Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/01/16 8:3 p.m.25 views

Reflected XSS - Accounting Module - Maintenance - Cleanup Stale Sessions

Description A reflected cross-site scripting XSS vulnerability exists within acct-maintenance-cleanup.php, which allows a malicious user to execute arbitrary JavaScript code. Proof of Concept 1. Navigate to /acct-maintenance-cleanup.php and enter the following payload alert1within the username...

5.8CVSS5.6AI score0.00468EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/03 12:8 p.m.25 views

Out-of-bounds Read in function build_stl_str_hl

Out-of-bounds Read in function buildstlstrhl at buffer.c:4350 vim version git log commit ea720aea851e645f4c8ec3b20afb27c7ca38184c HEAD - master, tag: v9.0.1137, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochor01s.dat -c :qa!...

4.4CVSS7.6AI score0.00471EPSS
Exploits1
Huntr
Huntr
added 2022/12/29 8:8 p.m.25 views

Admin is able to ARCHIVE OWN Account leads to Deactivate ADMIN Account

Description As fer the Flow Admin can't ARCHIVE OWN account . i was able to ARCHIVE ADMIN OWN Account by intercept the request and change ID Value to Admin. which leads to ARCHIVED the ADMIN Account , :/ Please Restored it Might Be possible to DELETE Admin Account too , after ARCHIVE Account it's...

4.7CVSS0.00679EPSS
Exploits1
Huntr
Huntr
added 2022/12/26 8:45 a.m.25 views

IDOR allows to see, update and delete other users shortcuts

Description Even if the endpoint /api/shortcut allow to see the list of your own shortcuts, it is possible to access, modify and delete other users shortcut accessing directly through the IDs. Proof of Concept - Login with one user, and create a shortcut, let's consider it now has the ID 1 - Logi...

5.5CVSS1.5AI score0.00568EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/23 1:14 p.m.25 views

Access all Private Memos by unauthorized user

Description After login , I create a new memo and post it then i tried to edit it So in editing POST request you can find the memo id in POST data and in the URL if you change it to any private memo you can access it Also you can change the private memo visibility status and content . Proof of...

5.5CVSS0.1AI score0.00564EPSS
Exploits1
Huntr
Huntr
added 2022/12/21 7:26 a.m.25 views

Privilege vulnerability at API Change Password

Description There is a vulnerability at API Change password. I use API PATCH /api/user/x to get user's information and change their password. With x is the user's id, which are numbers in ascending or descending order Proof of Concept 1. Access to the demo website https://demo.usememos.com/ 2. Us...

5.5CVSS8.1AI score0.00633EPSS
Exploits1
Huntr
Huntr
added 2022/12/13 10:19 a.m.25 views

Reflect XSS Which can help in any CSRF Vulnerability

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept Below HTML code for trigger XSS with POST method XSS POC By AggressiveUser history.pushState'', '', '/' Below BurpSuite POC YO...

5.8CVSS5.6AI score0.00513EPSS
Exploits0
Huntr
Huntr
added 2022/10/13 12:19 p.m.25 views

Server Side Request Forgery Via DNS Rebinding

Description Appsmith below v1.8.1 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery SSRF via DNS Rebinding technique to hit AWS internal metadata endpoint and for retrieving data. Proof of Concept...

4CVSS6.8AI score0.01435EPSS
Exploits1References2
Huntr
Huntr
added 2022/09/25 11:48 a.m.25 views

Stack-based Buffer Overflow in function win_redr_ruler

Description Stack Buffer Overflow in function winredrruler at drawscreen.c:799 . vim version git log commit ec1238b4068d0d6d9d02ac1a8e61720224a1be73 grafted, HEAD - master, tag: v9.0.0582, origin/master, origin/HEAD Proof of Concept poc download url:...

4.4CVSS7.7AI score0.00501EPSS
Exploits1
Huntr
Huntr
added 2022/09/10 8:51 p.m.25 views

Mass Assignment in Self Controller Leads To Vertical Privillege Escalation

Description Hello there, y'all! How are you doing? Hope you are doing great! I was testing Budibase and noticed that the api endpoint /api/global/self, which is used for different purposes updating an user's name or their password, always receives an entire object containing most of the attribute...

