Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
β€’added 2023/08/20 7:39 p.m.β€’88 views

Android Manifest Misconfiguration Leading to Task Hijacking

Description Task hijacking allows malicious apps to inherit permissions of vulnerable apps and is usually used for phishing login credentials of victims. This vulnerability applies to all Android versions before Android 11. Steps To Reproduce: 1. Victim installs malicious app 1. Victim starts...

5CVSS7AI score0.00399EPSS
Exploits0References1
Huntr
Huntr
β€’added 2022/02/12 5:2 p.m.β€’88 views

Insecure Storage of Sensitive Information in chatwoot/chatwoot

BUG ======== Stored xss via referer url allow to hijack victim access-token STEP TO REPRODUCE =================== 1. From admin account goto https://app.chatwoot.com/app/accounts/42689/settings/inboxes/list and create a inbox of type website .\ Now get you configuration script from this inbox and...

4.9CVSS5.6AI score0.00614EPSS
Exploits1
Huntr
Huntr
β€’added 2023/01/30 1:17 a.m.β€’87 views

Open Redirect on "returnUrl=" parameter

Description Hello Team while testing the "returnUrl=" parameter on login page it was not vulnerable, but I found another way to get Open Redirect with that parameter Proof of Concept Here is the Video POC of this vulnerability...

5.8CVSS6.2AI score0.00607EPSS
Exploits1
Huntr
Huntr
β€’added 2022/08/04 3:26 p.m.β€’85 views

Stored XSS via image markdown

Description The site allows creating markdown to get an image from a link, from which we can use it to generate XSS. Proof of Concept Payload: markdown Video: Youtube Only works on Google Chrome...

1.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/12/15 9:35 a.m.β€’85 views

Cross-site Scripting (XSS) - Stored in yeswiki/yeswiki

Description Stored XSS when Add a new entry for Forum Proof of Concept // PoC.req POST /doryphore/?BazaR&vue=saisir&action=saisirfiche&id=2 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:96.0 Gecko/20100101 Firefox/96.0 Accept:...

6.3AI score
Exploits0
Huntr
Huntr
β€’added 2023/03/29 5:58 a.m.β€’84 views

Information leakage in EXIF data of images

Description EXIF stands for Exchangeable Image File Format and the EXIF data contains information such as the camera model and make, shutter speed, aperture, focal length, ISO number, date, time and much more. It can also store GPS coordinates of the location where an image was shot. Proof of...

4.3CVSS6.3AI score0.00597EPSS
Exploits1
Huntr
Huntr
β€’added 2021/03/26 3:36 p.m.β€’84 views

Prototype Pollution in silentmatt/expr-eval

✍️ Description With speficific input attckers can define properties on prototype, which will lead to prototype pollution. Need node version=12.0.0, which introduce Object.fromEntries πŸ•΅οΈβ€β™‚οΈ Proof of Concept // PoC.js const Parser = require'expr-eval'; const o = ; console.log"o.a=", o.a; // o.a=...

2.9AI score
Exploits0
Huntr
Huntr
β€’added 2020/12/18 12:0 a.m.β€’81 views

Cross-site Scripting (XSS) - Generic in apexcharts/apexcharts.js

Description apexcharts is vulnerable to Cross-Site Scripting XSS. Proof of Concept 1. Install the package by following this instruction https://apexcharts.com/docs/installation/ or try the live sandbox here https://codepen.io/apexcharts/pen/xYqyYm 2. Edit JS and insert the XSS payload below in th...

4.3CVSS0.3AI score0.0137EPSS
Exploits1
Huntr
Huntr
β€’added 2022/07/18 11:16 p.m.β€’81 views

Blind SSRF on the RSS Feed

A normal user can add an RSS Feed with an internal URL which could lead to a blind SSRF issue by using local URLs...

5CVSS1.6AI score0.00459EPSS
Exploits0
Huntr
Huntr
β€’added 2021/01/10 12:0 a.m.β€’78 views

Prototype Pollution in react-atomic/react-atomic-organism

Description set-object-value is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var setObjectValue = require"set-object-value" var obj = console.log"Before : " + .polluted; setObjectValueobj, 'proto','polluted', 'Yes! Its Polluted'; console.log"Afte...

