Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/08/04 10:42 a.m.22 views

Reflected XSS in URL path of '/admin/controllers/edit/activity/perms/'

Description /admin/controllers/edit/activity/perms/ takes input from the URL directly without sufficient sanitization leading to a Reflected XSS. A valid admin session is required, without it, the user will be brought to the login page instead of the affected page. Proof of Concept 1. Login as an...

4.3CVSS6.8AI score0.00409EPSS
Exploits1
Huntr
Huntr
added 2023/08/02 6:0 p.m.22 views

Unrestricted Upload File leads to Remote Code Execution

Description The upload file function is vulnerable that user can upload the file with other extensions .php, .phps, ... by using Magic Bytes technique. However, the .htaccess has almost prevented all the files with extensions such as php, phps, phtml, ... The attacker still can upload the hphp fi...

6.5CVSS7.4AI score0.00825EPSS
Exploits1
Huntr
Huntr
added 2023/06/14 1:28 a.m.22 views

Sensitive Cookie Without Secure Flag

Description Access and login to the demo website: https://demo.openitcockpit.io/ Press F12 on your keyboard or right-click on the website to open dev-tool. At Application tab, choose Cookies and there are some sensitive cookies without Secure flag. CookieAuth, csrfToken Proof of Concept Link imag...

4.9CVSS6.8AI score0.00302EPSS
Exploits1
Huntr
Huntr
added 2023/06/06 6:51 a.m.22 views

HTML Injection in Folder Name

Description The folder name does not sanitize folder name and due to missing output encoding, HTML user-input is rendered in the webpage during folder deletion. Proof of Concept 1. Login to Teampass as any user. 2. Go to Folders tab. 3. Create a new folder with HTML tag in the Label. Example: HTM...

4.9CVSS6.9AI score0.00522EPSS
Exploits1References1
Huntr
Huntr
added 2023/05/13 2:12 p.m.22 views

用户可以将自己添加到任意的组织中

Proof of Concept 1 用户1属于组织team1,并不属于team2 2 用户1修改自己的profile 3 在界面上,用户1修改自己的组织时只能看到team1 4 但是我们用burpsuite拦截请求,将请求中的team1的ID换成team2 5 继续执行,发现可以执行成功 6 原因是虽然我们在界面上保证了team2不可见,但服务端没检查user1是否可以选择team2 复现视频:https://1drv.ms/v/s!Avwg5C1eKVA4girUgKWl9SQX543P?e=N1ZU47...

5.5CVSS7AI score0.00657EPSS
Exploits1
Huntr
Huntr
added 2023/05/07 12:40 p.m.22 views

Stored HTML Injection in Item Label

Description If two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a form. Proof of Concept...

4.9CVSS5.8AI score0.00607EPSS
Exploits2References1
Huntr
Huntr
added 2023/04/30 6:50 a.m.22 views

Pre-Auth Path traversal in pimcore_log, leading potential DOS

Description A path traversal vulnerability exists in the CMS, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcorelog parameter. This can lead to potential denial of service---key file overwrite. Proof of Concept - As a prequisition, pimcore must be installe...

6.5CVSS6.6AI score0.00854EPSS
Exploits1
Huntr
Huntr
added 2023/04/28 4:7 p.m.22 views

Multiple path traversals on Windows hosts

Description validatepathissafe function in file /mlflow/server/handlers.py, introduced in PR 7891 on Feb 24th, 2023 does not account for Windows absolute path format, and thus can be bypassed on MLFlow servers, running on Windows hosts, exposing them to a number of high-impact directory traversal...

7.5CVSS7AI score0.70736EPSS
Exploits1
Huntr
Huntr
added 2023/04/22 6:37 p.m.22 views

Cross-site scripting (XSS) stored in href bypasses filter using data wrapper

Description The XSS Cross-Site Scripting vulnerability found in the Caliber-Web application allows an attacker to inject malicious JavaScript code into a href via a data wrapper, containing a base64-encoded payload. This vulnerability specifically occurs in a book's Tag editing functionality. By...

6.7AI score
Exploits0
Huntr
Huntr
added 2023/04/13 3:38 p.m.22 views

Stored XSS

Description Stored XSS attack is possible. Proof of Concept Step 1: Go to the login URL https://demo.easyappointments.org/index.php/user/login and login as an admin. Step 2: Click on Users tab and then click on Add button to create a new user with the following credentials. Credentials: First Nam...

