Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/07/01 2:48 p.m.24 views

attackers with role "USER" can create tags

Description It seems that the users with role ""USER" has no permission with creating tags, but we do not enforce it. Ohers operation, like edit and delete has no problem. Proof of Concept pull the latest docker and setup answer 1 create a user with name "normaluser", whose role is "USER" 2 admin...

4CVSS6.7AI score0.00538EPSS
Exploits1
Huntr
Huntr
added 2023/06/13 9:33 a.m.24 views

heap-buffer-overflow in function id3dmx_flush filters/reframe_mp3.c

Description Heap-buffer-overflow in MP4Box. Version bash MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.7CVSS6.9AI score0.00398EPSS
Exploits1References1
Huntr
Huntr
added 2023/05/29 4:23 p.m.24 views

OOB read from unchecked return

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the latest release as of 05/29/23 the current master branch at commit 4f810869b06b5d7b0cb73d166864dfb4b1e900f6 . Description This AddressSanitizer output is indicating a read on an unknown...

3.2CVSS6.9AI score0.00306EPSS
Exploits1
Huntr
Huntr
added 2023/05/09 9:45 a.m.24 views

privilege escalation with least config

Description User can privilege escalation to admin role which least config Proof of Concept login in https://11.x-dev.pimcore.fun/admin/ and add a new users in settings - users with have access Permissions - users after that login in a new user and come settings - users - new user update new rule...

6.5CVSS7.2AI score0.00919EPSS
Exploits1
Huntr
Huntr
added 2023/04/26 8:12 p.m.24 views

Weak Password policy on account registration

Description It was observed that application allows to create account with Blank spaces as password Proof of Concept 1. Go to https://meta.answer.dev/users/register 2. Create account with 10 blank spaces as password Result: Application allows to create user account with blank spaces as password...

6.5CVSS6.9AI score0.00732EPSS
Exploits1
Huntr
Huntr
added 2023/04/06 3:26 p.m.24 views

Stored XSS via Markdown Comment

Description Register one account on blog, if account was actived, it can be comment. \ We can commment with markdown.\ When another user clicks on the comment there may be an XSS alert. I git clone project and build with docker. Latest commit is: 07a1ded08eb4e0c6979f6aeebc35f3864ba250a7\ \ Proof ...

4.9CVSS6.2AI score0.00409EPSS
Exploits1References2
Huntr
Huntr
added 2023/03/28 4:0 p.m.24 views

Multiple XSS in Create/Update Funtion Version 1.4.3 and 1.5.0-dev.2

Description Stored XSS on create/update service, categories, settings. I was test on 1.4.3 demo site and 1.5.0-dev2 Proof of Concept Install\ I install from develope branch. When finish install footer display version v1.5.0-dev.2\ The time I run and commit below on image is the latest\ \ webUI\ ...

4.9CVSS5.3AI score0.00475EPSS
Exploits1
Huntr
Huntr
added 2023/03/13 7:29 a.m.24 views

XSS in Predefined Asset Metadata module in Settings

Description While testing the pimcore application, I found that it is vulnerable to XSS vulnerability in Predefined Asset Metadata module in Settings, specifically at Name field. Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ then login. 2.Go to Settings - Predefined Asset Metadata...

4.9CVSS5.1AI score0.00439EPSS
Exploits1
Huntr
Huntr
added 2023/03/11 8:23 p.m.24 views

Instropection query is enabled on demo.pimcore.fun

Description Introspection is enabled on the demo.pimcore.fun. demo site has graphql feature for users but via that graphql endpoint attacker can run the instropection queries. which makes the vulnerable. Proof of Concept Just visit the link...

6.4CVSS6.9AI score0.00783EPSS
Exploits1
Huntr
Huntr
added 2023/03/10 5:12 p.m.24 views

HTML Injection on Settings/Template

Description Found HTML Injection on Template module on Settings. Proof of Concept 1. Login as Administrator and go to Settings. 2. On under Website Settings, go to Template. 3. Specifically, to this URL - https://demo.microweber.org/demo/admin/view:content/action:settings?group=template 4. Then...

