Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/07/14 12:40 p.m.23 views

SQL injection in Data Objects function

Description Log in as an admin, go to Data Objects function, and perform a sort action. Observer the request on Burpsuite and injection point is the 'sort' parameter Proof of Concept POC request that makes the application sleep for 5 seconds Data Objects function payload:...

5.8CVSS7.2AI score0.00957EPSS
Exploits1
Huntr
Huntr
added 2023/06/29 4:45 p.m.23 views

Reflected XSS

Description An attacker can steal the session token of any user by exploiting reflected XSS. Proof of Concept Send GET request to any of the below links. http://target/templates/pages/debugpanel.php?id=xss"alertdocument.cookie http://target/templates/pages/debugpanel.php?id=xss"alert'xss' Send PO...

5.8CVSS6.9AI score0.01293EPSS
Exploits1
Huntr
Huntr
added 2023/06/10 6:35 a.m.23 views

Downloadable product type lacks order status check

Description There is a vulnerability in fossbilling where upgrading non-active orders is prevented, but it is possible to still do so through the upgrade API...

5CVSS6.8AI score0.00407EPSS
Exploits1
Huntr
Huntr
added 2023/06/04 3:3 p.m.23 views

Stored XSS in many configuration fields

Description Paste the XSS payload into the configuration fields. And I think there are many fields to configure that can be vulnerable to Stored XSS vulnerabilities, such as configuration fields in Options, MFA, API, Emails,... hope you check it too. Proof of Concept...

4.9CVSS6.1AI score0.00537EPSS
Exploits1References1
Huntr
Huntr
added 2023/05/27 9:52 a.m.23 views

Markdown injection into github comment

Description Users can donate for builds by tipping [email protected]. There's a github action that will thank the user in a comment. The name is not sanitized and by using one such as the following, attackers can inject their own markdown into the comment. foo The "" breaks out of the context,...

7AI score
Exploits0
Huntr
Huntr
added 2023/05/17 1:13 p.m.23 views

Stack-overflow in function xml_sax_parse at src/utils/xml_parser.c

Description Stack-overflow in MP4Box. Version shell MP4Box - GPAC version 2.3-DEV-rev263-g2afa05f4d-master c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.9AI score0.00387EPSS
Exploits1References1
Huntr
Huntr
added 2023/04/26 6:47 a.m.23 views

Local File Inclusion (LFI)

Description The vulnerability in the code is a Local File Inclusion LFI vulnerability. It allows an attacker to read arbitrary files on the server by exploiting a flaw in the code that allows the attacker to manipulate the "InternalPath" parameter in a request to include files from the server's...

5CVSS6.9AI score0.00759EPSS
Exploits2References1
Huntr
Huntr
added 2023/04/20 6:40 p.m.23 views

LFI in Model Version REST API creation

Description By creating a model version through the REST API endpoint api/2.0/mlflow/registered-models/create and specifying a relative path redirection to the source argument, local server files can be accessed on the tracking server when a subsequent REST API v1.1 call is made to...

5CVSS7.2AI score0.04153EPSS
Exploits1
Huntr
Huntr
added 2023/03/22 6:58 p.m.23 views

Cross site scripting on the login page

Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. URL...

5.8CVSS6AI score0.0109EPSS
Exploits1
Huntr
Huntr
added 2023/03/12 1:15 p.m.23 views

XSS @ records

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Code 1: $recordLang = Filter::filterInputINPUTPOST, 'lang', FILTERUNSAFERAW; $tags =...

4.3CVSS5.4AI score0.00473EPSS
Exploits1
Huntr
Huntr
added 2023/03/10 6:30 p.m.23 views

cross site scripting

Pimcore is vulnerable to Cross site scripting vulnerability in classes module...

4.9CVSS5.3AI score0.00457EPSS
Exploits1
Huntr
Huntr
added 2023/02/28 5:2 a.m.23 views

Stored XSS in the Redirects module

Description pimcore is vulnerable to Stored XSS at Expiry field in the Redirects module. Payload " Step to reproduce/Proof of Concept 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In the left menu bar, go to Tools - Redirects. 3.In the Redirects tab, click Add button, input any text into t...

4.9CVSS5.1AI score0.00349EPSS
Exploits1
Huntr
Huntr
added 2023/02/19 6:27 p.m.23 views

Lack of brute force protection

Issue Description • A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until an attacker discover the one correct combination that works. Steps to Reproduce: '1. First capture login request with BurpSuite,...

7AI score0.00591EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/15 12:4 p.m.23 views

heap-buffer-overflow in function adts_dmx_process filters/reframe_adts.c

Version MP4Box - GPAC version 2.3-DEV-rev44-gbe9f8d395-master c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration:...

