Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/07/06 3:11 p.m.23 views

Stored XSS via SVG File

Description By uploading SVG files, the users can perform Stored XSS attack. Payload Copy the following code and save as filename.svg. alertdocument.domain Proof of Concept 1 Login as admin. 2 upload the payload injected SVG file at...

4.3CVSS5.1AI score0.00557EPSS
Exploits1
Huntr
Huntr
added 2022/07/02 3:56 p.m.23 views

Hiperlink injection in email

BUG ========= Hiperlink injection in email SUMMURY ============= There is no character length limit in user fullname . So, user can set fullname to large number character and also can put link url . DETAILS =============== 1. goto admin account profile and change fullname to bellow Hi, You have...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/06/22 2:40 a.m.23 views

Open Redirect

Description The Greenlight end-user interface is vulnerable to Open Redirect vulnerability in Login page due to unchecked the value of returnto cookie. Proof of Concept Original request example POST /gl/u/login HTTP/1.1 Host: demo.bigbluebutton.org Cookie:...

0.4AI score0.00362EPSS
Exploits0
Huntr
Huntr
added 2022/06/04 8:32 a.m.23 views

Stored XSS in Task field

Description The application Titra is vulnerable to Stored XSS in Task field. Steps To Reproduce 1. Click on add Track button 2. In the Task field enter the payload " 3. click save 4. Now Click on Details 5. XSS will be triggered Image PoC...

3.5CVSS0.2AI score0.00674EPSS
Exploits1
Huntr
Huntr
added 2022/06/04 8:22 a.m.23 views

Stored XSS in Project Name

Description The application Titra is vulnerable to Stored XSS in Project name field. Steps To Reproduce 1. Click on Edit button 2. Under the Project Name enter the paylaod " 3. Click on save. 4. Now navigate to details the XSS will be triggered. Image PoC...

3.5CVSS0.1AI score0.00674EPSS
Exploits1
Huntr
Huntr
added 2022/05/24 3:42 p.m.23 views

Stored XSS in "Tab Image" and "Group Image"

Description The organizr application allows malicious javascript payload in the "Tab Image" and "Group Image" for which its leads to stored XSS. Proof of Concept 1 1.Login to the co-admin account and go to "Settings" - "Tab Editor". 2.Now click on "Tabs" - "Add New Tab" and filled all the details...

3.5CVSS5.8AI score0.00653EPSS
Exploits1
Huntr
Huntr
added 2022/05/08 3:16 a.m.23 views

Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Add Item,And name is payload alertlocation...

4.9CVSS0.9AI score0.00531EPSS
Exploits1
Huntr
Huntr
added 2022/04/29 5:23 a.m.23 views

Reflected XSS

Description Hello , i found an authenticated reflected xss via path fragment this was exploitable through trusting user input in url path fragement , please note : if you wrote a different payload you need to URL Encode the payload twice Proof of Concept Enter this url :...

3.5CVSS0.2AI score0.00579EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/26 12:58 a.m.23 views

Buffer Over-read

Description Stack-based Buffer Overflow at index.c:991 Build git clone https://github.com/bfabiszewski/libmobi.git cd libmobi export CFLAGS="-g -O0 -lpthread -fsanitize=address" export CXXFLAGS="-g -O0 -lpthread -fsanitize=address" export LDFLAGS="-fsanitize=address" ./autogen.sh ./configure...

4.6CVSS6.9AI score0.00395EPSS
Exploits1
Huntr
Huntr
added 2022/04/20 1:37 p.m.23 views

Store XSS in title parameter executing at EditUser Page & EditProducto page

Description Cross-site scripting XSS is a common attack vector that injects malicious code into a vulnerable web application. Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Proof ...

