Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
•added 2022/07/22 3:11 a.m.•24 views

DOM-based Cross-Site Scripting (XSS) in OpenEMR 7.0.0 and below at White list files

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version; Open Source electronic health records and medical practice management application; has DOM-based Cross-Site Scripting XSS vulnerability in the...

4.9CVSS5.5AI score0.00437EPSS
Exploits1References3
Huntr
Huntr
•added 2022/07/19 11:38 a.m.•24 views

Reflected Cross Site Scripting in OpenEMR 7.0.0 and below at backup

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version Open Source electronic health records and medical practice management application has Reflected Cross Site Scripting vulnerability in the formstatus parameter...

5.8CVSS0.3AI score0.00461EPSS
Exploits1References2
Huntr
Huntr
•added 2022/07/17 11:48 a.m.•24 views

[Bypass] Cross-site Scriptin (XSS) via file upload

šŸ”’ļø Requirements Privileges: User. šŸ“ Description I found a bypass to this report by uploading the file with "public": true, parameter. This is due to the fact that AWS bucket public folder does not auto download files when we access them. šŸ•µļøā€ā™‚ļø Proof of Concept Step 1: Go your outline home and...

0.2AI score
Exploits0
Huntr
Huntr
•added 2022/07/02 8:58 p.m.•24 views

Reflected XSS in Username

Description If a regular user's username is set to a XSS payload, and then that same XSS payload is placed in the q query parameter of /scp/ajax.php/users/local, then reflected XSS is achieved. This XSS can lead to complete takeover of the osTicket instance. Proof of Concept Set a user's username...

4.9CVSS5.7AI score0.00673EPSS
Exploits1
Huntr
Huntr
•added 2022/06/29 9:0 a.m.•24 views

Heap Use After Free in function ex_diffgetput

Description Heap Use After Free in function exdiffgetput at diff.c:2790 vim version git log commit 75417d960bd17a5b701cfb625b8864dacaf0cc39 HEAD - master, tag: v9.0.0001, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochuaf3s.dat -c :qa!...

6.8CVSS7.8AI score0.01264EPSS
Exploits1
Huntr
Huntr
•added 2022/06/25 1:58 a.m.•24 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept 1 Go to this URL:...

0.4AI score
Exploits0References4
Huntr
Huntr
•added 2022/06/07 10:15 p.m.•24 views

Account Takeover via Webhook Handlebars + API Reset Password

Description Through the Webhook functionality, the attacker is able to use Handlebars to capture sensitive user data. Capturing the emailverificationtoken, which through the API I found the PasswordForget function, enabling account takeover via password reset. Steps 1. - Create Table 2. - Select...

6.8CVSS0.3AI score0.01359EPSS
Exploits1
Huntr
Huntr
•added 2022/06/07 12:10 p.m.•24 views

Bypass filter - Stored XSS in Resources

Description Website does incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of concept javaSCRIPTalertorigin Steps to reproduce it works on Firefox not in chromium based browsers 1.Go to...

3.5CVSS5.7AI score0.00844EPSS
Exploits1
Huntr
Huntr
•added 2022/06/07 9:7 a.m.•24 views

Run malicious JS code with other kinds of encoding

Description We can Run malicious JS code With special escaping characters for ASCII chars that start with \x and also all Unicodes start with \u, like the followings : CR == \x0d and \u000d LF == \x0a and \u000a TAB == \t and \u0009 and \x09 So there can be many characters that we can't filter al...

4.3CVSS6.5AI score0.00955EPSS
Exploits1
Huntr
Huntr
•added 2022/05/27 5:8 p.m.•24 views

Use-After-Free in function hash_new_from_values

Description Use-After-Free in function hashnewfromvalues at vm.c:1167 mruby version git log commit ac79849fde3381e001c3274fbcdda20a5c9cb22b HEAD - master, origin/master, origin/HEAD Author: Yukihiro "Matz" Matsumoto Date: Fri May 20 09:59:23 2022 +0900 Build export CFLAGS="-g -O0 -lpthread...

4.6CVSS6.2AI score0.00398EPSS
Exploits1
Huntr
Huntr
•added 2022/05/22 8:56 p.m.•24 views

Session Fixation

šŸ”’ļø Requirements None. šŸ“ Description The updateUser function does not reset user's session. šŸ•µļøā€ā™‚ļø Proof of Concept Use two browsers and on the first, update the second user's session to delete his privileges. Going to the second, you and refreshing the page, you will that the user have lost his...