4.3CVSS5.3AI score0.00503EPSS
Exploits1
Huntr
Huntr
added 2023/04/05 1:47 p.m.22 views

Stored cross site scripting vulnerability in thorsten/phpmyfaq

Description Stored cross site scripting vulnerability in "name" field in add question module. This allows attacker to stolen user cookies. Proof of Concept 1 . Login to the demo account https://roy.demo.phpmyfaq.de/ 2 . Login as demo user 3 . Click add question 4 . Add payload in "Your Name"...

4.9CVSS5.2AI score0.00559EPSS
Exploits0
Huntr
Huntr
added 2023/04/02 5:36 a.m.22 views

IDOR make users can withdraw other's application

Proof of Concept 1 user1 submit a application with id = 8, user2 submit a application with id = 9 2 user1 withdraw the application , using burpsuite get the post, which can be like :POST /inlong/manager/api/workflow/cancel/8 HTTP/1.1 3 change 8 as 9 and we can find that user2's application is...

5CVSS6.9AI score0.01247EPSS
Exploits0
Huntr
Huntr
added 2023/04/02 3:9 a.m.22 views

Weak Password Implimentation

Description: We can change the password with just 1 character when we use change password function. Proof of Concept When you change password, just press any character and then submit. You will see "Your password has been changed"...

7.5CVSS7.1AI score0.01233EPSS
Exploits0
Huntr
Huntr
added 2023/03/30 11:18 p.m.22 views

Reflected XSS in interface/forms/eye_mag/js/eye_base.php

Description There exist a reflected XSS in /interface/forms/eyemag/js/eyebase.php in the 'providerID' parameter. Proof of Concept http://openemr.local/interface/forms/eyemag/js/eyebase.php?providerID=%3Cimg%20src=x%20onerror=alert1;%3E fix properly sanitize the providerID parameter...

5.8CVSS6.3AI score0.01472EPSS
Exploits1
Huntr
Huntr
added 2023/03/30 11:18 a.m.22 views

Bypass Stored XSS in Catalog

Login in URL : https://demo.pimcore.fun/admin 2. Go to File - Perspectives - Catalog 3. Click in tab Properties - footer - Open 4. click any Find & Order - Edit 5. in tab Basic, inject payload to : Prameters, Anchor in tab Advanced, inject payload to: Class For more understanding please check...

4.9CVSS5.6AI score0.00479EPSS
Exploits1
Huntr
Huntr
added 2023/03/24 8:58 a.m.22 views

Dom-based XSS in Website Settings module in Settings

Description pimcore is vulnerable to Dom-based XSS at Name field in Website Settings module in Settings. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left menu bar, go to Settings - Website Settings and input any text into Key field and choose a Type,...

4.9CVSS5.2AI score0.00419EPSS
Exploits1
Huntr
Huntr
added 2023/03/23 7:22 a.m.22 views

Zero-Click Remote Code Execution

Vulnerability Type Remote Code Execution Affected URL http://127.0.0.1/?anyparameter= Affected Parameter Arbitrary GET parameter Authentication Required? No Issue Summary Multiple vulnerabilities discovered in Appium-Desktop that can be chained together to achieve Zero Click Remote Code Execution...

7.5CVSS7.3AI score0.22014EPSS
Exploits2
Huntr
Huntr
added 2023/03/21 7:55 a.m.22 views

Password reset link not expired

Hi team, I hope you are well today. This is the step: Reset your password with this link https://meta.answer.dev/users/account-recovery I have recognized that links can use many times. Beside https://meta.answer.dev/users/account-activation?code=... active account have the same vulnerability. Ok...

6.8CVSS8.6AI score0.00607EPSS
Exploits1
Huntr
Huntr
added 2023/03/08 8:19 p.m.22 views

Stored XSS @ updatecategory

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Code That has a Vulnerability: // Updates an existing category if $action === 'updatecategory' &&...