3.5CVSS0.2AI score0.00719EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/16 2:56 a.m.23 views

SQL injection vulnerability in ARAX-UI Synonym Lookup functionality

Description The /rtxcomplete/nodeslike endpoint in the ARAX-UI application at https://arax.rtx.ai is vulnerable to SQL injection. It is possible to include a malicious SQL payload in the word query parameter for this endpoint that would allow an attacker to dump the database, make modifications t...

10CVSS0.5AI score0.03485EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/25 12:16 a.m.23 views

unchecked size in _load_bmp leads to RAM exhaustion in version 3.10

Description Via a maliciously crafted bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer. Version This does affect the newest Version of Cimg which...

1.9CVSS1AI score0.00397EPSS
Exploits1
Huntr
Huntr
added 2022/03/14 2:24 p.m.23 views

Stored XSS viva .properties file upload

Description The application allows .properties files to upload which lead to stored XSS Proof of Concept 1.First, open your text file/notepad and paste the below payload and save it as XSS.properties: alert1337 alertdocument.domain alertdocument.location alert'XSSbySamprit Das' 2.Then go to...

3.5CVSS0.6AI score0.0084EPSS
Exploits1
Huntr
Huntr
added 2022/03/13 1:26 p.m.23 views

Stored XSS due to Unrestricted File Upload

Description Stored XSS via uploading files in .xsd, .asa and .aspx already mentioned in previous report formats. Proof of Concept For .xsd filename="poc.xsd" alert1 For .asa and .aspx filename="poc.asa" alert1 Steps to Reproduce 1.Login into showdoc.com.cn.\ 2.Navigate to file library...

3.5CVSS5.6AI score0.0074EPSS
Exploits1
Huntr
Huntr
added 2022/03/08 4:20 p.m.23 views

Cross-site Scripting (XSS) - Stored

Description pimcore datahub is vulnerable to Stored XSS in the Unique Indetifier of the function of "Add a new configuration" in Datahub. Whenever an admin user access data hub, a stored XSS will be triggered. Proof of Concept Step 1: Go to https://demo.pimcore.fun/admin/ and login. Step 2: Click...

3.5CVSS0.3AI score0.00573EPSS
Exploits1
Huntr
Huntr
added 2022/03/06 11:18 p.m.23 views

Improper Authorization and possible DoS when using PAM Auth

Description When bareos versions after 18.2 are build and configured for PAM authentification it skips checking authorization completely. Expired accounts and accounts with expired passwords can still login. Further after wrong authentication or the code returns without releasing the PAM handle,...

6.8CVSS1AI score0.01996EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/05 7:20 p.m.23 views

Improper Authorization

Description When configuring saltstack to authentificate via the salt.auth.pam module. The authorization of a account validity is missing. Therefore expired accounts, or accounts with expired passwords, can still login. Proof of Concept Configure salt with salt.auth.pam and run it with an expired...

6.5CVSS1.8AI score0.01878EPSS
Exploits0References1
Huntr
Huntr
added 2022/02/24 3:25 a.m.23 views

Business Logic Errors

Description Product status of product is unpublished has been deleted by admin in Trash folder but user can still add to cart and make purchases Proof of Concept Step 1: Admin go to Shop Products: Unpublish product and Delete product Step 2: User add product to cart by request POST...

4CVSS4.6AI score0.00631EPSS
Exploits1
Huntr
Huntr
added 2022/02/22 5:15 p.m.23 views

Cross-site Scripting (XSS) - Stored

Description I found a Stored XSS vulnerability at admin page: https://demo.microweber.org/demo/admin/view:settingsoptiongroup=files Proof of Concept Step 1: Go to Settings Website settings Files Step 2: Create new folder with folder name : // Request --------------------------------------- POST...

3.5CVSS4.4AI score0.00613EPSS
Exploits1
Huntr
Huntr
added 2022/02/10 4:27 p.m.23 views

Improper Access Control in publify/publify

Description Article in draft mode can only be accessed by admins who have permission to manage article. Anonymous users can't view but can leave comments on article in draft mode. The cause of the vulnerability is that the draft article is setting to comment enabled and createcomment function onl...