3.5CVSS0.00711EPSS
Exploits1
Huntr
Huntr
added 2022/09/04 9:0 p.m.25 views

Null Dereference in vim_regcomp()

Description: Null Dereference in vimregcomp at vim/src/regexp.c:2716 Vim Version: git log commit 8f7116caddc6f0725cf1211407d97645c4eb7b65 HEAD - master, origin/master, origin/HEAD Proof of Concept: $ git clone https://github.com/vim/vim.git $ cd vim/ && ./configure && make && cd src/ $ echo "call...

1.9CVSS0.5AI score0.00458EPSS
Exploits1
Huntr
Huntr
added 2022/08/19 5:49 p.m.25 views

Persistent Cross-site Scripting - SlaPolicy Module - Settingss

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On SlaPolicy module from Settings, the type of recordModel-name parameter is "Text" but it is not validated and it's used directly without any encoding or validation on SlaPolicy/EditViewBlocks.tpl. It...

4.9CVSS1.2AI score0.00512EPSS
Exploits1
Huntr
Huntr
added 2022/08/16 7:28 a.m.25 views

NULL Pointer Dereference in function generate_loadvar

Description NULL Pointer Dereference in function generateloadvar at vim9compile.c:1165 allows attackers to cause a denial of service application crash via a crafted input. vim version git log commit e1f3fd1d02e3f5fe6d2b6d82687c6846b8e500f8 HEAD - master, origin/master, origin/HEAD Author: Bram...

1.9CVSS0.6AI score0.00454EPSS
Exploits1
Huntr
Huntr
added 2022/08/12 7:34 a.m.25 views

Stored XSS vulnerability when importing RSS Feeds from external source

Description YetiForceCRM allows user create RSS Feeds without purifying the link field of the input data properly from external source. An attacker can take advantage of this vulnerability to perform an XML Injection attack that leads to stored cross-site scripting XSS on the target server. Proof...

4.9CVSS0.2AI score0.00688EPSS
Exploits1References2
Huntr
Huntr
added 2022/07/14 4:11 a.m.25 views

Cross-site Scripting (XSS) - Reflected

Description Hi team, I found XSS at /module/. Proof of Concept Pop up POC: Reflected POC: Full request payload: POST /demo/module/ HTTP/1.1 Host: demo.microweber.org User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:102.0 Gecko/20100101 Firefox/102.0 Accept: / Accept-Language: en-US,en;q=0....

5.8CVSS6AI score0.00785EPSS
Exploits1
Huntr
Huntr
added 2022/06/27 7:2 p.m.25 views

Stored xss in "users name","functions name","storage buckets name" and in "database collections name"

Description Appwrite application allows malicious javascript payload to inject in users name,functions name,storage buckets name and in database collections name which leads to Stored XSS. Proof of Concept 1.Login to the application 2.Go to the "users name","functions name","storage buckets name"...

4.9CVSS0.7AI score0.00688EPSS
Exploits2
Huntr
Huntr
added 2022/06/16 4:27 p.m.25 views

Improper Access Control in Crabtyper API

Description The API program allows any user to create languages and snippets, as well as delete them. This allows a malicious actor to add offensive snippets which could appear to any user, and also allows anyone to completely take down the service by removing all snippets. This is due to...

7AI score
Exploits0
Huntr
Huntr
added 2022/06/04 11:47 a.m.25 views

Contextual Code Execution

Description The main function uses the eval function which can lead to contextual code execution, allowing an attacker to gain access to a system and execute commands with the privileges of the running program by setting NUITKAPYTHONPATH, NUITKANAMESPACES or NUITKAPTHIMPORTED to a malicious paylo...

7.2CVSS3.6AI score0.00965EPSS
Exploits2References1
Huntr
Huntr
added 2022/06/03 11:30 a.m.25 views

Bypass filter - Stored XSS in Resources

Description Website does incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. This fix for this bug https://huntr.dev/bounties/dcf87c0b-6188-4817-8798-ef1e2581b15a/ can be bypassed using bellow payload...

