Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/03/11 6:34 a.m.26 views

Stored Cross Site Scripting

Vulnerability Type Stored Cross Site-Scripting XSS Affected URL https://localhost/openemr-6.0.0/ /controller.php?practicesettings&documentcategory&action=addnode&parentid=XX Affected Parameter “name” Method POST Authentication Required? Yes Issue Summary A stored XSS vulnerability found in ”...

3.5CVSS0.6AI score0.51613EPSS
Exploits2References1
Huntr
Huntr
added 2022/03/09 10:44 a.m.26 views

Cross-site Scripting (XSS) - Stored

Description pimcore datahub is vulnerable to Stored XSS in multiple places including: 1 Field-Collections in Data Objects 2 Objectbricks in Data Objects Proof of Concept for both 1 & 2 Step 1: Go to https://10.x-dev.pimcore.fun/admin/ and login. Step 2: Click Settings Data Objects Field-Collectio...

3.5CVSS5.5AI score0.0079EPSS
Exploits1
Huntr
Huntr
added 2022/02/28 12:49 p.m.26 views

Code Injection

Description Improper php function sanitization, lead to an ability to inject arbitrary PHP code and run arbitrary commands on file system. In the function "doleval" in file "dolibarr/htdocs/core/lib/functions.lib.php" dangerous PHP functions are sanitized using "strreplace" and can be bypassed...

6.5CVSS0.3AI score0.43578EPSS
Exploits1
Huntr
Huntr
added 2022/02/20 3:32 a.m.26 views

Cross-site Scripting (XSS) - Reflected

Description The endpoint https://demo.microweber.org/demo/admin/post/id/edit is vulnerable to cross site scripting. The "Edit source" field is affected. Proof of Concept 1. Login into https://demo.microweber.org 2. Navigate to https://demo.microweber.org/demo/admin/post/25/edit 3. click EditSourc...

3.5CVSS5.6AI score0.00888EPSS
Exploits1
Huntr
Huntr
added 2022/02/18 4:23 p.m.26 views

Use multiple time the one-time coupon

Description I create a coupon only for one user and a one-time use coupon. Then create two users, and both of them can use the coupon, but only one of them should be able to use the coupon. Proof of Concept first, create a one-time and one-user coupon code that, e.g. is aaaaa. the attacker has tw...

5CVSS0.9AI score0.01032EPSS
Exploits1
Huntr
Huntr
added 2022/02/17 12:48 p.m.26 views

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/

Description The Introduction of a New Line Character lets the attacker the stack trace at demo.microweber.org/ This Attack becomes more significant because of its Less complication. The Stack trace discloses following information : 1. Backend Response code. 2. The Versions of Backend Laravel...

5CVSS0.7AI score0.44259EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 8:37 a.m.26 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Stored XSS at the Company name field customercompanynameValueParam parameter in the Copyright settings tab of the Chat configuration page. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to Chat configuration page...

3.5CVSS5.4AI score0.00607EPSS
Exploits1
Huntr
Huntr
added 2022/02/11 11:33 a.m.26 views

Improper Privilege Management in snipe/snipe-it

Description It was found that if a user is not having access to supplier module, he can access and view the supplier content. Proof of Concept 1. Create two users, one admin and one normal user 2. A normal user is not having access to the supplier module. 3. But by enumeration the normal user vie...

4CVSS1.2AI score0.01033EPSS
Exploits1
Huntr
Huntr
added 2022/01/23 2:52 a.m.26 views

None in radareorg/radare2

Description This vulnerability is of type Expired Pointer Dereference or specifically, use-after-free. The bug exists in latest stable release radare2-5.5.4 and lastest master branch ed2030b79e68986bf04f3a6279463ab989fe400f, updated in Jan 22, 2022. Specifically, the vulnerable code located at...

6.8CVSS7.8AI score0.01097EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/18 4:11 a.m.26 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description stored xss vulnerability occurs when you change the value of Group at "Settings" = "Thumbnalis" = "Video Thumbnails" in the pimcore service. Proof of Concept txt XSS POC : " 1. Open the https://10.x-dev.pimcore.fun/admin/login?perspective= 2. After login, Go to "Settings" = "Thumbnali...