6.4CVSS0.3AI score0.00804EPSS
Exploits1
Huntr
Huntr
added 2022/02/08 4:49 a.m.23 views

Improper Access Control in liukuo362573/yishaadmin

Description https://www.github.com/liukuo362573/yishaadmin has an endpoint "/admin/File/DeleteFile" that allows deleting files without authentication. Root-cause Server doesn't check user's permission when attacker access the endpoint. After that, server will directly call delete function with th...

1.8AI score
Exploits0
Huntr
Huntr
added 2022/02/05 10:0 p.m.23 views

Server-Side Request Forgery (SSRF) in chocobozzz/peertube

Description First of all, Thanks to my friend Haxatron for his excellent report I read the fix commit, and I found out that the code only Checked the IP addresses and didn't check the domain names that refer to a private IP address Steps to reproduce first, set up a local server at 127.0.0.2:8000...

5CVSS0.8AI score0.00893EPSS
Exploits1
Huntr
Huntr
added 2022/01/24 8:36 a.m.23 views

Exposure of Sensitive Information to an Unauthorized Actor in httpie/httpie

Description All cookies saved to session storage are supercookies. Proof of Concept in /etc/hosts 127.0.0.1 host1.example.com 127.0.0.1 host2.example.net headers-helper.rpy; run with twist web --resource-script= and it'll run on 8080 from pprint import pformat from twisted.web.resource import...

5CVSS4.5AI score0.01272EPSS
Exploits1
Huntr
Huntr
added 2022/01/22 2:18 p.m.23 views

in radareorg/radare2

Description This vulnerability is of out-of-bound read which is caused by negative buffer index. The bug exists in latest stable release radare2-5.5.4 and lastest master branch ed2030b79e68986bf04f3a6279463ab989fe400f, updated in Jan 22, 2022. Specifically, the vulnerable code is highlighted out ...

5.8CVSS6.5AI score0.00958EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/17 8:54 a.m.23 views

in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Insecure Direct Object Reference / IDOR vulnerability. The system's authorization functionality does not prevent one user from deleting another user by modifying the userid identifying the user. Each user has a userid 1,2,3,.... A malicious authorized...

6CVSS0.01086EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/16 6:39 a.m.23 views

in detekt/detekt

Description The read function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

7.5CVSS1.4AI score0.01417EPSS
Exploits1
Huntr
Huntr
added 2022/01/12 3:22 p.m.23 views

in skylot/jadx

Description parseXml function in ExportGradleProject is not secured against XXE because it does not include the disallow-doctype-decl attribute, therefore JADX is vulnerable to XXE when parsing a malicious Android Manifest when exporting Android app to Gradle. In...

4.3CVSS5.2AI score0.01059EPSS
Exploits1
Huntr
Huntr
added 2022/01/12 6:23 a.m.23 views

Exposure of Sensitive Information to an Unauthorized Actor in feross/simple-get

BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...

5CVSS8.1AI score0.02024EPSS
Exploits1
Huntr
Huntr
added 2022/01/08 3:7 p.m.23 views

Cross-site Scripting (XSS) - DOM in karma-runner/karma

Description DOM-based XSS is a vulnerability in which the attacker can inject arbitrary javascript code in any DOM sink that supports dynamic code execution. In our case, source is query parameter returnurl and sink is location.href. Proof of Concept 1 Start karma server and visit the following...

4.3CVSS0.8AI score0.15174EPSS
Exploits1
Huntr
Huntr
added 2022/01/07 11:1 a.m.23 views

None in vim/vim

Description A Heap-based Buffer Overflow has been found in vim commit a909c48 Proof of Concept base64 poc ZGVmIEZpcnN0RnVuY3Rpb24oKQogIGRlZiBTZWNvbmRGdW5jdGlvbihKICA9CiAgIyBOb2lzCiAg IyBvbmUKICAgCiAgIGVuZGRlZnxCQkJCCmVuZGRlZgojIENvbXBpbGUgYWxsIGZ1bmN0aW9ucwpk ZWZjb21waWxlCg==...

