Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
•added 2022/06/07 9:7 a.m.•24 views

Run malicious JS code with other kinds of encoding

Description We can Run malicious JS code With special escaping characters for ASCII chars that start with \x and also all Unicodes start with \u, like the followings : CR == \x0d and \u000d LF == \x0a and \u000a TAB == \t and \u0009 and \x09 So there can be many characters that we can't filter al...

4.3CVSS6.5AI score0.00955EPSS
Exploits1
Huntr
Huntr
•added 2022/05/27 5:8 p.m.•24 views

Use-After-Free in function hash_new_from_values

Description Use-After-Free in function hashnewfromvalues at vm.c:1167 mruby version git log commit ac79849fde3381e001c3274fbcdda20a5c9cb22b HEAD - master, origin/master, origin/HEAD Author: Yukihiro "Matz" Matsumoto Date: Fri May 20 09:59:23 2022 +0900 Build export CFLAGS="-g -O0 -lpthread...

4.6CVSS6.2AI score0.00398EPSS
Exploits1
Huntr
Huntr
•added 2022/05/22 8:56 p.m.•24 views

Session Fixation

šŸ”’ļø Requirements None. šŸ“ Description The updateUser function does not reset user's session. šŸ•µļøā€ā™‚ļø Proof of Concept Use two browsers and on the first, update the second user's session to delete his privileges. Going to the second, you and refreshing the page, you will that the user have lost his...

5.5CVSS2.2AI score0.00671EPSS
Exploits1
Huntr
Huntr
•added 2022/05/15 1:54 p.m.•24 views

Use After Free

Description Use After Free in gpac Proof of Concept MP4Box -bt POC1 POC1 is here ASAN ==74043==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000003fd0 at pc 0x7f0c5374e845 bp 0x7ffcfc56f2b0 sp 0x7ffcfc56f2a8 READ of size 8 at 0x604000003fd0 thread T0 0 0x7f0c5374e844 in...

7.5CVSS8.4AI score0.00972EPSS
Exploits1
Huntr
Huntr
•added 2022/05/14 12:55 p.m.•24 views

Html Injection lead to cross site scripting

Description Hi i Found a way to inject html in user's email. So in this case if a attacker set name of victim as html form it will be rendered by your system and then the render html will be sent to the victim Proof of Concept 1. Goto https://paraio.com/signup/ and in name field add this payload...

4.3CVSS0.00917EPSS
Exploits1
Huntr
Huntr
•added 2022/05/09 10:4 a.m.•24 views

Account Takeover

Description Hi there i found that forget password functionality can be manipulated and this lead to account takeover. So even if an attacker can takeover low access user to admin accounts. In this bug server is vulnerable to php type juggling attack Proof of Concept 1. While registering app for...

7.5CVSS1.5AI score0.01358EPSS
Exploits1
Huntr
Huntr
•added 2022/05/01 6:1 p.m.•24 views

Arbitrary Code Execution through Sanitizer Bypass

Description The sanitizer function of the drawio core library which is responsible to sanitize various parts of a diagram of potentially dangerous HTML/JavaScript code can be bypassed. It is vulnerable to mutation XSS payloads, which allows escaping from the sanitizer. This allows arbitrary code...

6.8CVSS0.02273EPSS
Exploits1References1
Huntr
Huntr
•added 2022/04/30 10:26 a.m.•24 views

Cross-site scripting - Reflected in Create Subaccount

Description Cross-site scripting - Reflected in Create Subaccount via codsubcuenta parameter. Proof of Concept POST /facturascripts/EditSubcuenta HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:100.0 Gecko/20100101 Firefox/100.0 Accept:...

4.3CVSS0.00832EPSS
Exploits1References1
Huntr
Huntr
•added 2022/04/21 6:43 p.m.•24 views

Stored XSS via upload plugin functionality in zip format

Description Cross-site scripting XSS is a common attack vector that injects malicious code into a vulnerable web application. Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Here...

3.5CVSS0.5AI score0.00732EPSS
Exploits1References1
Huntr
Huntr
•added 2022/04/20 3:15 a.m.•24 views

Heap-based Buffer Overflow

Description Heap-based buffer overflow in coresymbolication:272 Environment radare2 5.6.9 0 @ linux-x86-64 git. commit: 5.6.9 build: 2022-04-1923:49:49 Build export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan" CXXFLAGS="-fsanitize=address -static-libasan" LDFLAGS="-fsanitize=address...