4.9CVSS5.5AI score0.00475EPSS
Exploits1
Huntr
Huntr
added 2023/03/05 6:38 a.m.22 views

Store XSS in Question Tag

Description Attackers can use this vulnerability to attack users/admins in the community, take over user/admins accounts, etc... Proof of Concept 1、Register and log in as a user, add new questions and add tags 2、Insert the following payload in the tag description html 3、Post a question 4、When oth...

4.9CVSS5.5AI score0.0062EPSS
Exploits1
Huntr
Huntr
added 2023/03/01 4:12 p.m.22 views

Reflected XSS in Application Logger module

Description pimcore is vulnerable to Reflected XSS at From and To fields when searching in the Application Logger module. Payload " Proof of Concept 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In the left menu bar, go to Tools - Application Logger. 3.In the Application Logger tab, on the...

4.3CVSS5.1AI score0.00415EPSS
Exploits1
Huntr
Huntr
added 2023/02/13 4:47 a.m.22 views

Broken access control - Someone still can comment in unactive FAQ NEWS

Description when a NEWS FAQ turns on the comments feature and disables post like this settings. Screenshot https://imgur.com/a/9UY4QRf if you create a FAQ news with those settings and view the post, you will notice that the comment section is disabled Screenshot https://imgur.com/a/rY6zJt9 Proof ...

5.5CVSS5.5AI score0.00492EPSS
Exploits1
Huntr
Huntr
added 2023/02/10 10:15 a.m.22 views

Stored XSS in "DATA IMPORTS" module

Description Due to improper data sanitization and validation in "DATA IMPORTS" module allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Payload In this PoC, I can inject into "Address" and "City" fields when importing new user by using the...

5.8CVSS7AI score0.00385EPSS
Exploits0
Huntr
Huntr
added 2023/02/09 3:12 p.m.22 views

Stored XSS in server settings when upload branding

Description An attacker can upload an arbitrary file with a content type starting with image/ Proof of Concept POST /server/theme HTTP/1.1 Host: localhost:14142 Content-Length: 1077 Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="89", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0...

4.9CVSS6AI score0.00556EPSS
Exploits1
Huntr
Huntr
added 2023/01/16 12:11 p.m.22 views

heap-use-after-free in gf_odf_vvc_cfg_read_bs

Description heap-use-after-free in gfodfvvccfgreadbs at odf/descriptors.c:1403 Version Author: Lim Wei Cheng ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev23-g5a733aec7-master c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io same POC can also trigger heap-use-after-fre...

4.4CVSS7.4AI score0.00403EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/05 7:51 a.m.22 views

Stored XSS via markdown link

Description Markdown editor doesn't sanitize user's input, leads to stored XSS Proof of Concept a Reproduce 1.Login to https://demo.usememos.com/ 2.Create new memo with content a 3.Ctrl+left click this link, javascript code has been executed...

4.9CVSS5.7AI score0.00498EPSS
Exploits1
Huntr
Huntr
added 2023/01/02 10:19 p.m.22 views

ANSI Escape Sequence Injection

Description Injection of escape sequences opens up the possibility for concealing / modifying viewed data, and code execution as some esc seqs feed data back to stdin. Proof of Concept poc So far, the places I managed to find a successful injection are: - when running id from the file name - func...

4.4CVSS8AI score0.00365EPSS
Exploits1
Huntr
Huntr
added 2022/12/30 5:11 p.m.22 views

Reflected Cross Site Scripting

Description User can be input malicious js in param action in url http://localhost//stats.php?action=injecthere&userid=1 and send link to other user can be steal cookie of other user. Param action not input validation from user on line 71 in file...

5.8CVSS6.2AI score0.00639EPSS
Exploits1
Huntr
Huntr
added 2022/12/27 7:16 p.m.22 views

Able to assign HOST role to new User

Description As per the functionality we only can add user role as a "USER" in account Due to the no server side valaditon on "role" parameter , we can add new member as a "HOST" role with all HOST users privilege Proof of Concept 1. while adding new user intercept the request in burp 2. change th...

6.5CVSS6.1AI score0.00421EPSS
Exploits1
Huntr
Huntr
added 2022/12/26 6:56 a.m.22 views

Unauthorized Attacker Can Change Visibility Status of Victim's Memos

An attacker can make a private memo into a public memo in order to view it. All the attacker needs to know is the memo ID and they can make a PATCH request to /api/memo/ with the following request data: "id":,"visibility":"PUBLIC","resourceIdList": Then the attacker can visit the memo URL & view...