3.5CVSS5.4AI score0.01456EPSS
Exploits1
Huntr
Huntr
added 2022/01/16 5:27 a.m.26 views

in hazelcast/hazelcast

Description The AbstractXmlConfigRootTagRecognizer function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

7.5CVSS1.9AI score0.02792EPSS
Exploits2
Huntr
Huntr
added 2021/12/30 12:32 p.m.26 views

in radareorg/radare2

Description This vulnerability is of out-of-bound read. The bug exists in latest stable release radare2-5.5.4. Specifically, the vulnerable code is picked out as follows: // libr/util/buf.c line 631 RAPI void rbuffiniRBuffer b ... // the pointer address of b-methods is broken if...

4.3CVSS2.5AI score0.01105EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/15 5:47 a.m.26 views

Cross-Site Request Forgery (CSRF) in pterodactyl/panel

Description Following state-changing endpoints are vulnerable to CSRF: 1: GET /admin/nodes/view/1/settings/token auto-generates token when token not generated yet 2: GET /admin/settings/mail/test The X-CSRF-Token header for the API request is not validated on backend, should be a POST request to...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/10/13 6:28 p.m.26 views

in flatcore/flatcore-cms

Title: race condition vs Temporary File Upload Description flatCore-CMS is vulnerable to Race condition while dealing uploading gallery Codes at https://github.com/flatCore/flatCore-CMS/blob/main/acp/core/files.uploadgallery.phpL31 php ifarraykeyexists'file',$FILES && $FILES'file''error' == 0...

6CVSS0.2AI score0.01075EPSS
Exploits1
Huntr
Huntr
added 2021/09/03 6:31 p.m.26 views

Heap-based Buffer Overflow in vim/vim

✍️ Description Hello, we hope this message finds you well during these challenging times. Whilst testing vim built from commit deba5e with Ubuntu clang version 12.0.0-3ubuntu120.04.3 and Address Sanitizer, we discovered crafted input which triggers a heap-buffer-overflow, WRITE of size 15. Please...

4.6CVSS2.3AI score0.00735EPSS
Exploits1References1
Huntr
Huntr
added 2021/07/30 9:41 a.m.26 views

Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy

✍️ Description You don't check CSRF token in following endpoint /timers/add/quick/ with PoC.html attacker able to add quick timers. 🕵️‍♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This vulnerability is capable of ad quick timers...

3.6AI score
Exploits0
Huntr
Huntr
added 2021/07/29 7:55 a.m.26 views

in yiisoft/yii2

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates weak random numbers is mtrand in BaseMailer.php at line 346. 🕵️‍♂️ Proof of Concept ?php echo...

5CVSS7.5AI score0.01902EPSS
Exploits1References3
Huntr
Huntr
added 2021/07/04 8:9 p.m.26 views

Cross-site Scripting (XSS) - Stored in aimeos/aimeos-core

✍️ Description Integrated online shop based on Laravel 6 LTS and the Aimeos e-commerce framework this webapp is vulnerabel for stored xss thru filename 🕵️‍♂️ Proof of Concept 💥 Impact This vulnerability is capable stored XSS...

0.9AI score
Exploits0References1
Huntr
Huntr
added 2021/05/20 12:36 p.m.26 views

Path Traversal in kalcaddle/kodexplorer

✍️ Description I have confirmed a file transversal vulnerability on any server running Kodexplorer, Malicious user can read any file 🕵️‍♂️ Proof of Concept First setup local installation of kodExplorer. If the server is running with root permission:...

0.4AI score
Exploits0
Huntr
Huntr
added 2020/12/21 12:0 a.m.26 views

Code Injection in microsoft/qlib

Description Arbitrary Code Excecution in microsoft/qlib. Qlib is an AI-oriented quantitative investment platform, which aims to realize the potential, empower the research, and create the value of AI technologies in quantitative investment. Technical Description This package was vulnerable to...