7.5CVSS2.2AI score0.03591EPSS
Exploits1
Huntr
Huntr
β€’added 2023/02/27 9:31 a.m.β€’77 views

Vulnerable javascript dependency used in adminsidepanel.js

Description The adminsidepanel.js used Vue.js v2.6.10, which contains the vulnerable vue-server-renderer's dependency of serialize-javascript. Proof of Concept 1.Go to https://demo.limesurvey.org/tmp/assets/cb9c5d96/build.min/js/adminsidepanel.js and search for Vue.js v2.6.10 term. We can note th...

6.7AI score
Exploits0References3
Huntr
Huntr
β€’added 2022/06/14 11:5 a.m.β€’77 views

SSRF via Import URL

Description While importing CSV and Excel file via an URL, the server does not validate requests properly that's how the attacker can able to make requests to internal servers and access the contents. Proof of Concept 1. Go to any project 2. From Dashboard, click on Add / Import CSV or Microsoft...

5CVSS0.6AI score0.01841EPSS
Exploits1
Huntr
Huntr
β€’added 2022/03/09 7:6 p.m.β€’77 views

Server-Side Request Forgery (SSRF)

Description The fixes for CVE-2022-0767 & CVE-2022-0766 only address loopback/localhost IP addresses, this is an issue as other internal endpoints may be accessible to an attacker one of the most popular examples is 169.254.169.254 which is the AWS metadata address Proof of Concept The same as...

6.4CVSS2.7AI score0.01316EPSS
Exploits3
Huntr
Huntr
β€’added 2023/02/12 1:7 p.m.β€’76 views

Account Takeover and Persistence due to the Oauth Misconfiguration

Team, May you all be well on your side of the screen. : . While Doing some research on thehttps://cal.com/, I was able to find a Pre-Account Takeover vulnerability. Proof of concept: . I have created a video demonstration of the vulnerability and uploaded it to my Google Drive. . The link for the...

6.5CVSS8.4AI score0.08958EPSS
Exploits5References1
Huntr
Huntr
β€’added 2022/07/05 4:2 a.m.β€’76 views

Inefficient Regular Expression Complexity

Description Inefficient regular expression complexity regex when trying to match Potentially Trustworthy could lead to a denial of service attack. With a formed payload 'http://' + 'a.a.'.repeati + 'a', 76 characters payload could take 42642 ms time execution. Proof of Concept // PoC.js import...

2.6CVSS1.5AI score0.01104EPSS
Exploits1References2
Huntr
Huntr
β€’added 2023/09/17 2:17 p.m.β€’75 views

Password Reset link hijacking via Host Header Poisoning

Description LinkStack uses the Host header when sending out password reset links. This allows an attacker to insert a malicious host header, leading to password reset link / token leakage. Tested on a default Docker Compose installation of LinkStack https://github.com/LinkStackOrg/linkstack-docke...

6.9AI score0.00674EPSS
Exploits1References3
Huntr
Huntr
β€’added 2022/06/09 9:1 a.m.β€’74 views

SSRF via Plugin SMTP

Description The SMTP plugin doesn't have verification or validation, allowing the attacker to make requests to internal servers and get the contents. Reproduce 1. Go to Team & Settings 2. App Store SMTP 3. Configure and intercept Test request 4. Change Host/Port to internal address, example:...

5CVSS0.5AI score0.01418EPSS
Exploits1
Huntr
Huntr
β€’added 2022/01/25 4:14 a.m.β€’73 views

in star7th/showdoc

Description There is a filter to prevent upload php, HTML, svg filetype in the code snippet from line 115 to line 122 in AttachmentController.class.php: if strstrstriptagsstrtolower$uploadFile'name', ".php" || strstrstriptagsstrtolower$uploadFile'name', ".htm" ||...

6.8CVSS0.5AI score0.00928EPSS
Exploits1
Huntr
Huntr
β€’added 2023/02/02 10:18 p.m.β€’72 views

XSS via postMessage to deface any website and account takeover

Description Hey Chatwoot team, while looking for vulnerabilities I found a critical XSS which allow us to XSS/Deface any website which uses the chat, this can be automated to attack thousands of websites Vulnerable Code Inside this function...

5.8CVSS6.2AI score0.00366EPSS
Exploits0
Huntr
Huntr
β€’added 2021/01/30 12:0 a.m.β€’72 views

Prototype Pollution in tandrewnichols/safe-obj

Description safe-obj is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js var safeObj = require"safe-obj" var obj = ; console.log"Before: " + .polluted safeObj.expandobj, "proto.polluted", true console.log"After: " + .polluted 2. Execute th...