5.8CVSS0.00757EPSS
Exploits1
Huntr
Huntr
•added 2022/04/15 4:18 p.m.•24 views

API Privilege Escalation

Description Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed, and such elevation or changes should have been prevented by the application. This is usually caused by a flaw in the application. On Easy!Appointments API authorizati...

9CVSS0.6AI score0.01115EPSS
Exploits1
Huntr
Huntr
•added 2022/04/11 5:35 p.m.•24 views

Cross-site Scripting (XSS) - Stored

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document“s content. Proof ...

4.9CVSS0.2AI score0.00429EPSS
Exploits1References1
Huntr
Huntr
•added 2022/04/07 9:45 p.m.•24 views

Server Side Template Injection

Description Grav is vulnerable to Server Side Template Injection via Twig. According to a previous vulnerability report, Twig should not render dangerous functions by default, such as system. PoC video. Proof of Concept Payload: 'cat\x20/etc/passwd'|filter'system' 1. With an authenticated user,...

6.5CVSS2.1AI score0.10385EPSS
Exploits2References1
Huntr
Huntr
•added 2022/04/06 7:17 p.m.•24 views

Out-of-bounds read in `r_bin_ne_get_relocs` function

Description Out-of-bounds OOB read vulnerability exists in rbinnegetrelocs function in Radare2 5.6.7 due to a missing check on the index value. Version bash radare2 5.6.7 27746 @ linux-x86-64 git.5.6.6 commit: 2b77b277d67ce061ee6ef839e7139ebc2103c1e3 build: 2022-04-0614:41:37 Proof of Concept bas...

6.4CVSS7.7AI score0.00766EPSS
Exploits1
Huntr
Huntr
•added 2022/04/05 1:23 p.m.•24 views

heap-buffer-overflow

Description Whilst experimenting with radare2, built from version 5.6.6, we are able to induce a vulnerability at bindyldcache.c:125 in function va2pa , using radare2 as a harness. 118: static ut64 va2pauint64t addr, ut32 nmaps, cachemapt maps, RBuffer cachebuf, ut64 slide, ut32 offset, ut32 left...

4.3CVSS5.8AI score0.008EPSS
Exploits1
Huntr
Huntr
•added 2022/03/23 12:35 p.m.•24 views

SQL injection through marking blog comments on bulk as spam

Description the comments ids aren't checked and vulnerable for SQL injection Proof of Concept...

6.5CVSS0.9AI score0.01134EPSS
Exploits1
Huntr
Huntr
•added 2022/03/14 2:47 p.m.•24 views

Stored XSS viva .webmv file upload

Description The application allows .webmv files to upload which lead to stored XSS Proof of Concept 1.First, open your text file/notepad and paste the below payload and save it as XSS.webmv: alert1337 alertdocument.domain alertdocument.location alert'XSSbySamprit Das' 2.Then go to...

3.5CVSS0.6AI score0.00825EPSS
Exploits1
Huntr
Huntr
•added 2022/03/13 9:53 a.m.•24 views

Stored XSS due to Unrestricted File Upload

Description Stored XSS via uploading files in .aspx format. Proof of Concept filename="poc.aspx" alert1 Steps to Reproduce 1.Login into showdoc.com.cn.\ 2.Navigate to file library https://www.showdoc.com.cn/attachment/index\ 3.In the File Library page, click the Upload button and choose the...

3.5CVSS5.3AI score0.00538EPSS
Exploits1
Huntr
Huntr
•added 2022/03/13 9:14 a.m.•24 views

Unrestricted Upload of File with Dangerous Type

Description This is a bypass of report https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e/. The upload feature allows the files with the extension .html which leads to Stored XSS. Proof of Concept - Step 1: Login into showdoc.com.cn. - Step 2: Go to...

3.5CVSS5.6AI score0.00625EPSS
Exploits1
Huntr
Huntr
•added 2022/03/11 5:26 p.m.•24 views

hostname spoofing via Improper Input Validation

Description When to use the parse-url, If user put the https://google.comhashvalue as argument, parse-url doesn't parse the hash value and parses hostname and hash together as hostname. http://localhost/hashvalue and http://localhosthashvalue are the same.. txt - new URL of node āÆ node -e...