4.3CVSS5.8AI score0.00484EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/03 4:55 p.m.24 views

RCE using bad deserialization

Description Qwik provides an extended serialization mechanism for exchanging data between the client and server. This allows for the serialization and deserialization of Date, Regex, Signal, Function and many other useful data types. The Function deserializer can be accessed using the...

7.5CVSS9.1AI score0.01149EPSS
Exploits1References5
Huntr
Huntr
added 2023/02/22 12:43 a.m.24 views

Stored XSS in Sitename

Description There is a presence of stored xss in username, which directly gets rendered whenever the page is opened. Proof of Concept 1: use the below command to clone the repo in your machine git clone https://github.com/answerdev/answer.git 2: Navigate inside the repo cd answer 3: Use...

4.9CVSS5.6AI score0.00519EPSS
Exploits1
Huntr
Huntr
added 2023/02/19 8:38 p.m.24 views

division zero

Description division by zero in fuction scrolldown at move.c:1739 version git log commit ea62cee85e9e77ec86edd9843926dadb69978753 HEAD - master, tag: v9.0.1327, origin/master, origin/HEAD Author: Bram Moolenaar Date: Sun Feb 19 18:36:41 2023 +0000 patch 9.0.1327: cursor in wrong position below li...

4.4CVSS7.6AI score0.00455EPSS
Exploits1
Huntr
Huntr
added 2023/02/12 5:50 p.m.24 views

Stored xss real name

Description In the admin account, there is a feature to add a user. In this feature, a vulnerability was found in the "Your Name" form. Proof of Concept 1.go to https://roy.demo.phpmyfaq.de/admin/?action=user 2.add user with realname alert'123' 3.go to...

4.3CVSS5.3AI score0.00532EPSS
Exploits1
Huntr
Huntr
added 2023/01/30 9:22 a.m.24 views

CSRF in all endpoints of /lib/ajax.php by Changing the request method to GET

Description I have found a CSRF in all the request in /lib/ajax.php by changing the request to GET and the page is also get errors. So user cannot use any function on the page Proof of Concept 1. Go to https://demo.froxlor.org/ and login as any user. ie. admin 2. Now open...

6.8CVSS8.4AI score0.00324EPSS
Exploits1
Huntr
Huntr
added 2023/01/23 9:56 p.m.24 views

Stored XSS - allows stealing Admin and Users Cookies

Dear Ladies and Gentlemen, First of all thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Ahmed Hassan [email protected] and I were able to identify a stored XSS Cross-Site-Scripting Vulnerability. The Process of the Vulnerability: Login ...

4.9CVSS5.3AI score0.00558EPSS
Exploits0References1
Huntr
Huntr
added 2023/01/22 12:31 a.m.24 views

Stored HTML Injection

Dear Ladies and Gentlemen, First of all thank you for your time and effort reading my Report. While doing the Penetration Test i was able to identify a stored XSS in the Username. When an admin or another Users try to set up a new account and set his name to alert‘1’ the Javascript will run and...

4.9CVSS5.2AI score0.00558EPSS
Exploits0References1
Huntr
Huntr
added 2023/01/17 5:58 a.m.24 views

File Upload Type Validation Error

Description The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature p.e. GIF89 and sending any invalid content-type. This could allow an authenticated attacker to...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2023/01/11 2:10 p.m.24 views

Dom XSS in Add Question

Description Evil users can attack other users or administrator users through this vulnerability, causing other users/administrator user accounts to be taken over Proof of Concept step1. Add a normal user and log in step2. Add a new question and insert xss payload in the body Step3. Login admin us...