7.5CVSS1.8AI score0.03327EPSS
Exploits1
Huntr
Huntr
β€’added 2022/12/20 11:32 a.m.β€’72 views

Cross-site scripting - Stored via upload `.svg` file in

Description When user upload a file with .svg extension and direct access this file, the server response with Content-type: image/svg+xml lead to processing SVG as HTML file Proof of Concept POST /api/resource HTTP/2 Host: demo.usememos.com Cookie:...

4.9CVSS5.6AI score0.00695EPSS
Exploits1References2
Huntr
Huntr
β€’added 2021/12/08 7:21 a.m.β€’70 views

Cross-site Scripting (XSS) - Reflected in gnuboard/gnuboard5

Description The reflected XSS vulnerability occurs to a flaw in the cleanxsstags function called in memo.php of Gnuboard 5. This cleanxsstags is a Sanitizer that removes XSS-vulnerable tags and attributes. However, it can bypass Sanitizer by using a newline character. %0A, %0D, ETC Proof of Conce...

4.3CVSS1.2AI score0.01812EPSS
Exploits1
Huntr
Huntr
β€’added 2022/11/26 9:19 p.m.β€’69 views

Integer overflow in realloc call

Description Integer overflow in realloc and memcpy calls in coreanalgraphlabel. In the process of concatenating source lines based on DWARF data, the resulting size 32bit signed int can overflow. The sizes of the realloc and memcpy calls differ, and potentially can lead to writes in an unintended...

4.4CVSS1.1AI score0.00326EPSS
Exploits0
Huntr
Huntr
β€’added 2022/05/18 3:8 a.m.β€’69 views

SSRF in embed2 servlet via redirects

Description Embed2Servlet uses url.OpenConnection in https://github.com/jgraph/drawio/blob/7a68ebe22a64fe722704e9c4527791209fee2034/src/main/java/com/mxgraph/online/EmbedServlet2.javaL400 which follows redirects by default. However, the redirections are not being checked, hence it is possible to...

5CVSS7.5AI score0.01686EPSS
Exploits1
Huntr
Huntr
β€’added 2022/04/21 12:44 p.m.β€’69 views

Reflected XSS on demo.microweber.org/demo/module/

Description Reflected XSS with filter bypass on /demo/module/ using module= & style= parameters. Proof of Concept https://demo.microweber.org/demo/module/?module='ontransitionend=alert1'"tabindex=1&style=transition:outline%200.001s&id=x&data-show-ui=admin&class=x&fromurl=https://demo.microweber.o...

4.3CVSS0.3AI score0.0321EPSS
Exploits1References1
Huntr
Huntr
β€’added 2023/01/06 1:16 a.m.β€’68 views

Stored XSS Via SVG File Upload

XSS Via SVG File Upload When uploading an image file to a bug report, you're able to upload .svg files which aren't properly sanitized before they are rendered, so any embedded Javascript will execute. Steps To Reproduce 1. Create a bug report 2. Upload a SVG attachment with a Javascript payload...

6.1AI score
Exploits0
Huntr
Huntr
β€’added 2022/06/28 12:59 a.m.β€’68 views

Out-of-bound read in function msg_outtrans_special

Description Out-of-bound read in function msgouttransspecial at message.c:1716 Version commit c101abff4c6756db4f5e740fde289decb9452efa HEAD - master, tag: v8.2.5164 Proof of Concept guest@elk:/trung$ valgrind ./vimlatest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc4min2 -c :qa! ==23509=...

6.8CVSS7.6AI score0.01331EPSS
Exploits1
Huntr
Huntr
β€’added 2023/08/05 4:46 p.m.β€’67 views

File Upload Bypass Leads to Remote Code Execution (RCE)

Description Vulnerable file upload functionality that users can upload files. Although almost all files with extensions like php, phtml, etc. have been prevented, an attacker can still upload phps files and remote code execute . Condition The Apache server which is hosting the web application nee...

6.5CVSS7.9AI score0.00787EPSS
Exploits1
Huntr
Huntr
β€’added 2021/10/12 8:55 a.m.β€’67 views

in dompdf/dompdf

Description Improper restriction of external entities XXE in DomPDF's SVG parser allows it to perform an SSRF even if isRemoteEnabled set to false or even cause a deserialization attack in the SVG parser this time. Proof of Concept Payload 1 - SSRF only allowurlfopen required This embeds Google...