7.1AI score
Exploits0
Huntr
Huntr
•added 2022/03/11 5:8 p.m.•24 views

Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods

Description 1 Checkout URL and Custom order id parameters are vulnerable to stored XSS, which are located in Shop Settings other settings Advanced 2 From e-mail address and From name parameters are vulnerable to stored XSS, which are located in Shop Settings Autorespond E-mail settings check your...

3.5CVSS5.3AI score0.03197EPSS
Exploits1
Huntr
Huntr
•added 2022/03/11 11:10 a.m.•24 views

File upload filter bypass leading to stored XSS

Description A User can upload .a-zhtml file e.g. ahtml, bhtml, chtml, ddhtml, AS LONG AS it ends with html with XSS payload. Upon upload, a URL with malicious html can be accessed and javascript will be executed. Proof of Concept taking chtml as example Step 1 Login to the demo portal with admin...

3.5CVSS5.2AI score0.00895EPSS
Exploits1
Huntr
Huntr
•added 2022/03/10 7:47 p.m.•24 views

XSS on dynamic_text module

Description There is XSS vulnerability on dynamictext module. Proof of Concept Visit - https://demo.microweber.org/demo/admin/view:modules/loadmodule:dynamictext Impact Below Post request was used to upload XSS payload POST /demo/api/savedynamictext HTTP/1.1 Host: demo.microweber.org Cookie:...

4.3CVSS0.1AI score0.01062EPSS
Exploits1
Huntr
Huntr
•added 2022/03/09 6:14 p.m.•24 views

Abusing Backup/Restore feature to achieve Remote Code Execution

Description Admin can use Backup modules to upload a malicious PHP file, which can lead to RCE. Proof of Concept + Log in as admin, navigate to Modules - Backup: https://demo.microweber.org/demo/admin/view:modules/loadmodule:adminbackup + Prepare a malicious PHP file, in this case info2.php +...

6.5CVSS0.7AI score0.0207EPSS
Exploits1
Huntr
Huntr
•added 2022/02/23 10:19 p.m.•24 views

Denial of Service

Description R2 will hang for several crafted binaries. Proof of Concept bash printf "%s" "AAA4AAAAAB4=" | base64 -d /tmp/a printf "%s" "z/rt/gwAAAEuAAB//wAAAACe2QEaAAAG+s8yAOH/AQAAAA==" | base64 -d /tmp/a printf "%s"...

4.3CVSS1.7AI score0.00941EPSS
Exploits1
Huntr
Huntr
•added 2022/02/03 1:44 p.m.•24 views

in mruby/mruby

Description OOB read and OOB write in mrbarypush. commit : 903c5f978a2966465d8d5c6dfac55a977d134287 Proof of Concept bash $ echo -ne "bAticjWSUkRPTkxZC2I9e30MWyohMCxtOjAwLG06MF09MXxbKiEwLG0wXQo=" |base64 -d poc ASAN $ ./bin/mruby ./poc AddressSanitizer:DEADLYSIGNAL...

6.4CVSS1.1AI score0.01153EPSS
Exploits1
Huntr
Huntr
•added 2022/01/27 5:4 a.m.•24 views

Cross-site Scripting (XSS) - Stored in microweber/microweber

Description Stored XSS occurs when changing a user's profile Proof of Concept txt XSS POC : "alertdocument.domain 1. Open the https://demo.microweber.org/demo/admin 2. Go to "Users" "Edit profile" 3. Change the value of "First Name" to XSS PoC 4. Refresh Impact Through this vulnerability, an...

3.5CVSS0.4AI score0.00631EPSS
Exploits1
Huntr
Huntr
•added 2022/01/23 3:24 a.m.•24 views

Cross-site Scripting (XSS) - Stored in vanessa219/vditor

Description The Vanessa219/vditor is a markdown editor supported by browsers. When a user creates a link using the markdown syntax, the server does not URL-encode the double-quotes, so the user can escape the href attribute and trigger XSS using the on attribute. Proof of Concept txt XSS PoC : xs...