6.5CVSS3AI score0.03555EPSS
Exploits1References1
Huntr
Huntr
added 2020/12/17 12:0 a.m.26 views

Prototype Pollution in ionicabizau/obj-unflatten

Description obj-unflatten convert flatten objects in nested ones. This package is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const unflatten = require'obj-unflatten' console.log'Before: ' + .polluted unflatten'proto.polluted':...

2.1AI score
Exploits0
Huntr
Huntr
added 2020/09/13 12:0 a.m.26 views

Exposure of Sensitive Information to an Unauthorized Actor in traduora/traduora

Description Username Enumeration in traduora. Proof of Concept 1. setup traduora to reproduce the vulnerability 2. go to sign in page http://localhost:8080/login 3. Append non registered user email and password it shows Error,resource not found 4. when Appending correct username and fake password...

0.2AI score
Exploits0References2
Huntr
Huntr
added 2020/08/20 12:0 a.m.26 views

Prototype Pollution in kvz/locutus

Description phpjs is a community built PHP binding in JavaScript. This package is vulnerable to Prototype Pollution via parsestr. Proof of Concept const phpjs = require'phpjs'; phpjs.parsestr"protopolluted=true",; console.logpolluted;...

7.5CVSS2.2AI score0.01916EPSS
Exploits1References1
Huntr
Huntr
added 2020/06/24 12:0 a.m.26 views

Denial of Service in gajus/url-regexp

Overview RegExp object to match and validate URLs. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker providing a long URL to validate or replace function will cause a Denial of Service attack. PoC node var regex = require"url-regexp";...

3.4AI score
Exploits0References1
Huntr
Huntr
added 2025/06/30 10:21 a.m.25 views

Path traversal, lead to remote code execution

Description clearml's safeextract is actually ​​NOT secure​​. It fails to properly handle symbolic links and hard links. When these links point to files ​​outside the TAR archive​​, it can lead to ​​arbitrary file writes​​, potentially resulting in ​​remote code execution​​. Due to a change in th...

9.8CVSS6.8AI score0.27095EPSS
Exploits3
Huntr
Huntr
added 2023/10/08 5:4 a.m.25 views

Heap OOB Read

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the latest release as of 10/08/23 the current master branch at commit 50c2ab06f45a3101d73d6f317e98f041809f4923 . Description This AddressSanitizer output is indicating an OOB read of inval...

3.3CVSS6.8AI score0.00325EPSS
Exploits1
Huntr
Huntr
added 2023/09/29 2:49 a.m.25 views

Heap OOB Read

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the latest release as of 09/28/23 the current master branch at commit c5603fa8de0e7d4460718e28f90989ffdf925494 . Description This AddressSanitizer output is indicating an OOB read of inval...

3.3CVSS6.9AI score0.00341EPSS
Exploits1
Huntr
Huntr
added 2023/09/01 3:19 a.m.25 views

heap-buffer-overflow in function swf_def_font scene_manager/swf_parse.c:1449

Description Heap-buffer-overflow in MP4Box. Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.9AI score0.00267EPSS
Exploits1References1
Huntr
Huntr
added 2023/08/19 5:25 p.m.25 views

Dom XSS in module "Search IPv4"

Description 1 .Access to IPv4 search function 2 .Enter the payload in the IPv4 field to perform the search Payload : "alertdocument.cookie 3 .Enter the search button and the payload will be executed Poc Video poc https://drive.google.com/file/d/1A-zwXxsA-7GHa0iGfRGQc61JkOb-4A38/view?usp=sharing...

5.8CVSS6.9AI score0.00571EPSS
Exploits1
Huntr
Huntr
added 2023/08/10 6:11 p.m.25 views

Misconfiguration in message sending function

Description Web application misconfiguration in messaging function. This vulnerability results in a user's messages being automatically sent to all other users. This results in the user's information potentially being exposed Proof of Concept link video Poc...

3.3CVSS6.7AI score0.00739EPSS
Exploits1
Huntr
Huntr
added 2023/08/05 5:0 p.m.25 views

Cross-site Scripting (Stored XSS)

Description For any role that has permission to execute function assets, i can upload a html file and that leads to XSS. Proof of Concept 1. Link PoC: https://docs.google.com/document/d/1pZAi6PZiBmN3yNsBmY8Z9Qd3hv-8zPHUh69h-i1rvA/edit?usp=sharing 2. Link video PoC:...