0.9AI score0.00924EPSS
Exploits1
Huntr
Huntr
β€’added 2022/10/27 11:23 a.m.β€’66 views

Stored XSS - XSS in RSS link

Description An Administrator can import a malicious RSS feed that contains Cross Site Scripting XSS payloads inside RSS links. The administrator can then make the RSS feed available to all users of the software. Victims who wish to visit an RSS content will execute the Javascript code in a new ta...

0.6AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/07/04 7:11 p.m.β€’65 views

Mutation Stored XSS at homepage

Description bookwyrm HTML input sanitizer is vulnerable to Mutation XSS. The payload could be stored and displayed on the homepage of the website path /feed or /discovery making it widely affects all users and the main website. Proof of Concept Edit a book description: // PoC Access to the /feed...

4.3CVSS6.3AI score0.0054EPSS
Exploits0References2
Huntr
Huntr
β€’added 2021/09/07 1:40 p.m.β€’65 views

Heap-based Buffer Overflow in vim/vim

✍️ Description While testing vim built from commit ddfc051 with Ubuntu clang version 12.0.0-3ubuntu120.04.3 and Address Sanitizer, we discovered crafted input which triggers a heap-buffer-overflow, READ of size 1. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. git clone https://github.com/vim/vim LD=lld AS=llvm-as...

6.8CVSS1AI score0.01614EPSS
Exploits1References1
Huntr
Huntr
β€’added 2023/09/05 6:19 a.m.β€’63 views

AppImage Vim loads libc.so.6 from pwd

Description The appimage distribution of vim loads libc.so.6 from the current directory of the user. An attacker with control of files in a directory where the user uses vim could execute arbritrary code. Proof of Concept Proof of concept will use a malicious libc.so.6 generated with below patch ...

7.1AI score
Exploits0
Huntr
Huntr
β€’added 2023/09/17 11:16 a.m.β€’62 views

Time-Based Blind SQL injection leads to database extraction

Proof of Concept Login your account. then copy the coope and paste on below raw request POST /ajaxtable.php HTTP/1.1 Host: demo.librenms.org User-Agent: Mozilla/5.0 Windows NT 10.0; rv:78.0 Gecko/20100101 Firefox/78.0 Content-Length: 221 Accept: / Accept-Language: en-US,en;q=0.5 Content-Type:...

4CVSS7.4AI score0.22222EPSS
Exploits0References1
Huntr
Huntr
β€’added 2022/12/28 4:5 a.m.β€’62 views

IDOR to delete user resources

Description Insecure direct object references IDOR are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. Proof of Concept 1 Login into your account at demo.usememos.com 2 Turn on your burpsuite proxy 3 Go to the resources...

4CVSS6.8AI score0.00578EPSS
Exploits1
Huntr
Huntr
β€’added 2022/08/12 8:3 p.m.β€’62 views

No rate limit on main Login page lead to account takeover

Hi Team, Summary: As a best practice a login page should have a rate limit to avoid any kind of brute force. Aslo The password policy used in the account creation and password change pages is weak, allowing to set a password of only 1 character...

5CVSS1.3AI score0.00688EPSS
Exploits1
Huntr
Huntr
β€’added 2021/03/03 12:0 a.m.β€’62 views

Command Injection in facebook/create-react-app

description react-dev-utils includes some utilities used by Create React App. The function getProcessForPort in react-dev-utils is vulnerable to command injection. PoC Create a .js file with the content below and run it, then the file pzhou@shu can be illegally created. var getProcessForPort =...

6.8CVSS1.1AI score0.03289EPSS
Exploits1
Huntr
Huntr
β€’added 2021/02/12 12:0 a.m.β€’62 views

Cross-site Scripting (XSS) - Generic in ciur/papermerge-js

:star2: Description - Papermerge is an open source document management system DMS primarily designed for archiving and retrieving your digital documents. Instead of having piles of paper documents all over your desk, office or drawers. In The Admin Upload Function. Users Are Able To Trigger...

1.6AI score
Exploits0
Huntr
Huntr
β€’added 2022/05/15 10:43 a.m.β€’61 views

The publify application allows large characters to insert in the input field "First name and Last name" on the profile field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in publify / publify

Description The publify application allows large characters to insert in the input field "First name and Last name" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request Proof of Concept 1 - go to your profile https://demo-publify.herokuapp.com/admin/profiles 2 -...