3.5CVSS0.5AI score0.00464EPSS
Exploits1
Huntr
Huntr
•added 2022/01/14 9:30 a.m.•24 views

Cross-site Scripting (XSS) - Reflected in icecoder/icecoder

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

3.5CVSS5AI score0.00668EPSS
Exploits1References2
Huntr
Huntr
•added 2022/01/11 4:14 a.m.•24 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description pimcore is vulnerable to Stored XSS at Name field in the setting tab of the Global Targeting Rules. Steps to reproduce 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In the left menu bar, click the Marketing icon then choose Personalization / Targeting - Global Targeting Rules...

3.5CVSS0.00664EPSS
Exploits1
Huntr
Huntr
•added 2021/12/26 12:23 p.m.•24 views

Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot

Title XSS in markdown link-maker Description While chatting with a client, both sides may use markdown. However, neither client's nor Chatwoot inner user's input is verified. Steps to reproduce. Note: this works in Safari and Firefox, not Chrome. I will use Telegram bot. 1. 1. Start a conversatio...

5.8CVSS0.2AI score0.00788EPSS
Exploits1
Huntr
Huntr
•added 2021/12/24 8:30 a.m.•24 views

Cross-Site Request Forgery (CSRF) in yourls/yourls

Description 1. Hi there YOURLS team, I would like to report a Cross Site Request forgery vulenrability on YOURLS. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows ...

4.3CVSS1.1AI score0.01994EPSS
Exploits5References1
Huntr
Huntr
•added 2021/12/07 8:26 a.m.•24 views

Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Description pimcore is vulnerable to Reflected XSS via the Search function for Document, Assets and Data Objects. Steps to reproduce 1.Login to pimcore admin. 2.In the left menu bar, click the Search icon then choose Documents, the Search Documents tab will display. 3.Input payload " into the...

4.3CVSS1.4AI score0.00755EPSS
Exploits1
Huntr
Huntr
•added 2021/12/05 6:0 p.m.•24 views

Server-Side Request Forgery (SSRF) in snipe/snipe-it

Description Admin users on the external network can perform blind POST-based SSRF issue requests on behalf of the server into the internal network via the Slack Integration Performing portscans 1: Go to Slack Integrations 2: Use http://127.0.0.1:1337 as the Slack Endpoint. See the error message:...

6.5CVSS5.2AI score0.00893EPSS
Exploits1References1
Huntr
Huntr
•added 2021/11/30 2:34 p.m.•24 views

Server-Side Request Forgery (SSRF) in dotcms/core

Description Hi team, I found a SSRF that allow me to access the elasticsearch API and get full response from the querys - As can be read in the following link dotCMS uses elastisearch, with this SSRF we can direct access the elastisearch REST API, - In a cloud environment, it can be possible to...

1.1AI score
Exploits0References1
Huntr
Huntr
•added 2021/11/11 2:18 p.m.•24 views

Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk

Description Stored XSS via upload 'Attachments' with format .svg or .html Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept // PoC.svg...

3.5CVSS0.9AI score0.00778EPSS
Exploits1References1
Huntr
Huntr
•added 2021/09/19 5:30 p.m.•24 views

Server-Side Request Forgery (SSRF) in osticket/osticket

Description The SSRF vulnerability in OSTickets detailed in CVE-2020-24881 is still unfixed, attackers can still make arbitrary requests via the server to the private network via the PDF print generator although they will not be able to exfiltrate anything other than image data. Proof of Concept ...

1.2AI score0.73267EPSS
Exploits3References1
Huntr
Huntr
•added 2021/09/10 12:9 p.m.•24 views

Inefficient Regular Expression Complexity in sindresorhus/semver-regex

āœļø Description It allows cause a denial of service when formatting crafted invalid semver versions. šŸ•µļøā€ā™‚ļø Proof of Concept // PoC.mjs import semverRegex from 'semver-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = '0.0.0-0' + '.-------'.repeati1 + '@';...

5CVSS4.5AI score0.01457EPSS
Exploits1
Huntr
Huntr
•added 2021/09/01 4:7 p.m.•24 views

Inefficient Regular Expression Complexity in vuelidate/vuelidate

āœļø Description A ReDoS regular expression denial of service flaw was found in the @vuelidate/validators package. An attacker that is able to provide crafted input to the urlinput function may cause an application to consume an excessive amount of CPU. šŸ•µļøā€ā™‚ļø Proof of Concept Create the following...