4.3CVSS6.4AI score0.01719EPSS
Exploits1
Huntr
Huntr
added 2022/01/05 10:39 a.m.23 views

Exposure of Sensitive Information to an Unauthorized Actor in scrapy/scrapy

BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============= When you crawling a site with cookie and it received Location header to redirect then scrappy send all cookie to this redirect url even if this is different domain . But every browser...

4CVSS0.01243EPSS
Exploits1
Huntr
Huntr
added 2022/01/03 7:55 a.m.23 views

Exposure of Sensitive Information to an Unauthorized Actor in hoppscotch/hoppscotch

Description Steal authorization token via xss and hijack attack Proof of Concept Using this attack , attacker can hijack account by stealing authorization header . I see there is team based collaboration exists ,so one user can hack other user account using this bug . STEP -------- First host...

6CVSS0.3AI score0.01199EPSS
Exploits1
Huntr
Huntr
added 2021/12/10 2:21 a.m.23 views

Cross-Site Request Forgery (CSRF) in patrowl/patrowlmanager

Description Hi there, there is a CSRF in duplicating rule due to the usage of GET method. Proof of Concept 1. Install a local instance of PatrowlManager 2. Go to list rule and create a new rule 3. Access this link http://localhost:8083/rules/api/v1/alerting/duplicate/1 and see that the rule is...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/11/21 1:32 p.m.23 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept // PoC.js Steps to reproduce : 1-- Go over settings -- Data Objects -- Objectbricks. 2-- Click Add or Edit a previous one . 3-...

4.3CVSS6.2AI score0.0156EPSS
Exploits1
Huntr
Huntr
added 2021/11/12 1:20 a.m.23 views

in elgg/elgg

Hello there! Hope you're having an awesome day :D Actually, it's been a few months since I found this bug, but I had no success in trying to contact you guys, and now I discovered that you're on Huntr. So now I'm sending my report from here : Summary During this week, I was participating at a bug...

4.3CVSS4.9AI score0.00779EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/31 3:41 p.m.23 views

PHP Remote File Inclusion in tsolucio/corebos

Description An attacker can use Local File Inclusion LFI to trick the web application into exposing or running files on the web server. An LFI attack may lead to information disclosure, remote code execution, or even Cross-site Scripting XSS. Proof of Concept // PoC.js Link --...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/10/27 3:14 p.m.23 views

None in glpi-project/glpi

Description We can have list of user of Emplyes in GLPI plateform Proof of Concept Here for example wa are as Intervenant Role. Steps to reproduce : 1. Go to Assistance--Planning 2.In the left of the menu in front of Plannings section, clich on Plus + Button 3. In the Actor Field List we select...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/10/18 11:16 a.m.23 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description Hey Corebos team An attacker able to delete a workFlow as there isn't exist any CSRF token for it. //PoC.html history.pushState'', '', '/' document.forms0.submit; after that you open the PoC.html file the workflow with id equal to 27 will be deleted...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/08/03 3:52 p.m.23 views

Cross-site Scripting (XSS) - Stored in kalcaddle/kodexplorer

✍️ Description XSS via SVG file Upload 🕵️‍♂️ Proof of Concept upload the svg file with xss payload and open it with browser alertdocument.domain; 💥 Impact Custom JS code execution embedded with in the svg file...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/07/21 6:34 p.m.23 views

None in firefly-iii/firefly-iii

Improper Restriction of Excessive Authentication Attempts. The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks. STEPS FOR REPRODUCTION: 1Go to...

5CVSS0.3AI score0.0071EPSS
Exploits1
Huntr
Huntr
added 2021/07/08 8:1 a.m.23 views

Open Redirect in tjenkinson/url-toolkit

✍️ Description url-toolkit mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-toolkit sees it as a relative path. Which will lead to SSRF attacks, open redirects,...