5.5CVSS2.2AI score0.00671EPSS
Exploits1
Huntr
Huntr
•added 2022/05/15 1:54 p.m.•24 views

Use After Free

Description Use After Free in gpac Proof of Concept MP4Box -bt POC1 POC1 is here ASAN ==74043==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000003fd0 at pc 0x7f0c5374e845 bp 0x7ffcfc56f2b0 sp 0x7ffcfc56f2a8 READ of size 8 at 0x604000003fd0 thread T0 0 0x7f0c5374e844 in...

7.5CVSS8.4AI score0.00972EPSS
Exploits1
Huntr
Huntr
•added 2022/05/14 12:55 p.m.•24 views

Html Injection lead to cross site scripting

Description Hi i Found a way to inject html in user's email. So in this case if a attacker set name of victim as html form it will be rendered by your system and then the render html will be sent to the victim Proof of Concept 1. Goto https://paraio.com/signup/ and in name field add this payload...

4.3CVSS0.00917EPSS
Exploits1
Huntr
Huntr
•added 2022/05/09 10:4 a.m.•24 views

Account Takeover

Description Hi there i found that forget password functionality can be manipulated and this lead to account takeover. So even if an attacker can takeover low access user to admin accounts. In this bug server is vulnerable to php type juggling attack Proof of Concept 1. While registering app for...

7.5CVSS1.5AI score0.01358EPSS
Exploits1
Huntr
Huntr
•added 2022/05/01 6:1 p.m.•24 views

Arbitrary Code Execution through Sanitizer Bypass

Description The sanitizer function of the drawio core library which is responsible to sanitize various parts of a diagram of potentially dangerous HTML/JavaScript code can be bypassed. It is vulnerable to mutation XSS payloads, which allows escaping from the sanitizer. This allows arbitrary code...

6.8CVSS0.02273EPSS
Exploits1References1
Huntr
Huntr
•added 2022/04/21 6:43 p.m.•24 views

Stored XSS via upload plugin functionality in zip format

Description Cross-site scripting XSS is a common attack vector that injects malicious code into a vulnerable web application. Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Here...

3.5CVSS0.5AI score0.00732EPSS
Exploits1References1
Huntr
Huntr
•added 2022/04/20 3:15 a.m.•24 views

Heap-based Buffer Overflow

Description Heap-based buffer overflow in coresymbolication:272 Environment radare2 5.6.9 0 @ linux-x86-64 git. commit: 5.6.9 build: 2022-04-1923:49:49 Build export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan" CXXFLAGS="-fsanitize=address -static-libasan" LDFLAGS="-fsanitize=address...

5.8CVSS0.00757EPSS
Exploits1
Huntr
Huntr
•added 2022/04/15 4:18 p.m.•24 views

API Privilege Escalation

Description Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed, and such elevation or changes should have been prevented by the application. This is usually caused by a flaw in the application. On Easy!Appointments API authorizati...

9CVSS0.6AI score0.01115EPSS
Exploits1
Huntr
Huntr
•added 2022/04/11 5:35 p.m.•24 views

Cross-site Scripting (XSS) - Stored

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document“s content. Proof ...

4.9CVSS0.2AI score0.00429EPSS
Exploits1References1
Huntr
Huntr
•added 2022/04/07 9:45 p.m.•24 views

Server Side Template Injection

Description Grav is vulnerable to Server Side Template Injection via Twig. According to a previous vulnerability report, Twig should not render dangerous functions by default, such as system. PoC video. Proof of Concept Payload: 'cat\x20/etc/passwd'|filter'system' 1. With an authenticated user,...

6.5CVSS2.1AI score0.10385EPSS
Exploits2References1
Huntr
Huntr
•added 2022/04/06 7:17 p.m.•24 views

Out-of-bounds read in `r_bin_ne_get_relocs` function

Description Out-of-bounds OOB read vulnerability exists in rbinnegetrelocs function in Radare2 5.6.7 due to a missing check on the index value. Version bash radare2 5.6.7 27746 @ linux-x86-64 git.5.6.6 commit: 2b77b277d67ce061ee6ef839e7139ebc2103c1e3 build: 2022-04-0614:41:37 Proof of Concept bas...