6CVSS8.5AI score0.00871EPSS
Exploits1
Huntr
Huntr
added 2023/01/07 2:58 p.m.24 views

Mootools-more 1.6.0 is use which is potential vulnerable to CVE-2021-20088

Description Mootools-more 1.6.0 is use which is potential vulnerable to CVE-2021-20088 Proof of Concept https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/mootools-more.md...

7.5CVSS9AI score0.01449EPSS
Exploits2References1
Huntr
Huntr
added 2022/12/26 7:36 a.m.24 views

Get all file in resource of any user and Delete any file of any user via IDOR

Description Easily GET information of all files uploaded by all users in Resources via API https://demo.usememos.com/api/resource/$idresource method GET Easily DELETE of all files uploaded by all users in Resources via API https://demo.usememos.com/api/resource/$idresource method DELETE Proof of...

6.5CVSS0.6AI score0.00811EPSS
Exploits1
Huntr
Huntr
added 2022/12/23 3:49 p.m.24 views

Stored XSS while adding a memo

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. Proof of Concept Payload: " 1 Go to https://demo.usememos.com/ and login...

4.9CVSS5.5AI score0.00601EPSS
Exploits1
Huntr
Huntr
added 2022/12/23 3:37 p.m.24 views

Stored XSS in memos while creating

Description After login create a new memo with the following XSS payload " and click save that will make alert Proof of Concept "...

4.9CVSS1.5AI score0.00652EPSS
Exploits1
Huntr
Huntr
added 2022/12/20 3:18 p.m.24 views

Session cookie without 'HttpOnly' Flag

Description All versions of daloRADIUS prior to the master branch transmit the session cookie i.e. PHPSESSID without setting the HttpOnly flag. Proof of Concept $ curl --head http:///login.php HTTP/1.1 200 OK Date: Tue, 20 Dec 2022 14:11:38 GMT Server: Apache Set-Cookie:...

5CVSS0.4AI score0.00629EPSS
Exploits1
Huntr
Huntr
added 2022/12/14 5:1 a.m.24 views

XSS in Integration URL

Description XSS vulnerability in integration URL that could execute javascript when clicking on the URL Proof of Concept 1. navigate to the panel dashboard 2. add or edit integration and insert the URL of integration with this payload javascript:alert1 POC:...

4.9CVSS6.4AI score0.40916EPSS
Exploits1
Huntr
Huntr
added 2022/12/04 10:36 a.m.24 views

Path traversal vulnerability found

Description please check this link https://demos4.softaculous.com/FlatPressfgbu50zqaa/fp-content/ Proof of Concept https://prnt.sc/0UGovVLWcKo7...

7.5CVSS9AI score0.03637EPSS
Exploits1
Huntr
Huntr
added 2022/11/21 5:39 a.m.24 views

Unauthorized access to settings update, logs , history, delete etc of repositories

Hey, Attack Scenario: Admin setups new user with User privileges and gives access to repos "/" root directory, after a time due to some reason he revoke the privileges of the directory access but user privileged attacker can still edit settings , check logs and view history without having...

7.5CVSS1.2AI score0.00789EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/10 5:53 p.m.24 views

xss in live edit

Description when you make website and login as admin if u add user as admin he maybe evil admin n live edit https://demoxss.microweber.net/?editmode=y i start edit as html i see i can write script but didnt pass when u open site as end user then i just try add html tag with events but the sam...

5.8CVSS5.7AI score0.00488EPSS
Exploits0
Huntr
Huntr
added 2022/11/08 5:26 p.m.24 views

Post parameter namespaceMD5 is vulnerable to reflected XSS

Description The POST parameter namespaceMD5 is vulnerable to reflected XSS. Proof of Concept javascript // POST request to /module with parameters and payload namespaceMD5=3389dae361af79b04c9c8e7057f60cc6test''"alertalert&module=settings%2Fgroup%2Flanguageimport&id=mwadminimportlanguagemodalconte...