0.1AI score0.02483EPSS
Exploits2
Huntr
Huntr
added 2021/06/18 1:5 p.m.23 views

Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy

✍️ Description The user/reset-api-key/endpoint does not have a CSRF protection. This could be exploited by an attacker to change the API key without the admin not actually requesting for a change. 🕵️‍♂️ Proof of Concept For the following attack to work, the admin victim must be logged into their...

1AI score
Exploits0References1
Huntr
Huntr
added 2021/05/24 3:23 a.m.23 views

in dolibarr/dolibarr

💥 BUG unprivileged user can attach bank to another user. 💥 IMPACT user who dont have any access in "users and groups" can update users bank details 💥 TESTED VERSION dolibarr 14.0.0-beta 💥 STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B bellow...

7.1AI score
Exploits0
Huntr
Huntr
added 2021/03/09 3:18 a.m.23 views

Command Injection in azure/ms-rest-nodeauth

✍️ Description the core function execAz which is purposely used for az command can be injected with arbitrary other OS commands. Also the attackers can exploit this vulnerability by calling AzureCliCredentials.setDefaultSubscription"OS command" from the Azure CLI. 🕵️‍♂️ Proof of Concept // PoC.js...

6.8CVSS2.8AI score0.01956EPSS
Exploits0
Huntr
Huntr
added 2021/01/11 12:0 a.m.23 views

Prototype Pollution in js-data/js-data

Description js-data is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js const js = require"js-data"; const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted; js.utils.deepMixInobj, payload;...

7.5CVSS2AI score0.01959EPSS
Exploits1
Huntr
Huntr
added 2020/11/24 12:0 a.m.23 views

Cross-site Scripting (XSS) - Generic in thirtybees/thirtybees

Description Thirty bees is matured e-commerce solution which once started as a fork of PrestaShop 1.6.1.11 and is still compatible with almost all PS 1.6 modules. Its focus is on stability, correctness and reliability of the rich feature set, to allow merchants to focus on growing their business...

6.4AI score
Exploits0References1
Huntr
Huntr
added 2023/09/23 3:51 p.m.22 views

Disabled accounts still work normally

Description Disabled accounts still work normally Proof of Concept The account A is logged in and active. Admin suddenly disabled that account, but account A still works normally. Video Poc https://drive.google.com/file/d/15OHZF71pJyGaU30dQaw6NglkpZEhpOPm/view?usp=sharing...

7.2AI score0.0044EPSS
Exploits1
Huntr
Huntr
added 2023/09/15 4:23 a.m.22 views

Dom XSS in module "Search IPv6"

Description 1 .Access to IPv6 search function 2 .Enter the payload in the IPv4 field to perform the search Payload : "alertdocument.cookie 3 .Enter the search button and the payload will be executed Proof of Concept Link video Poc :...

5.8CVSS6.9AI score0.00561EPSS
Exploits1
Huntr
Huntr
added 2023/08/14 7:52 a.m.22 views

XSS at file uploading

Description In menu Add page, there is a upload file function and xss payload can be injected there. Detail: 1/ Access to the web demo and go to Add page menu. 2/ At upload file function, upload an file with filename is a payload xss. 3/ It will be triggered immediately. Proof of Concept Payload:...

5.8CVSS7AI score0.00408EPSS
Exploits1
Huntr
Huntr
added 2023/08/04 10:42 a.m.22 views

Reflected XSS in URL path of '/admin/controllers/edit/activity/perms/'

Description /admin/controllers/edit/activity/perms/ takes input from the URL directly without sufficient sanitization leading to a Reflected XSS. A valid admin session is required, without it, the user will be brought to the login page instead of the affected page. Proof of Concept 1. Login as an...

4.3CVSS6.8AI score0.00409EPSS
Exploits1
Total number of security vulnerabilities4072