6.4CVSS7.7AI score0.00766EPSS
Exploits1
Huntr
Huntr
•added 2022/04/05 1:23 p.m.•24 views

heap-buffer-overflow

Description Whilst experimenting with radare2, built from version 5.6.6, we are able to induce a vulnerability at bindyldcache.c:125 in function va2pa , using radare2 as a harness. 118: static ut64 va2pauint64t addr, ut32 nmaps, cachemapt maps, RBuffer cachebuf, ut64 slide, ut32 offset, ut32 left...

4.3CVSS5.8AI score0.008EPSS
Exploits1
Huntr
Huntr
•added 2022/03/23 12:35 p.m.•24 views

SQL injection through marking blog comments on bulk as spam

Description the comments ids aren't checked and vulnerable for SQL injection Proof of Concept...

6.5CVSS0.9AI score0.01134EPSS
Exploits1
Huntr
Huntr
•added 2022/03/14 2:47 p.m.•24 views

Stored XSS viva .webmv file upload

Description The application allows .webmv files to upload which lead to stored XSS Proof of Concept 1.First, open your text file/notepad and paste the below payload and save it as XSS.webmv: alert1337 alertdocument.domain alertdocument.location alert'XSSbySamprit Das' 2.Then go to...

3.5CVSS0.6AI score0.00825EPSS
Exploits1
Huntr
Huntr
•added 2022/03/14 2:24 p.m.•24 views

Stored XSS viva .properties file upload

Description The application allows .properties files to upload which lead to stored XSS Proof of Concept 1.First, open your text file/notepad and paste the below payload and save it as XSS.properties: alert1337 alertdocument.domain alertdocument.location alert'XSSbySamprit Das' 2.Then go to...

3.5CVSS0.6AI score0.0084EPSS
Exploits1
Huntr
Huntr
•added 2022/03/13 9:53 a.m.•24 views

Stored XSS due to Unrestricted File Upload

Description Stored XSS via uploading files in .aspx format. Proof of Concept filename="poc.aspx" alert1 Steps to Reproduce 1.Login into showdoc.com.cn.\ 2.Navigate to file library https://www.showdoc.com.cn/attachment/index\ 3.In the File Library page, click the Upload button and choose the...

3.5CVSS5.3AI score0.00538EPSS
Exploits1
Huntr
Huntr
•added 2022/03/13 9:14 a.m.•24 views

Unrestricted Upload of File with Dangerous Type

Description This is a bypass of report https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e/. The upload feature allows the files with the extension .html which leads to Stored XSS. Proof of Concept - Step 1: Login into showdoc.com.cn. - Step 2: Go to...

3.5CVSS5.6AI score0.00625EPSS
Exploits1
Huntr
Huntr
•added 2022/03/11 5:26 p.m.•24 views

hostname spoofing via Improper Input Validation

Description When to use the parse-url, If user put the https://google.comhashvalue as argument, parse-url doesn't parse the hash value and parses hostname and hash together as hostname. http://localhost/hashvalue and http://localhosthashvalue are the same.. txt - new URL of node āÆ node -e...

7.1AI score
Exploits0
Huntr
Huntr
•added 2022/03/11 11:10 a.m.•24 views

File upload filter bypass leading to stored XSS

Description A User can upload .a-zhtml file e.g. ahtml, bhtml, chtml, ddhtml, AS LONG AS it ends with html with XSS payload. Upon upload, a URL with malicious html can be accessed and javascript will be executed. Proof of Concept taking chtml as example Step 1 Login to the demo portal with admin...

3.5CVSS5.2AI score0.00895EPSS
Exploits1
Huntr
Huntr
•added 2022/03/10 7:47 p.m.•24 views

XSS on dynamic_text module

Description There is XSS vulnerability on dynamictext module. Proof of Concept Visit - https://demo.microweber.org/demo/admin/view:modules/loadmodule:dynamictext Impact Below Post request was used to upload XSS payload POST /demo/api/savedynamictext HTTP/1.1 Host: demo.microweber.org Cookie:...

4.3CVSS0.1AI score0.01062EPSS
Exploits1
Huntr
Huntr
•added 2022/03/09 6:14 p.m.•24 views

Abusing Backup/Restore feature to achieve Remote Code Execution

Description Admin can use Backup modules to upload a malicious PHP file, which can lead to RCE. Proof of Concept + Log in as admin, navigate to Modules - Backup: https://demo.microweber.org/demo/admin/view:modules/loadmodule:adminbackup + Prepare a malicious PHP file, in this case info2.php +...