4.9CVSS7.2AI score0.00408EPSS
Exploits1
Huntr
Huntr
added 2023/07/01 3:22 a.m.25 views

Reflected XSS in date

Description There is a reflective XSS on the FOSSBilling admin screen. Proof of Concept By accessing the following URL, it is possible to execute any script on the browser of the logged-in administrator user. URL:...

5.8CVSS6.6AI score0.00919EPSS
Exploits1References1
Huntr
Huntr
added 2023/05/29 9:35 a.m.25 views

DOM Cross Site Scripting and openredirect

Vulnerable Endpoint: https://demo.saleor.io/default-channel/en-US/account/login/?next=javascript:alert1 Description: 1. Hello team, Recently i found that, on saleor React storefront dashboard there is a DOM XSS and open-redirect vulnerability Steps to reproduce XSS: 1. Go to the above mentioned...

5.8CVSS6.3AI score0.00459EPSS
Exploits1
Huntr
Huntr
added 2023/05/07 5:54 p.m.25 views

Stored XSS in module name "Edit Link"

Description I noticed that you filtered the input very carefully. But there are still some parts you missed Proof of Concept 1.Login in URL : https://demo.pimcore.fun/admin. 2.Go to "Search Documents" and filter only "Snippet" search and press search. 3.Go to "/en/shared/teasers/Popular Brands"...

5.8CVSS6.8AI score0.00478EPSS
Exploits1
Huntr
Huntr
added 2023/04/20 11:0 a.m.25 views

Account TakeOver Due to Improper Handling of JWT Tokens

Description I have discovered a vulnerability where any user can modify another user's data including password simply by intercepting and changing the access token of the JWT using https://token.dev. The system does not verify whether the JWT token was issued by the server or not, allowing it to...

7.5CVSS7AI score0.00899EPSS
Exploits0References1
Huntr
Huntr
added 2023/03/29 1:55 a.m.25 views

Multiple XSS on update funtions with module select options and search form

Description XSS vulnerability occurs in forms have select and search Proof of Concept POST /bumsys/xhr/?module=peoples&page=updateCustomer HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:109.0 Gecko/20100101 Firefox/111.0 Accept: / Accept-Language:...

4.9CVSS7AI score0.0037EPSS
Exploits1
Huntr
Huntr
added 2023/03/15 10:18 p.m.25 views

2FA Bypass by Brute Force

Description Currently there are no restrictions on attempts to enter the correct 2FA code. In contrast to the first step of the authentication username + password the fields of lastloginfail and loginfailcount in the database aren't updated. An attacker can bypass the 2FA by simple brute force of...

7.5CVSS7.2AI score0.01119EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/13 12:58 a.m.25 views

Access Control Vulnerability in Prescription Controller

Description An Access Control Vulnerability allows a low level user in the web application to view, create, and edit prescriptions for all users. Proof of Concept Step 1. Login to the openemr web application as a low level user Ex: Receptionist in openemr demo \ Step 2. Travel to a page that will...

5.5CVSS6.7AI score0.00489EPSS
Exploits1
Huntr
Huntr
added 2023/03/10 8:17 a.m.25 views

weak Password Policy while creating a new User with the Admin Account

Hello, I was able to detect weak Password Policy while allowing an administrator to create a new account. Lets create an account, set the Password to 1 and login with it. As you can see its number 1. When i click set it will not accept We need to specify that the user will change his password aft...

7.5CVSS9AI score0.00724EPSS
Exploits1References2
Huntr
Huntr
added 2023/03/09 8:52 a.m.25 views

File Upload Bypass Leads to Remote Code Execution (RCE)

Description There is no extension checks during file upload. Attacker may upload file to execute malicious code in the server. Proof of Concept Step 1: Create a file with the content below and save it as evil.php " Step 2: Login to the Cockpit web server Step 3: Go to assets Step 4: Upload Assets...