4.4CVSS7.4AI score0.00453EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/12 5:3 a.m.23 views

Two Stored XSS in Instructions and User Widget

Stored XSS 1 Description 1 The santinizer founction noxsshtml$html can be bypassed since it missed to ban the tag of in $bannedelements = 'script', 'iframe', 'embed';. By this missing, the logged admin can maliciously inject xss payloads like in the backend database using the point POST...

4.3CVSS5.4AI score0.00473EPSS
Exploits1
Huntr
Huntr
added 2023/02/10 8:13 a.m.23 views

Stored XSS

Description answer has a feature to customize the "Site Name" during installation or in the settings page , due to a bad sanitization it allows to put arbitrary html code which allows to execute javascript code. Everytime a user enter in the website, the xss is triggered. Injected payload...

4.3CVSS5.9AI score0.00526EPSS
Exploits1
Huntr
Huntr
added 2023/02/09 2:23 p.m.23 views

Vulnerable to clickjacking

Description Vulnerable to clickjacking Proof of Concept 1 Create an iframe.html with below contents The iframe element 2 Open with firefox and note that the frame is loaded which is potential to clickjacking due to missing x-frame-options security headers...

5.8CVSS5.6AI score0.00373EPSS
Exploits1
Huntr
Huntr
added 2023/02/04 6:42 p.m.23 views

Html Injection in Contributors

Description Html injection in Contributors and just only need html payload in Display Name and fire in Contributors list Proof of Concept 1. Login to squidex 2. Create an app with random name. 2. Go to Edit Profile then Edit users display name with html payload = Sanket722 3. Go to...

4CVSS7.2AI score0.00521EPSS
Exploits1
Huntr
Huntr
added 2023/02/02 3:11 a.m.23 views

Restrictive composer.json makes Dompdf vulnerable to URI validation failure on SVG parsing

Description The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This might lead to arbitrary object unserialize on PHP tags, in src/Image/Cache.php: if $type === "svg" $parser = xmlparsercreate"utf-8"; xmlparsersetoption$parser,...

6.4AI score
Exploits0References2
Huntr
Huntr
added 2023/01/25 11:45 p.m.23 views

Name Field and all other required Fields Bypass while doing FAQ Proposals

Dear Ladies and Gentlemen, I was able to identify in the Process of sending a FAQ Proposal a Username and all other required Fields Bypass Vulnerability. The Attacker can bypass all the required fields by sending a space at any required field like name, text, answer or question which is a require...

4CVSS5AI score0.0061EPSS
Exploits1References2
Huntr
Huntr
added 2023/01/03 6:46 a.m.23 views

Unrestricted Logging Filename Lead to RCE

Description This vulnerability occur because there is no filename restriction for saving logging file. In this case attacker can set the filename to existing php file and append php code on it by manipulating the logged input. Proof of Concept 1. Log in using operator account, in this case i try ...

5.8CVSS6.9AI score0.01017EPSS
Exploits2References1
Huntr
Huntr
added 2023/01/02 4:34 p.m.23 views

Stored XSS via `.pages` File in

Description When user upload a file with .pages extension and direct access this file, the server response with Content-type: application/octet-stream lead to processing .pages as HTML file. I only discovered this file extension doing more research on XSS Proof of Concept POST...

4.9CVSS5.7AI score0.006EPSS
Exploits1References2
Huntr
Huntr
added 2022/12/27 6:24 p.m.23 views

NULL Pointer Dereference

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Release: n/a Codename: bookworm Version I checked against the latest release as of 12/27/22 version 5.8.0 and the current master branch at commit 031da1be8f6c9aa55f6e4e76df962d2c85dc32e8 . Description This...

5CVSS2AI score0.00698EPSS
Exploits1
Huntr
Huntr
added 2022/12/26 5:33 a.m.23 views

Patient ability to rewrite it's own documents leads to HTML injection

Description It looks like through the PUT request, a Patient can rewrite it's own document via the fullDocument JSON parameter. In this way a malicious user patient can't override the document form and rewrite his own, also injecting valid HTML code that the Doctor would be able to see. Proof of...

5.5CVSS6.8AI score0.00559EPSS
Exploits1
Huntr
Huntr
added 2022/12/21 8:30 a.m.23 views

Stored XSS in multiple menus

Description The demo website is affected of stored XSS at multiple menus. Proof of Concept 01 1. Access to the demo website http://demos4.softaculous.com/ 2. Login with admin user they provide, press on menu Uploader, in Uploader tab, try to upload whichever file then choose Media manager tab. 3...

4.9CVSS5.5AI score0.00518EPSS
Exploits1
Huntr
Huntr
added 2022/12/19 9:43 p.m.23 views

Stored XSS while creating a new post

Description After login create a new post and type the following text with XSS payload XSS in create post then click post that will be executed. Proof of Concept XSS in create post tete...