5.8CVSS2.3AI score0.00616EPSS
Exploits1
Huntr
Huntr
added 2022/10/06 9:26 a.m.24 views

Origin validation Bypass

In the following python script py if request.method in 'POST', 'PUT', 'PATCH', 'DELETE': origin = request.headers.get'Origin', None if origin and not origin.startswithrequest.base: raise cherrypy.HTTPError403, 'Unexpected Origin header' Explanation: In the above lines of code, The origin is being...

7.5CVSS0.1AI score0.00317EPSS
Exploits0
Huntr
Huntr
added 2022/09/25 11:48 a.m.24 views

Stack-based Buffer Overflow in function win_redr_ruler

Description Stack Buffer Overflow in function winredrruler at drawscreen.c:799 . vim version git log commit ec1238b4068d0d6d9d02ac1a8e61720224a1be73 grafted, HEAD - master, tag: v9.0.0582, origin/master, origin/HEAD Proof of Concept poc download url:...

4.4CVSS7.7AI score0.00501EPSS
Exploits1
Huntr
Huntr
added 2022/09/16 8:1 a.m.24 views

Cross Site Request Forgery in Admin area leads to deletion of repositories and users

Description Server accepts the GET request for deleting repositories and users which can lead to CSRF attack on repositories'. Proof of Concept Open the below URL after logging in to the admin account in demo site. For deleting Repository : Replace "replace-here" with a repo name...

4.3CVSS1AI score0.00331EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/13 11:19 p.m.24 views

Stored XSS

Description openemr has a feature to customize the "User Manual Link Override" , due to a bad sanitization it allows to put javascript:// scheme which allows to execute javascript code. Proof of Concept 1. login with admin 2. go on Global Settings - Branding 3. Edit User Manual Link Override Fiel...

4.3CVSS1.3AI score0.00582EPSS
Exploits1
Huntr
Huntr
added 2022/09/11 12:43 p.m.24 views

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept Steps to reproduce: 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively ...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2022/09/04 9:0 p.m.24 views

Null Dereference in vim_regcomp()

Description: Null Dereference in vimregcomp at vim/src/regexp.c:2716 Vim Version: git log commit 8f7116caddc6f0725cf1211407d97645c4eb7b65 HEAD - master, origin/master, origin/HEAD Proof of Concept: $ git clone https://github.com/vim/vim.git $ cd vim/ && ./configure && make && cd src/ $ echo "call...

1.9CVSS0.5AI score0.00458EPSS
Exploits1
Huntr
Huntr
added 2022/09/02 9:52 a.m.24 views

Reflected XSS via POST

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

5.8CVSS6AI score0.00891EPSS
Exploits1References3
Huntr
Huntr
added 2022/08/29 9:45 p.m.24 views

No rate limit via proxy url parameter

Description Hi Drawio Team , Your proxy server has no limit of requests which an attacker can use it as PORT SCANNER. https://app.diagrams.net/proxy?url=IP:PORT&base64=1 Proof of Concept Image from my OWASP ZAP : https://ibb.co/h87hz3N...

5CVSS0.7AI score0.01017EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/22 9:10 p.m.24 views

Session Fixation

Description The session is not invalidated after a password change. Proof of Concept Open Snipe-IT in the browser and login. Do the same in a private window such that there are two sessions. Change the password in one of the two sessions and observe that the second session is not invalidated...

6CVSS1.3AI score0.00674EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/18 10:42 a.m.24 views

Exposure of Sensitive Information Lead To Admin Account Take Over

Description The AP officers account is authorized to Backup and Restore the Database, Due to this he/she can download the backup and see the password hash of the System Administrator account, The weak hash MD5 of the password can be easily cracked and get the admin password. Proof of Concept Step...

6.5CVSS1.2AI score0.01105EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/12 12:1 p.m.24 views

Use After Free in function string_quote

Description Use After Free in function stringquote at vim/src/strings.c:777 vim version git log commit c9b6570fab46bf2c246a954cfb8c0d95fe2746b3 grafted, HEAD - master, tag: v9.0.0203, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/fuzz/test/poc1uaf.da...