7.5CVSS2.2AI score0.30778EPSS
Exploits1References2
Huntr
Huntr
β€’added 2022/02/12 12:13 p.m.β€’61 views

Cross-site Scripting (XSS) - Reflected in gnuboard/gnuboard5

Description https://github.com/gnuboard/gnuboard5/blob/v5.4.22/mobile/shop/lg/mispwapurl.phpL7 has no filtering for the variable. So, Attackers can trigger Reflected XSS via $GET'LGDOID' Proof of Concept /mobile/shop/lg/mispwapurl.php?LGDOID=%3Cscript%3Ealert1%3C/script%3E Impact Attacker can...

3.6AI score
Exploits0
Huntr
Huntr
β€’added 2022/02/11 10:0 a.m.β€’61 views

Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url

Description First Assume this example var parseUrl = require"parse-url" parseUrl"http://[email protected]:[email protected]/path/name?foo=bar&bar=42some-hash" that return : protocols: "http" protocol: "http" port: null resource: "[email protected]" user: "" pathname:...

5CVSS5.8AI score0.01104EPSS
Exploits1
Huntr
Huntr
β€’added 2023/04/29 9:31 p.m.β€’60 views

Restricted shell escape in RVIM

Description A shell escape vulnerability has been discovered in the restricted version of Vim rvim. This vulnerability allows an attacker to execute arbitrary code with the privileges of the user running Vim. Proof of Concept The shell escape vulnerability in the restricted version of Vim rvim is...

7.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/06/04 2:50 a.m.β€’60 views

Cross-site Scripting (XSS) - Stored in idempiere/idempiere

✍️ Description Stored xss via svg file upload πŸ•΅οΈβ€β™‚οΈ Proof of Concept you can upload this svg file https://github.com/ranjit-git/poc/blob/master/evilsvgfile.svg .\ Check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1nKXfSUjU5vDEMMY6cAmRs6d3MCPoj0uv/view?usp=sharing πŸ’₯...

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2023/04/11 8:49 p.m.β€’59 views

Email Address Manipulation Vulnerability

Description During testing of phpmyfaq, it was discovered that the application does not properly validate email addresses when updating user profiles. This vulnerability allows an attacker to manipulate their email address and change it to another email address that is already registered in the...

7.5CVSS8.9AI score0.00533EPSS
Exploits0
Huntr
Huntr
β€’added 2023/01/12 8:42 a.m.β€’59 views

SVG Sanitization Bypass - XSS

Description In imgproxy application, we bypassed the svg sanitization function. In this way, attacker can craft malicious svg file and run javascript on the application. Proof of Concept Here is the content of the malicious svg file. After that you can call this svg file like below...

4.9CVSS5.6AI score0.01585EPSS
Exploits1
Huntr
Huntr
β€’added 2022/03/17 12:24 a.m.β€’59 views

Segmentation Fault caused by MP4Box -lsr

Version: MP4Box -version MP4Box - GPAC version 2.1-DEV-rev48-gf6d6225a9-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io/ MINI build encoders, decoders, audio and video output disabled Please cite our work in your research: GPAC Filters:...

4.3CVSS0.7AI score0.00808EPSS
Exploits1
Huntr
Huntr
β€’added 2020/05/02 12:0 a.m.β€’59 views

Code Injection in timstudd/node-wkhtmltoimage

Description The wkhtmltoimage module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var wkhtmltoimage = require'wkhtmltoimage';...

1.7AI score
Exploits0
Huntr
Huntr
β€’added 2022/02/04 9:4 a.m.β€’58 views

in phpipam/phpipam

Description The phpIPAM 1.4.5 incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor in the Import/Export feature. A normal user with the role of User could download XLS file of IP addresses, hostfile dump and export system database that...

4CVSS6.6AI score0.01015EPSS
Exploits1References1
Huntr
Huntr
β€’added 2023/07/27 7:57 p.m.β€’57 views

HTML Injection Leads To Open Redirect

Description HTML injection is possible in the Installation title parameter, which leads to Open Redirect when clicked. Proof of Concept Open Redirect 1. Login as Admin 2. Navigate to settings 3. Edit the Installation title and set it to: Click Me 4. Save Changes 5. Click the Click Me text on the...

4.3CVSS7.3AI score0.00445EPSS
Exploits1
Huntr
Huntr
β€’added 2022/04/25 9:35 a.m.β€’57 views

SQL injection in Calendar.php

Description In Calendar.php line 498-513, web server get values parameter as a part of sql query without sanitize, so attacker can be manipulated sql query, which is executed by web server...

6.4CVSS0.2AI score0.01873EPSS
Exploits1
Total number of security vulnerabilities4072