3.5CVSS5.7AI score0.00643EPSS
Exploits1
Huntr
Huntr
added 2022/05/22 8:47 p.m.25 views

The publify application allows large characters to insert in the input field "title name and post field" on the article field which can allow attackers to cause a Denial of Service (DoS)

Description Please enter a description of the vulnerability. Proof of Concept 1 - Create New article https://demo-publify.herokuapp.com/admin/content/new 2 - Fill the title name and post field with huge characters, more than 1 lakh Copy the below payload and put it in the input fields and click o...

7.5CVSS8.9AI score0.00909EPSS
Exploits1
Huntr
Huntr
added 2022/04/30 10:26 a.m.25 views

Cross-site scripting - Reflected in Create Subaccount

Description Cross-site scripting - Reflected in Create Subaccount via codsubcuenta parameter. Proof of Concept POST /facturascripts/EditSubcuenta HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:100.0 Gecko/20100101 Firefox/100.0 Accept:...

4.3CVSS0.00832EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/30 5:55 a.m.25 views

heap-buffer-overflow in mobi_get_attribute_value

Description heap-buffer-overflow /home/ubuntu/libmobi-public/src/parserawml.c:357 in mobigetattributevalue Environment Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal mobitool build: Apr 29 2022 20:52:30 gcc 9.3.0 libmobi: 0.10 Build export CC=gcc CXX=g++...

5.8CVSS5.7AI score0.0066EPSS
Exploits1
Huntr
Huntr
added 2022/04/13 2:55 a.m.25 views

Improper access control could make any user export all user of website

Description A user who has to change their password after logging in can export the website's user data. Proof of Concept Step 1: login to website by admin account and change password of a user. Check the box "Force password change upon next login" and save. Step 2: login to website by the accoun...

4CVSS6.5AI score0.01221EPSS
Exploits1
Huntr
Huntr
added 2022/04/10 2:25 p.m.25 views

Out-of-bounds Read in r_bin_ne_get_entrypoints function

Description Out-of-bounds OOB read vulnerability exists in rbinnegetentrypoints function in Radare2 5.6.7 Version bash radare2 5.6.7 27777 @ linux-x86-64 git.5.6.6 commit: 0c4af43def68ce29f7a74847bb1b7286da155200 build: 2022-04-1008:53:32 Analysis The vulnerability exists due to the invalid type...

6.4CVSS7.6AI score0.00862EPSS
Exploits1
Huntr
Huntr
added 2022/04/10 10:27 a.m.25 views

Leaking password protected articles content due to improper access control

Description Any user who can publish their article can protect it using a password before publishing. So, a valid password to the article is required to view the contents of the article. But when a request is made to article /2022/04/10/ the UI show it requires a password to view content. But the...

4CVSS1.5AI score0.01192EPSS
Exploits1
Huntr
Huntr
added 2022/03/23 12:35 p.m.25 views

SQL injection through marking blog comments on bulk as spam

Description the comments ids aren't checked and vulnerable for SQL injection Proof of Concept...

6.5CVSS0.9AI score0.01134EPSS
Exploits1
Huntr
Huntr
added 2022/03/14 3:44 a.m.25 views

Stored XSS viva axd and cshtml file upload in star7th/showdoc

Description This is a bypass of the report: https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e/ & https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5/. Here the upload functionality allows the malicious files with the extension .cshtml and .axd which leads to Stored XSS...

3.5CVSS0.4AI score0.00797EPSS
Exploits1
Huntr
Huntr
added 2022/03/11 5:8 p.m.25 views

Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods

Description 1 Checkout URL and Custom order id parameters are vulnerable to stored XSS, which are located in Shop Settings other settings Advanced 2 From e-mail address and From name parameters are vulnerable to stored XSS, which are located in Shop Settings Autorespond E-mail settings check your...

3.5CVSS5.3AI score0.03197EPSS
Exploits1
Huntr
Huntr
added 2022/03/06 10:34 a.m.25 views

Improper Authorization

Description When Gogs is build and configured for PAM authentification it skips checking authorization completely. Therefore expired accounts and accounts with expired passwords can still login. Proof of Concept You can expire an account with chage -E0 and still login. Impact Since disabling an...