5CVSS1.1AI score0.0059EPSS
Exploits1
Huntr
Huntr
added 2022/12/26 6:22 a.m.22 views

Bypass client side restrictions leads to IDOR on creating appointment.

Description When creating an appointment, a Patient can completely bypass the client side restrictions, and not only can create an appointment in every date he wants, it can also set the duration of the appointment as long as he wants but most important of everything, he can tamper the formpid an...

5.5CVSS6.9AI score0.00795EPSS
Exploits1
Huntr
Huntr
added 2022/12/23 2:27 p.m.22 views

View any content private memos from other users

Description User can view any content from private private memos from other users via api PATCH /api/memo/8 HTTP/1.1 "id":8,"rowStatus":"ARCHIVED" Proof of Concept Login to website in brower 1 with user A. Login to website in brower 2 with user B. Example: User B have private nemo with id 8. With...

4CVSS1.3AI score0.00465EPSS
Exploits1
Huntr
Huntr
added 2022/12/22 2:29 a.m.22 views

Stored XSS bypass the protection rules

Description Hi there, Someone submitted an xss vulnerability about your project before.And please see "https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd/" for details.You submitted a fix in 7.0.0.2 with commit 4565d8.But after my tests, I found that it was still unsafe. The followin...

4.3CVSS7AI score0.00526EPSS
Exploits1
Huntr
Huntr
added 2022/12/21 1:27 a.m.22 views

A user can update information / password from other users

Description A user neither admin nor host can modify nickname, username and email from other users without permission, being a normal user. Steps to Reproduce 1. Login as user A here, called "ileana.maricel", HOST role. 2. In another browser login as user B called "ileana.mariceel", USER role. Co...

6.5CVSS0.00741EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/20 3:38 p.m.22 views

Hyperlink injection through access token name

Description Hyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation. Hyperlink injection in the email can lead to phishing via email directly to users. Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/tokens 2 Create a new access token...

5.8CVSS0.9AI score0.00481EPSS
Exploits1
Huntr
Huntr
added 2022/10/26 9:14 a.m.22 views

Html Injection Stored in edit customers

Description HTML Injection is a vulnerability in which the attacker can inject malicious html content in the webpage. Proof of Concept 1. Open tab Edit Customers, click Edit customer 2. Inject this payload at field Name: TEST TEST TEST. And then click Save 3. Go to the profile page of this...

4.9CVSS0.9AI score0.00754EPSS
Exploits0
Huntr
Huntr
added 2022/10/08 3:5 p.m.22 views

Deserialization of arbitrary data leads to RCE

Description LibreNMS includes support for monitoring applications, one of which is memcached. When polling for memcached, the data returned by the agent to the LibreNMS server is not verified before it is deserialized. Because LibreNMS has quite a few dependencies, it is easy to find a working...

6.5CVSS2.8AI score0.00859EPSS
Exploits0References1
Huntr
Huntr
added 2022/10/06 3:51 p.m.22 views

Multiple Reflected Cross-Site Scripting in Messages Module

Description The first occurrence affects messages.php file. The parameter stage was not properly encoded before being printed as HTML. This occurs when go parameter is set to setup value. The second instance affects save.php file. There was a POST parameter called parameter in JSON format that wa...

5.8CVSS6.5AI score0.00639EPSS
Exploits1
Huntr
Huntr
added 2022/09/29 7:25 p.m.22 views

Attacker is able to bypass 2FA verification during 2FA disable due to application logic flaw

Description An attacker is able to bypass 2FA verification during 2FA disable function of user and restrict user from accessing his account due to a application logic flaw Proof of Concept First of all let us consider a scenario where a user has left his account open on a public device library or...

4.3CVSS1.1AI score0.00809EPSS
Exploits1
Huntr
Huntr
added 2022/09/22 2:35 p.m.22 views

No limit in email length may result in a possible DOS attack

Description As per RFC the maximum length allowed for an email address is 255 characters. However, rdiffweb don't validate email length, so you can add email addresses that exceed 255 characters. Through this, if you sign up for an email with a length of 1 million or more and log in, withdraw, or...