6.5CVSS0.7AI score0.0207EPSS
Exploits1
Huntr
Huntr
•added 2022/03/08 4:20 p.m.•24 views

Cross-site Scripting (XSS) - Stored

Description pimcore datahub is vulnerable to Stored XSS in the Unique Indetifier of the function of "Add a new configuration" in Datahub. Whenever an admin user access data hub, a stored XSS will be triggered. Proof of Concept Step 1: Go to https://demo.pimcore.fun/admin/ and login. Step 2: Click...

3.5CVSS0.3AI score0.00573EPSS
Exploits1
Huntr
Huntr
•added 2022/02/23 10:19 p.m.•24 views

Denial of Service

Description R2 will hang for several crafted binaries. Proof of Concept bash printf "%s" "AAA4AAAAAB4=" | base64 -d /tmp/a printf "%s" "z/rt/gwAAAEuAAB//wAAAACe2QEaAAAG+s8yAOH/AQAAAA==" | base64 -d /tmp/a printf "%s"...

4.3CVSS1.7AI score0.00941EPSS
Exploits1
Huntr
Huntr
•added 2022/02/10 4:27 p.m.•24 views

Improper Access Control in publify/publify

Description Article in draft mode can only be accessed by admins who have permission to manage article. Anonymous users can't view but can leave comments on article in draft mode. The cause of the vulnerability is that the draft article is setting to comment enabled and createcomment function onl...

6.4CVSS0.3AI score0.00804EPSS
Exploits1
Huntr
Huntr
•added 2022/02/03 1:44 p.m.•24 views

in mruby/mruby

Description OOB read and OOB write in mrbarypush. commit : 903c5f978a2966465d8d5c6dfac55a977d134287 Proof of Concept bash $ echo -ne "bAticjWSUkRPTkxZC2I9e30MWyohMCxtOjAwLG06MF09MXxbKiEwLG0wXQo=" |base64 -d poc ASAN $ ./bin/mruby ./poc AddressSanitizer:DEADLYSIGNAL...

6.4CVSS1.1AI score0.01153EPSS
Exploits1
Huntr
Huntr
•added 2022/01/27 5:4 a.m.•24 views

Cross-site Scripting (XSS) - Stored in microweber/microweber

Description Stored XSS occurs when changing a user's profile Proof of Concept txt XSS POC : "alertdocument.domain 1. Open the https://demo.microweber.org/demo/admin 2. Go to "Users" "Edit profile" 3. Change the value of "First Name" to XSS PoC 4. Refresh Impact Through this vulnerability, an...

3.5CVSS0.4AI score0.00631EPSS
Exploits1
Huntr
Huntr
•added 2022/01/23 3:24 a.m.•24 views

Cross-site Scripting (XSS) - Stored in vanessa219/vditor

Description The Vanessa219/vditor is a markdown editor supported by browsers. When a user creates a link using the markdown syntax, the server does not URL-encode the double-quotes, so the user can escape the href attribute and trigger XSS using the on attribute. Proof of Concept txt XSS PoC : xs...

3.5CVSS0.5AI score0.00464EPSS
Exploits1
Huntr
Huntr
•added 2022/01/11 4:14 a.m.•24 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description pimcore is vulnerable to Stored XSS at Name field in the setting tab of the Global Targeting Rules. Steps to reproduce 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In the left menu bar, click the Marketing icon then choose Personalization / Targeting - Global Targeting Rules...

3.5CVSS0.00664EPSS
Exploits1
Huntr
Huntr
•added 2021/12/26 12:23 p.m.•24 views

Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot

Title XSS in markdown link-maker Description While chatting with a client, both sides may use markdown. However, neither client's nor Chatwoot inner user's input is verified. Steps to reproduce. Note: this works in Safari and Firefox, not Chrome. I will use Telegram bot. 1. 1. Start a conversatio...

5.8CVSS0.2AI score0.00788EPSS
Exploits1
Huntr
Huntr
•added 2021/12/24 8:30 a.m.•24 views

Cross-Site Request Forgery (CSRF) in yourls/yourls

Description 1. Hi there YOURLS team, I would like to report a Cross Site Request forgery vulenrability on YOURLS. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows ...