5.8CVSS2.3AI score0.01221EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/19 1:26 p.m.25 views

Cross-site Scripting (XSS) - Reflected

Description Hi, The endpoint https://demo.microweber.org/demo/admin/page is vulnerable to Cross Site Scripting. Proof of Concept 1. just navigate to the poc url:...

4.3CVSS0.7AI score0.01105EPSS
Exploits1
Huntr
Huntr
added 2022/02/13 9:39 a.m.25 views

in microweber/microweber

Description Sensitive information as part of the error is getting disclosed while viewing comments from "loadmodule:commentssearch=" Proof of Concept 1. Login to https://demo.microweber.org 2. Visit https://demo.microweber.org/demo/admin/view:modules/loadmodule:commentssearch= 3. Now enter anythi...

5CVSS0.3AI score0.06923EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/13 2:30 a.m.25 views

Cross-site Scripting (XSS) - Stored in librenms/librenms

Description Stored XSS in create/modify Transport Groups, Add/Edit Service and Edit Service Template Proof of Concept Payload: ' PoC image: Xss payload in create/modify Transport Groups Xss payload in Add/Edit Service Xss payload in Edit Service Template XSS will fire-up by user visiting: 1...

3.5CVSS5.3AI score0.00847EPSS
Exploits1
Huntr
Huntr
added 2022/02/12 5:11 p.m.25 views

SQL Injection in salesagility/suitecrm

Description In SuiteCRM v7.12.4, a malicious user can inject SQL query in order to affect the execution of predefined SQL commands impacting database leakage. Proof of Concept The $POST'record'1 parameter is controllable by a user and it is concatenated into SQL query 2 without validating them...

4CVSS0.1AI score0.00795EPSS
Exploits1
Huntr
Huntr
added 2022/02/08 3:12 p.m.25 views

in vim/vim

Description Using out of range pointer offset occurs in enterbuffer. commit : b247e0622ef16b7819f5dadefd3e3f0a803b4021 This case is created to correct the previous issue. Proof of Concept $ echo -ne "ZnUgUigpCnRhYjBsb3AKZTAKbGYKZW5kZgpjYWwgUigpCm5vcm0XFjAKY2FsIFIoKQpidw==" | base64 -d mpoc Valgri...

6.8CVSS8.1AI score0.01607EPSS
Exploits1
Huntr
Huntr
added 2022/02/02 11:59 a.m.26 views

the function deepFromFlat of underscore.deep is vulnerable to prototype pollution

Prototype Pollution in Clever/underscore.deep Reported on Feb 2nd 2022 | Timothee Desurmont Description Vulnerability type: CWE-1321 Version 0.5.1 of underscore.deep is vulnerable to prototype pollution; the function deepFromFlat in underscore.deep.js do not check if the attribute resolves to the...

7.5CVSS1.5AI score0.00976EPSS
Exploits1
Huntr
Huntr
added 2022/01/23 3:4 a.m.25 views

Heap-based Buffer Overflow in radareorg/radare2

Description This vulnerability is of out-of-bound read which accesses the address beyond/past the buffer. The bug exists in latest stable release radare2-5.5.4 and lastest master branch ed2030b79e68986bf04f3a6279463ab989fe400f, updated in Jan 22, 2022. Specifically, the vulnerable code is located...

5.8CVSS6.5AI score0.01005EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/14 9:30 a.m.25 views

Cross-site Scripting (XSS) - Reflected in icecoder/icecoder

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

3.5CVSS5AI score0.00668EPSS
Exploits1References2
Huntr
Huntr
added 2022/01/09 7:19 a.m.25 views

SQL Injection in pimcore/pimcore

Description The storeId parameter does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection. Proof of Concept 1. Add items to Classification Store: Key definition, Group,... 2. Injection boolean base:...

6.5CVSS0.8AI score0.01626EPSS
Exploits1
Huntr
Huntr
added 2021/12/30 3:31 p.m.25 views

None in radareorg/radare2

Description This vulnerability is of use-after-free. The bug exists in latest stable release radare2-5.5.4. Specifically, the vulnerable code is picked out as follows libr/io/iobank.c: // ./libr/io/iobank.c line 229 // the entry-data is a freed pointer address while entry && riosubmapto RIOSubMap...