4.4CVSS7.6AI score0.00498EPSS
Exploits1
Huntr
Huntr
added 2022/08/12 7:34 a.m.24 views

Stored XSS vulnerability when importing RSS Feeds from external source

Description YetiForceCRM allows user create RSS Feeds without purifying the link field of the input data properly from external source. An attacker can take advantage of this vulnerability to perform an XML Injection attack that leads to stored cross-site scripting XSS on the target server. Proof...

4.9CVSS0.2AI score0.00688EPSS
Exploits1References2
Huntr
Huntr
added 2022/08/07 8:2 a.m.24 views

Hostname Spoofing

Description parse-url parses following https url incorrectly, identifies its protocol as ssh, and its host name is parsed incorrectly either. https://www.google.com:[email protected]:x node -e 'const parseUrl=require"parse-url";console.logparseUrl"https://www.google.com:[email protected]:x"' protocols:...

5.8CVSS6.4AI score0.00586EPSS
Exploits1
Huntr
Huntr
added 2022/07/23 4:29 p.m.24 views

No Protection against Bruteforce attacks on Login page

Description Wger Workout Manager does not limit unsuccessful login attempts allowing Brute Forcing. Proof of Concept Steps to Reproduce: 1. Register a new user 2. Logout 3. Send a login request with an incorrect password 4. Capture the login request 5. Replay the login request with a different...

7.5CVSS8.8AI score0.00661EPSS
Exploits1References1
Huntr
Huntr
added 2022/07/23 6:59 a.m.24 views

Improper Input Validation

Description Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe for processing within the code, or when communicating with other components. When software does not validate input properly, an attacker is able to cra...

1.1AI score
Exploits0References3
Huntr
Huntr
added 2022/07/22 3:11 a.m.24 views

DOM-based Cross-Site Scripting (XSS) in OpenEMR 7.0.0 and below at White list files

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version; Open Source electronic health records and medical practice management application; has DOM-based Cross-Site Scripting XSS vulnerability in the...

4.9CVSS5.5AI score0.00437EPSS
Exploits1References3
Huntr
Huntr
added 2022/07/19 11:38 a.m.24 views

Reflected Cross Site Scripting in OpenEMR 7.0.0 and below at backup

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version Open Source electronic health records and medical practice management application has Reflected Cross Site Scripting vulnerability in the formstatus parameter...

5.8CVSS0.3AI score0.00461EPSS
Exploits1References2
Huntr
Huntr
added 2022/07/02 8:58 p.m.24 views

Reflected XSS in Username

Description If a regular user's username is set to a XSS payload, and then that same XSS payload is placed in the q query parameter of /scp/ajax.php/users/local, then reflected XSS is achieved. This XSS can lead to complete takeover of the osTicket instance. Proof of Concept Set a user's username...

4.9CVSS5.7AI score0.00673EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 9:0 a.m.24 views

Heap Use After Free in function ex_diffgetput

Description Heap Use After Free in function exdiffgetput at diff.c:2790 vim version git log commit 75417d960bd17a5b701cfb625b8864dacaf0cc39 HEAD - master, tag: v9.0.0001, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochuaf3s.dat -c :qa!...

6.8CVSS7.8AI score0.01264EPSS
Exploits1
Huntr
Huntr
added 2022/06/25 1:58 a.m.24 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept 1 Go to this URL:...

0.4AI score
Exploits0References4
Huntr
Huntr
added 2022/06/07 10:15 p.m.24 views

Account Takeover via Webhook Handlebars + API Reset Password

Description Through the Webhook functionality, the attacker is able to use Handlebars to capture sensitive user data. Capturing the emailverificationtoken, which through the API I found the PasswordForget function, enabling account takeover via password reset. Steps 1. - Create Table 2. - Select...

6.8CVSS0.3AI score0.01359EPSS
Exploits1
Total number of security vulnerabilities4072