4.9CVSS5.5AI score0.00652EPSS
Exploits1
Huntr
Huntr
added 2022/12/18 2:0 p.m.23 views

Stored XSS in FAQ comments

Description Stored XSS in FAQ comments by any visitor or anonymous user that alerted in admin panel in comments page also it stored in the FAQ page itself via injecting XSS payload in "Name " and "Message" input fields . Proof of Concept...

4.9CVSS5.2AI score0.00546EPSS
Exploits0
Huntr
Huntr
added 2022/12/12 6:48 p.m.23 views

Multiple XSS Vulnerabilities in Queue Condition

Description Cross-Site Scripting XSS vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code...

4.9CVSS5.9AI score0.01015EPSS
Exploits1
Huntr
Huntr
added 2022/12/12 5:21 a.m.23 views

Unauthenticated Remote Command Execution on corebos due to exposed install files.

Description While analysing corebos source-code, I found a file that looked interesting: - install/MigrationDbBackup.php This file contains the following snippet of code: php ?php /+ The contents of this file are subject to the vtiger CRM Public License Version 1.0 "License"; You may not use this...

7.5CVSS1.9AI score0.01267EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/07 2:40 p.m.24 views

Sensitive system information disclosure

Description An unauthenticated user can gather information on the remote system just by visiting the following endpoints: + /library/exten-radiusserverinfo.php which reveals pieces of information such as system uptime, CPU load, etc. + /library/exten-serverinfo.php which reveals if mysql and/or...

5CVSS6.3AI score0.00701EPSS
Exploits1
Huntr
Huntr
added 2022/12/04 10:36 a.m.23 views

Path traversal vulnerability found

Description please check this link https://demos4.softaculous.com/FlatPressfgbu50zqaa/fp-content/ Proof of Concept https://prnt.sc/0UGovVLWcKo7...

7.5CVSS9AI score0.03637EPSS
Exploits1
Huntr
Huntr
added 2022/10/27 5:2 p.m.23 views

SQL Injection - SQL as a service (No-auth)

Description The GLPI's plugin named glpi-archimapcontains an ajax route named getconfig.php which allows a user to retrieve the plugin configuration. However, this route is accessible by everyone because there is no authentication check. Moreover, the attacker can inject his own SQL queries and g...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2022/10/27 5:0 p.m.23 views

Dev mode Path traversal

Description Vite is misconfigured within nuxt to permit any file to be retrieved from the file system. Root Cause Vite configuration has strict set to false. Exploitation Requirements: + Server must be running in developer mode Vulnerability can be exploited using paths like the following...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2022/10/20 8:50 a.m.23 views

Reflect Cross Site Scripting when search

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept 1. Go to your web phpmyfaq and visit http:///phpmyfaq/index.php?search= 2. inject payload to param search: 1af"+onclick='alert...

5.8CVSS0.05743EPSS
Exploits3
Huntr
Huntr
added 2022/10/07 1:40 p.m.23 views

File Upload Type Validation Error

Description The upload functionality does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature p.e. GIF89 and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS...

6.5CVSS0.1AI score0.01057EPSS
Exploits1
Huntr
Huntr
added 2022/10/05 2:49 p.m.23 views

Stored Cross Site Scripting (XSS) in parameter rp4wp[heading_text]

Description The Related Posts for WordPress plugin is vulnerable to stored XSS, specifically in the rp4wpheadingtext parameter because the user input is not properly sanitized, allowing the insertion of JavaScript code that can exploit the vulnerability. Proof of Concept 1 - Install and activate...

4.9CVSS5.5AI score0.01113EPSS
Exploits1
Huntr
Huntr
added 2022/09/29 4:11 p.m.23 views

Xss vulnerability in Button module

Steps 1.Visit https://demo.microweber.org 2.Click option 'Modules' in the left list 3.Click and go into the 'Button' 4.Click the 'edit url' and Enter the following javascript alert1 Proof of Concept Video javascript https://1drv.ms/v/s!Ai0UEGpMIb9scRgdvmX1sBCQu4A...

4.9CVSS5.6AI score0.00519EPSS
Exploits1
Huntr
Huntr
added 2022/09/22 6:9 p.m.23 views

Improper Cache control allows attacker to view sensitive data

Description Due to improper cache control an attacker can view sensitive information even if he is not logged into the account Proof of Concept 1 Go to https://rdiffweb-demo.ikus-soft.com/login/ and login into your account using given credentials 2 Go to...

2.1CVSS0.8AI score0.00507EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/19 12:10 a.m.23 views

Privilege escalation from admin and normal user to super admin

Description Lavsms provides 5 types of roles. But the issue is admin can escalate to the super admin role for himself as well as for other un-privileged users too even lower than the admin role. Proof of Concept 1. POST /users/id with custom payload via API Testing tool like postman/Insomnia. Ste...