6.5CVSS8.7AI score0.00987EPSS
Exploits1
Huntr
Huntr
added 2023/02/21 10:3 p.m.25 views

Observable Response Discrepancy in Password Reset Functionality

Description The password reset functionality leaks information pertaining to use accounts. Where an invalid account is utilized, the application responds that the account could not be found. Where an account is valid, the application responds with a reason "base.success" when intercepted, or that...

5CVSS5.5AI score0.00639EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/14 9:58 p.m.25 views

Captcha Bypass allows sending unlimited Comments

Hello, I identified a CAPTCHA Bypass after trying many Posts in the Comments Section. Lets see : --------- sent successfully! let's see the comments Comments are available The Question Form is also vulnerable for Captcha Bypass please check it also too. Thank you...

7.5CVSS8.9AI score0.00875EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/12 8:3 p.m.25 views

XSS in Comment Faq news username parameter

Description Stored Cross-Site Scripting XSS is a type of security vulnerability that occurs when an attacker injects malicious code into a website that is then stored on the server and served to unsuspecting users. This type of XSS is particularly dangerous because it can persist and continue to...

4.9CVSS5.3AI score0.00536EPSS
Exploits1
Huntr
Huntr
added 2023/02/09 2:33 p.m.25 views

heap-buffer-overflow in function gf_m2ts_process_tdt_tot media_tools/mpegts.c

Version ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev40-g3602a5ded-master c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC...

4.4CVSS7.4AI score0.0043EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/09 10:22 a.m.25 views

Stored XSS on Tag

Description Evil users can attack other users or administrator users through this vulnerability, causing other users/administrator user accounts to be taken over Proof of Concept step 1. Create new tag Step 2: Enter XSS payload to Description tag Step 3: Go to http://127.0.0.1/questions Step 4:...

4.9CVSS5.2AI score0.0062EPSS
Exploits1
Huntr
Huntr
added 2023/01/23 11:16 p.m.25 views

stored XSS through Question sending

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Ahmed Hassan [email protected] and I were able to identify another stored XSS Cross-Site-Scripting Injection Vulnerability. The Process of the...

4.9CVSS5.6AI score0.00533EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/16 8:3 p.m.25 views

Reflected XSS - Accounting Module - Maintenance - Cleanup Stale Sessions

Description A reflected cross-site scripting XSS vulnerability exists within acct-maintenance-cleanup.php, which allows a malicious user to execute arbitrary JavaScript code. Proof of Concept 1. Navigate to /acct-maintenance-cleanup.php and enter the following payload alert1within the username...

5.8CVSS5.6AI score0.00468EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/03 12:8 p.m.25 views

Out-of-bounds Read in function build_stl_str_hl

Out-of-bounds Read in function buildstlstrhl at buffer.c:4350 vim version git log commit ea720aea851e645f4c8ec3b20afb27c7ca38184c HEAD - master, tag: v9.0.1137, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochor01s.dat -c :qa!...

4.4CVSS7.6AI score0.00471EPSS
Exploits1
Huntr
Huntr
added 2022/12/29 8:8 p.m.25 views

Admin is able to ARCHIVE OWN Account leads to Deactivate ADMIN Account

Description As fer the Flow Admin can't ARCHIVE OWN account . i was able to ARCHIVE ADMIN OWN Account by intercept the request and change ID Value to Admin. which leads to ARCHIVED the ADMIN Account , :/ Please Restored it Might Be possible to DELETE Admin Account too , after ARCHIVE Account it's...

4.7CVSS0.00679EPSS
Exploits1
Huntr
Huntr
added 2022/12/26 8:45 a.m.25 views

IDOR allows to see, update and delete other users shortcuts

Description Even if the endpoint /api/shortcut allow to see the list of your own shortcuts, it is possible to access, modify and delete other users shortcut accessing directly through the IDs. Proof of Concept - Login with one user, and create a shortcut, let's consider it now has the ID 1 - Logi...

5.5CVSS1.5AI score0.00568EPSS
Exploits1References1
Total number of security vulnerabilities4072