5CVSS0.7AI score0.01429EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/20 1:45 a.m.22 views

Use After Free in function movemark

Description Use After Free in function movemark at mark.c:234. vim version git log commit bcd6924245c0e73d8be256282656c06aaf91f17c grafted, HEAD - master, tag: v9.0.0507, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/fuzz/test/poc10huaf.dat -c :qa!...

4.4CVSS7.8AI score0.00464EPSS
Exploits1
Huntr
Huntr
added 2022/09/07 8:21 a.m.22 views

Null Pointer Dereference Caused Segmentation Fault

Description Null pointer dereference caused segmentation fault. This can cause Denial-of -service attack. Proof of Concept MP4Box -bt POC2 POC2 is here ASAN iso file Unknown box type 0000 in parent moov iso file Unknown box type 0000 in parent moov iso file Unknown box type 0000 in parent moov is...

1.3AI score
Exploits0
Huntr
Huntr
added 2022/08/26 12:36 p.m.22 views

CSRF on deleting an API key

Description An attacker can send a crafted link to a Froxlor admin. The admin, after clicking on the link and logging in, will redirect to the API key deletion endpoint, which is a GET request. This will result in deleting the API key with the specified id from the attacker. Proof of Concept 1...

4.3CVSS5.2AI score0.00371EPSS
Exploits1
Huntr
Huntr
added 2022/08/07 3:28 p.m.22 views

Stored XSS on Admin Translations

Description Key/Name field in Admin Translation Settings is vulnerable to XSS. Proof of Concept 1 - Go to Settings, Admin Translations. 2 - Click on Add, and put the XSS payload: " on Name then save 3 - XSS popup will be triggered. Both Stable and Dev versions are vulnerable. Video PoC...

4.3CVSS0.4AI score0.01451EPSS
Exploits1
Huntr
Huntr
added 2022/08/06 3:13 p.m.22 views

IDOR in password change page leads to administrative account takeover

Description The password change function doesn't properly handle the Change Password role, allowing to any user, that has this role enabled, to change the password of any user in the system, including the administrator account. Proof of Concept 1. 1 - Log in as a normal user that can change its o...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/08/02 1:44 a.m.22 views

Path Traversal

Description Via the /attachments/:id/download/thumbnails/:filename endpoint, an authenticated user can access any arbitrary file in the system through a path traversal vulnerability in the filename parameter. \ \ The filename parameter is not sanitized and its used to craft the path of the target...

4CVSS1.2AI score0.00813EPSS
Exploits1
Huntr
Huntr
added 2022/07/05 9:30 a.m.22 views

Weak Password Policy

Description This application commafeed is using a weak password policy. Acunetix was able to guess the credentials required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all...

1.1AI score
Exploits0References2
Huntr
Huntr
added 2022/06/27 4:14 a.m.22 views

Out-of-bound read data in function suggest_trie_walk() abusing array byts

Description Out-of-bound read data in function suggesttriewalk abusing array byts in line spellsuggest.c:1925 Tested version: v8.2.5166 commit f65cc665fa751bad3ffe75f58ce1251d6695949f HEAD - master, tag: v8.2.5166, origin/master, origin/HEAD Author: Bram Moolenaar Date: Sun Jun 26 18:17:50 2022...

5.8CVSS7.2AI score0.0132EPSS
Exploits1
Huntr
Huntr
added 2022/06/20 6:52 p.m.22 views

Mastadon's Misconfigured Rack_Attack.rb Does Not Appropriately Protect Against Brute Force Attacks

Description Mastadon relies on the RackAttack.rb file to manage API throttling in the application through the declaration of absolute paths i.e., /auth/signin. By appending random strings of characters to the end of the directory in a POST request it is possible to bypass brute force protections...

7.5CVSS9.3AI score0.01002EPSS
Exploits0References1
Huntr
Huntr
added 2022/06/11 9:8 a.m.22 views

Formula Injection Part Description

Description Formula Injection/CSV Injection in inventree due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept Video PoC link: https://drive.google.com/file/d/1mfBTUDS1iZ4uJfBpc568WgpdZdN5f/view?usp=sharing...

6.8CVSS0.8AI score0.0234EPSS
Exploits2References1
Total number of security vulnerabilities4072