4.3CVSS1.1AI score0.01994EPSS
Exploits5References1
Huntr
Huntr
•added 2021/12/07 8:26 a.m.•24 views

Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Description pimcore is vulnerable to Reflected XSS via the Search function for Document, Assets and Data Objects. Steps to reproduce 1.Login to pimcore admin. 2.In the left menu bar, click the Search icon then choose Documents, the Search Documents tab will display. 3.Input payload " into the...

4.3CVSS1.4AI score0.00755EPSS
Exploits1
Huntr
Huntr
•added 2021/12/05 6:0 p.m.•24 views

Server-Side Request Forgery (SSRF) in snipe/snipe-it

Description Admin users on the external network can perform blind POST-based SSRF issue requests on behalf of the server into the internal network via the Slack Integration Performing portscans 1: Go to Slack Integrations 2: Use http://127.0.0.1:1337 as the Slack Endpoint. See the error message:...

6.5CVSS5.2AI score0.00893EPSS
Exploits1References1
Huntr
Huntr
•added 2021/11/30 2:34 p.m.•24 views

Server-Side Request Forgery (SSRF) in dotcms/core

Description Hi team, I found a SSRF that allow me to access the elasticsearch API and get full response from the querys - As can be read in the following link dotCMS uses elastisearch, with this SSRF we can direct access the elastisearch REST API, - In a cloud environment, it can be possible to...

1.1AI score
Exploits0References1
Huntr
Huntr
•added 2021/11/11 2:18 p.m.•24 views

Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk

Description Stored XSS via upload 'Attachments' with format .svg or .html Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept // PoC.svg...

3.5CVSS0.9AI score0.00778EPSS
Exploits1References1
Huntr
Huntr
•added 2021/09/19 5:30 p.m.•24 views

Server-Side Request Forgery (SSRF) in osticket/osticket

Description The SSRF vulnerability in OSTickets detailed in CVE-2020-24881 is still unfixed, attackers can still make arbitrary requests via the server to the private network via the PDF print generator although they will not be able to exfiltrate anything other than image data. Proof of Concept ...

1.2AI score0.73267EPSS
Exploits3References1
Huntr
Huntr
•added 2021/09/10 12:9 p.m.•24 views

Inefficient Regular Expression Complexity in sindresorhus/semver-regex

āœļø Description It allows cause a denial of service when formatting crafted invalid semver versions. šŸ•µļøā€ā™‚ļø Proof of Concept // PoC.mjs import semverRegex from 'semver-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = '0.0.0-0' + '.-------'.repeati1 + '@';...

5CVSS4.5AI score0.01457EPSS
Exploits1
Huntr
Huntr
•added 2021/09/01 4:7 p.m.•24 views

Inefficient Regular Expression Complexity in vuelidate/vuelidate

āœļø Description A ReDoS regular expression denial of service flaw was found in the @vuelidate/validators package. An attacker that is able to provide crafted input to the urlinput function may cause an application to consume an excessive amount of CPU. šŸ•µļøā€ā™‚ļø Proof of Concept Create the following...

5CVSS1.4AI score0.01222EPSS
Exploits1
Huntr
Huntr
•added 2021/08/23 5:10 p.m.•24 views

in yourls/yourls

āœļø Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. šŸ•µļøā€ā™‚ļø Proof of Concept šŸ’„ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

6.8CVSS1.3AI score0.00405EPSS
Exploits1References1
Huntr
Huntr
•added 2021/01/28 12:0 a.m.•24 views

Server-Side Request Forgery (SSRF) in sterlp/svg2png

:book: Description Svg2Png Manage your Icons in SVG and generate the needed PNG into your projects as needed. No "Web Service" needed, just an executable JAR file. this package is vulnerable to XXE. https://github.com/sterlp/svg2png :recycle: Steps To Reproduce-: 0 download and run latest release...

4.3CVSS0.5AI score0.007EPSS
Exploits1
Huntr
Huntr
•added 2021/01/06 12:0 a.m.•24 views

Cross-site Scripting (XSS) - Generic in kekingcn/kkfileview

Description kkFileView this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/kekingcn/kkFileView Steps To Reproduce-: stored XSS 1 install https://github.com/kekingcn/kkFileView locally or https://file.keking.cn/index use demo 2 while uploading files for preview use js...

6.6AI score
Exploits0References2
Total number of security vulnerabilities4072