7.5CVSS8.2AI score0.01227EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/24 11:24 p.m.25 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you change the rule name in the admin dev page. Proof of Concept txt XSS POC : 1. Open the...

3.5CVSS0.2AI score0.01456EPSS
Exploits1
Huntr
Huntr
added 2021/12/21 4:16 p.m.25 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description pimcore is vulnerable to Stored Cross-Site Scripting in the name field via the import functionality. Steps to reproduce: 1. Navigate to settings -- Data Objects -- Objectbricks 2. ave the following data as JSON file and import it: json "classDefinitions": , "key": null, "parentClass":...

3.5CVSS0.3AI score0.00705EPSS
Exploits1
Huntr
Huntr
added 2021/12/09 7:42 p.m.25 views

Business Logic Errors in pimcore/pimcore

Description The application is vulnerable to Business Logic error through negative cart amount. Proof of Concept Step 1: Login to the application https://10.x-dev.pimcore.fun/admin/login?perspective= Step 2: Navigate to Online shop - Pricing Rules - Voucher Discount - Actions Step 3: Enter Negati...

4CVSS1.2AI score0.008EPSS
Exploits1
Huntr
Huntr
added 2021/10/28 2:57 p.m.25 views

in bookstackapp/bookstack

Description During reading recent BookStack source code 31665410 I discovered no uploaded file type and size check. Authenticated user with attachment create role can upload any type file. One of possibilities is to upload phishing page and get administrators credentials. Proof of Concept POST...

3.5CVSS5.8AI score0.0093EPSS
Exploits1
Huntr
Huntr
added 2021/10/23 6:36 a.m.25 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Description No CSRF in duplicate rule, and modifying the order of the rule group Proof of Concept Click Me! Click Me! Click Me! Impact This vulnerability is capable of tricking admin users to duplicate rule and modifying order of rule groups Permalinks selected with reference to this report:...

4.3CVSS0.5AI score0.00512EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/13 10:51 a.m.25 views

in star7th/showdoc

Description - CWE: CWE-288:Authentication Bypass Using an Alternate Path or Channel - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L , CVSS Score: 8.3High - Credit:Qianxin, Network Security Department, Product-Safety Team Unc1e In showdoc, there is a SSO process , DOC is shown in...

7AI score
Exploits0
Huntr
Huntr
added 2021/10/03 7:20 a.m.25 views

Server-Side Request Forgery (SSRF) in appwrite/appwrite

Description An authenticated SSRF vulnerability exists in appwrite's webhooks / tasks feature. The gopher:// protocol can be used to cause code execution on the Redis server that comes along with appwrite. The attacker must know the IP address of the redis-server which can be done by creating...

2.2AI score
Exploits0
Huntr
Huntr
added 2021/10/01 8:43 a.m.25 views

in firefly-iii/firefly-iii

Description file upload vulnerability in application Proof of Concept step to reproduce 1login to application 2 goto https://demo.firefly-iii.org/create-from-bill/1 3 upload file any kind of file application accept Reference PoC 1 https://i.ibb.co/9wWRnsf/Screenshot-12.png...

6.5CVSS0.1AI score0.00754EPSS
Exploits1References1
Huntr
Huntr
added 2021/08/26 3:1 a.m.25 views

SQL Injection in opensourcepos/opensourcepos

✍️ Description The Application is vulnerable to blind SQL Injection 🕵️‍♂️ Proof of Concept URL: https://dev.opensourcepos.org/attributes/search?sort=1 Vulnerable Parameter: sort SQLMap POC --- Parameter: sort GET Type: boolean-based blind Title: Boolean-based blind - Parameter replace original...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/08/23 11:15 a.m.25 views

Cross-site Scripting (XSS) - Stored in namelessmc/nameless

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

5.4AI score
Exploits0References2
Huntr
Huntr
added 2021/08/20 7:2 a.m.25 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

✍️ Description Attacker able to delete Total available budget with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In...

4.3CVSS1.1AI score0.00475EPSS
Exploits0
Total number of security vulnerabilities4072