5CVSS1.4AI score0.01222EPSS
Exploits1
Huntr
Huntr
•added 2021/08/23 5:10 p.m.•24 views

in yourls/yourls

āœļø Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. šŸ•µļøā€ā™‚ļø Proof of Concept šŸ’„ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

6.8CVSS1.3AI score0.00405EPSS
Exploits1References1
Huntr
Huntr
•added 2021/01/28 12:0 a.m.•24 views

Server-Side Request Forgery (SSRF) in sterlp/svg2png

:book: Description Svg2Png Manage your Icons in SVG and generate the needed PNG into your projects as needed. No "Web Service" needed, just an executable JAR file. this package is vulnerable to XXE. https://github.com/sterlp/svg2png :recycle: Steps To Reproduce-: 0 download and run latest release...

4.3CVSS0.5AI score0.007EPSS
Exploits1
Huntr
Huntr
•added 2021/01/06 12:0 a.m.•24 views

Cross-site Scripting (XSS) - Generic in kekingcn/kkfileview

Description kkFileView this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/kekingcn/kkFileView Steps To Reproduce-: stored XSS 1 install https://github.com/kekingcn/kkFileView locally or https://file.keking.cn/index use demo 2 while uploading files for preview use js...

6.6AI score
Exploits0References2
Huntr
Huntr
•added 2020/12/21 12:0 a.m.•24 views

Code Injection in apolloauto/apollo

Description Arbitrary Code Excecution in genprotofile.py in ApolloAuto/Apollo. An open autonomous driving platform. Technical Description This package was vulnerable to Arbitrary code execution due to a use of a known vulnerable function load in yaml. fix is to be done genprotofile.py Exploit cod...

0.6AI score
Exploits0References1
Huntr
Huntr
•added 2020/11/23 12:0 a.m.•24 views

Cross-site Scripting (XSS) - Generic in s-cart/core

Description s-cart is a free e-commerce website project for businesses, built on the Laravel framework. this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/s-cart/s-cart https://s-cart.org/about.html Steps To Reproduce-: 1 install https://github.com/s-cart/s-cart...

4.3CVSS6.2AI score0.01071EPSS
Exploits1References1
Huntr
Huntr
•added 2023/10/12 6:56 p.m.•23 views

Store XSS when Add Reviewer

Description Store XSS when Add Reviewer Proof of Concept Payload: TESTalertdocument.domain Video Poc https://drive.google.com/file/d/16o4w6V-uCpkshFXYBb-pZRflpl7N3Sy4/view?usp=sharing...

6.3AI score0.00404EPSS
Exploits1
Huntr
Huntr
•added 2023/10/07 3:28 a.m.•23 views

Improper Authorization allows opening of arbitrary files

Description Tested on Build94 of the Inure application. It was discovered that the application had an exported activity .activities.association.TextViewerActivity which accepted intent data via the file scheme + text/ mime type and opened the associated files from provided URI data string. The...

7.2AI score0.00251EPSS
Exploits1References1
Huntr
Huntr
•added 2023/09/01 7:31 p.m.•23 views

Store XSS in Mail Setup

Description I noticed, your website is very secure. But you overlooked a flaw XSS . Proof of Concept Detail: 1 .Login vs admin demo account and access admin page. 2 .Go to Configuration == Mail setup. 3 .Insert payload into Password: test"alertdocument.domain 4 .Click save configuration == detect...

5.8CVSS6.2AI score0.00417EPSS
Exploits0
Huntr
Huntr
•added 2023/09/01 3:7 a.m.•23 views

heap-use-after-free in mp4_mux_process_fragmented filters/mux_isom.c:6634

Description heap-use-after-free in MP4Box. Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.9AI score0.00267EPSS
Exploits1References1
Huntr
Huntr
•added 2023/08/31 2:23 a.m.•23 views

signed integer overflow in filters/mux_isom.c:5716:20

Description The signed integer overflow in MP4Box, and the program will eventually crash due to double-free,. It is uncertain whether the signed integer overflow is directly related to double-free Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Par...

1.9CVSS7AI score0.00293EPSS
Exploits1References1
Huntr
Huntr
•added 2023/08/29 7:0 a.m.•23 views

NULL Pointer Dereference in media_tools/mpeg2_ps.c, media_tools/avilib.c and filters/dasher.c

Description NULL Pointer Dereference in MP4Box. Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.8AI score0.00295EPSS
Exploits1References4
Total number of security vulnerabilities4072