of Concept GET...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/06/20 7:28 a.m.26 views

Out-of-bounds Read in function get_lisp_indent

Description Out-of-bounds Read in function getlispindent at indent.c:2083 vim version git log commit e366ed4f2c6fa8cb663f1b9599b39d57ddbd8a2a HEAD - master, tag: v8.2.5136, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pocobr2s.dat -c :qa!...

6.8CVSS7.7AI score0.0145EPSS
Exploits1
Huntr
Huntr
added 2022/06/06 5:48 p.m.26 views

Incorrect use of privileged APIs to steal victim's account

Description When user can edit their profile -- Incorrect use of privileged APIs to steal victim's account Proof of Concept 1. Login with hacker's account, get the request when edit profile 2. Replace the endpoint and email with victim's one 3. Send the request. POC video:...

7.5CVSS1.9AI score0.03046EPSS
Exploits1
Huntr
Huntr
added 2022/06/03 6:51 p.m.26 views

Insufficient Session Expiration

Description The application NocoDB failed to invalidate the session after changing the password and In this scenario changing the password doesn't destroy the other sessions which are logged in with old passwords. Proof of Concept Login same account in two different browsers. Try to change the...

6.5CVSS8.8AI score0.02432EPSS
Exploits2References1
Huntr
Huntr
added 2022/05/22 8:12 p.m.26 views

Metadata Is Not Stripped From Images

While uploading an image on https://demo-publify.herokuapp.com/admin/resources as a low privileged user the meta data of the image like geolocation, device information, version, name etc is not getting stripped, as a result the attacker can collect all the meta data information of the image by...

4CVSS0.00562EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/15 4:27 p.m.26 views

Stored XSS on drawio

Sumary Draw io has a feature to put links on a text, due to a bad sanitization it allows to put javascript:// scheme on a anchor tag which allows to execute javascript code Steps to reproduce 1. Create a text box and set word size to 50 2. Click with the rigth button and "Edit link" 3. Put...

3.5CVSS1.4AI score0.00579EPSS
Exploits1References2
Huntr
Huntr
added 2022/05/06 2:9 a.m.26 views

Reflected XSS on ticket filter function

Description Ticket management filter in Trudesk v1.2.0 allow user to perform XSS due to improper validation on filter attribute such as "status", "ticket type", "assignee" and etc. Proof of Concept 1 Login to Trudesk with role user privilege 2 Tickets - Filter ticket 3 Filter for ticket status po...

4.9CVSS0.5AI score0.00703EPSS
Exploits1
Huntr
Huntr
added 2022/04/14 8:46 a.m.26 views

Unrestructed file upload

Description I found unrestricted file upload leads to xss, vulnerability can be exploited by uploading a crafted payload inside a file. Then, the vulnerability can be triggered when the user previews the files content. Proof of Concept unrestricted file upload payload...

4.3CVSS0.2AI score0.00728EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/14 7:20 a.m.26 views

Heap-based Buffer Overflow

Description Heap-based Buffer Overflow in rreadle32 Environment radare2 5.6.7 0 @ linux-x86-64 git. commit: 5.6.7 build: 2022-04-1215:06:26 Build export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan" CXXFLAGS="-fsanitize=address -static-libasan" LDFLAGS="-fsanitize=address...

5.8CVSS0.00739EPSS
Exploits1
Huntr
Huntr
added 2022/04/10 10:43 a.m.26 views

Multiple Stored XSS

Description The organizr application allows malicious javascript payload in multiple-input fields like "Categories", "Bookmark Tabs" and "Bookmark Categories" for which attacker can takeover the admin account. Proof of Concept 1.Login to the co-admin account and go to go to "Settings" - "Tab...

3.5CVSS0.7AI score0.01024EPSS
Exploits1
Huntr
Huntr
added 2022/04/06 2:16 a.m.26 views

heap-use-after-free

Description Whilst experimenting with radare2, built from version 5.6.6, we are able to induce a vulnerability at reg.c:101 in function rreggetnameidx , using radare2 as a harness. 99: RAPI int rreggetnameidxconst char type 100: rreturnvaliffail type, -1; //use-after-free here 101: if type0 &&...

4.3CVSS5.7AI score0.00797EPSS
Exploits1
Huntr
Huntr
added 2022/03/28 6:21 a.m.26 views

Missing Function Level Access Control

Vulnerability Type Missing Function Level Access Control Affected URL 62 vulnerable instances as listed in Table 1 Authentication Required? Yes Issue Summary Web applications usually only show functionality that a user has the need for and right to use in the UI. However, this is not the case for...

5.5CVSS0.1AI score0.00914EPSS
Exploits2References1
Huntr
Huntr
added 2022/03/24 2:27 a.m.26 views

User after free in mrb_vm_exec

While fuzzing mruby I found a use after free in mruby compiled with ASAn. Proof of Concept uaf1.rb rb var1 = -0 var2 = 1.0 var3 = 1 var4 = +0 var3 = methods.groupby || var3 = methods.groupby || var3 = methods.groupby || var3 = methods.groupby || var3 = methods.groupby || var3 = methods.groupby ||...

6.8CVSS8AI score0.00906EPSS
Exploits1
Total number of security vulnerabilities4072