1AI score
Exploits0
Huntr
Huntr
added 2022/09/16 9:43 a.m.24 views

Stored XSS via SVG File

Description By uploading SVG files, the users can perform Stored XSS attack. Copy the following code and save as filename.svg. Proof of Concept alertdocument.domain 1 Login as user with upload permission. 2 upload the payload injected SVG file at https://demo.inventree.org/order/sales-order/3/ 3...

4.9CVSS5.8AI score0.00601EPSS
Exploits1
Huntr
Huntr
added 2022/09/15 3:57 a.m.23 views

Reflected XSS In User/Roles Function

Description URL: https://demo.pimcore.fun/admin/ In Setting select User/Roles and select User. After created user, move to Workspace tab and inject payload XSS at Documents, Assets and Data Objects. XSS payload will be trigger. Besides, Workspace in Roles Also having the same situation. Can you...

4.3CVSS5AI score0.00658EPSS
Exploits1
Huntr
Huntr
added 2022/09/07 6:53 a.m.23 views

Buffer Over Read in gf_utf8_wcslen

Description Buffer Over Read in function gfutf8wcslen at gpac/src/utils/utf.c:442 . gpac version git log commit fc4749f9ce8d6ddf50d1f1104366cdacede14d33 grafted, HEAD - master, origin/master, origin/HEAD Author: Aurelien David Date: Mon Aug 1 06:44:34 2022 -0700 fix quickjs build on osx 10.12 222...

4.4CVSS7.6AI score0.00409EPSS
Exploits1
Huntr
Huntr
added 2022/09/07 4:46 a.m.23 views

UI REDRESSING

Description Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills...

6.8CVSS1AI score0.00968EPSS
Exploits1References3
Huntr
Huntr
added 2022/08/28 12:41 a.m.23 views

DDOS attack by uploading a few hundred large files

Description can normal user upload the photo to the profile not allowed photo more than 2 MB i can upload photo more allowed limit Proof of Concept https://drive.google.com/file/d/1jh0n9kOoFvW-esHgpOtPeURTYjSIhDm/view?usp=sharing...

4CVSS0.1AI score0.00753EPSS
Exploits1
Huntr
Huntr
added 2022/08/20 11:57 p.m.23 views

Weak Password Change Mechanism

Description The user password change page, doesn't require knowledge of the existing password. Proof of Concept 1. - Log in as a normal user 2. - Go to the User Dashboard page and click User Settings. 3. - Set a any new password. 4. - Click confirm 5. - The password is changed successfully...

4.3CVSS1AI score0.00334EPSS
Exploits1
Huntr
Huntr
added 2022/08/19 5:45 p.m.23 views

Persistent Cross Site Scripting - Workflow Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On Workflow module from Settings, the type of workflowModel-summary parameter is not defined and validated, it's used directly without any encoding or validation on Workflows/Step1.tpl and...

4.9CVSS0.1AI score0.00512EPSS
Exploits1
Huntr
Huntr
added 2022/07/23 4:29 p.m.23 views

No Protection against Bruteforce attacks on Login page

Description Wger Workout Manager does not limit unsuccessful login attempts allowing Brute Forcing. Proof of Concept Steps to Reproduce: 1. Register a new user 2. Logout 3. Send a login request with an incorrect password 4. Capture the login request 5. Replay the login request with a different...

7.5CVSS8.8AI score0.00661EPSS
Exploits1References1
Huntr
Huntr
added 2022/07/17 11:48 a.m.23 views

[Bypass] Cross-site Scriptin (XSS) via file upload

🔒️ Requirements Privileges: User. 📝 Description I found a bypass to this report by uploading the file with "public": true, parameter. This is due to the fact that AWS bucket public folder does not auto download files when we access them. 🕵️‍♂️ Proof of Concept Step 1: Go your outline home and...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/07/06 3:11 p.m.23 views

Stored XSS via SVG File

Description By uploading SVG files, the users can perform Stored XSS attack. Payload Copy the following code and save as filename.svg. alertdocument.domain Proof of Concept 1 Login as admin. 2 upload the payload injected SVG file at...

4.3CVSS5.1AI score0.00557EPSS
Exploits1
Huntr
Huntr
added 2022/06/22 2:40 a.m.23 views

Open Redirect

Description The Greenlight end-user interface is vulnerable to Open Redirect vulnerability in Login page due to unchecked the value of returnto cookie. Proof of Concept Original request example POST /gl/u/login HTTP/1.1 Host: demo.bigbluebutton.org Cookie:...

0.4AI score0.00362EPSS
Exploits0
Total number of security vulnerabilities4072