Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/06/11 9:8 a.m.22 views

Formula Injection Part Description

Description Formula Injection/CSV Injection in inventree due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept Video PoC link: https://drive.google.com/file/d/1mfBTUDS1iZ4uJfBpc568WgpdZdN5f/view?usp=sharing...

6.8CVSS0.8AI score0.0234EPSS
Exploits2References1
Huntr
Huntr
added 2022/06/09 9:45 a.m.22 views

Cross-site Scripting (XSS) - Reflected

Description The time parameter in fava is vulnerable to reflected XSS Proof of Concept 1. 1.Open the web browser to access the fava webpage. 2. 2.Access the url:...

5.8CVSS0.1AI score0.00698EPSS
Exploits1References2
Huntr
Huntr
added 2022/06/02 2:36 p.m.22 views

Path traversal leads to arbitrary file deletions and file writes

Description Deploy and run gogs in Windows. Proof of Concept 1.Create a repository in Gogs, upload a file named test to the repository on the web page, The content of the file is as follows: xml 1111 2.The attacker can remove any files. http request: POST...

6.4CVSS0.3AI score0.02251EPSS
Exploits1
Huntr
Huntr
added 2022/05/25 7:40 a.m.22 views

Incorrect Behavior Make Crash and Can not Access Account

Description Incorrect Behavior Make Crash and Can not Access Account Proof of Concept 1. Send a test message and get the request, send it to Repeater 2. Replace the value of owner and cId with the id of two victims 3. Send the request...

4CVSS2.4AI score0.01176EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/16 10:58 a.m.22 views

heap-use-after-free in function find_pattern_in_path

Description heap-use-after-free in function findpatterninpath at search.c:3683 vim version git log commit 5a8fad32ea9c075f045b37d6c7739891d458f82b HEAD - master, tag: v8.2.4962, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pochuafs.dat -c...

6.8CVSS7AI score0.01097EPSS
Exploits1
Huntr
Huntr
added 2022/05/14 6:25 a.m.22 views

xss using .xsig file

Description xss using .xsig file Proof of Concept 1. Save this file as test.xsig file and upload it to http://localhost/ListAttachedFile 2. now view this file in chrome browser and see xss is executed...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/04/20 8:31 a.m.22 views

chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.

Steps to reproduce the issue git clone https://github.com/hpjansson/chafa.git cd chafa export CFLAGS="-g -O0" export CXXFLAGS="-g -O0" ./autogen.sh ./configure --disable-shared make ./tools/chafa/chafa ./poc.gif gdb --args ./tools/chafa/chafa ./poc.gif...

4.3CVSS3.3AI score0.0085EPSS
Exploits1
Huntr
Huntr
added 2022/03/29 10:15 a.m.22 views

Inf loop

Description A inf loop security issue in gpac/gpac Proof of Concept The issue occurs in code: src/mediatools/avilib.cL1974, when the gpac avidmx filter parses the AVI format file. choose a simple AVI format file, the data's header is as follows in xxd mode $ xxd ./1.avi | head -n 2 00000000: 5249...

4.3CVSS2.8AI score0.00821EPSS
Exploits1
Huntr
Huntr
added 2022/03/20 11:13 a.m.22 views

Path Traversal due to `send_file` call

A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be possible to...

5CVSS3.3AI score0.01296EPSS
Exploits1
Huntr
Huntr
added 2022/03/18 8:49 a.m.22 views

CRHTLF can lead to invalid protocol extraction potentially leading to XSS

Description \r, \n, \t characters in the URI can lead to XSS as URI.js will fail to extract javascript: protocol from a URI. See Section 4.4 Step 3 "Remove all ASCII tab or newline from input." of the WHATWG URL spec. Proof of Concept const parse = require'urijs' const express = require'express'...

4.3CVSS2.2AI score0.00663EPSS
Exploits1
Huntr
Huntr
added 2022/03/14 3:8 p.m.22 views

The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber

Proof of Concept 1. Go to http://127.0.0.1/admin/view:modules/loadmodule:users/action:profile 2. Click on edit profile 3. Fill the first name & last name field with huge characters, more than 1 lakh 4. Copy the below payload and put it in the input fields and click on continue. 5. You will see th...

4CVSS2.5AI score0.03731EPSS
Exploits1
Huntr
Huntr
added 2022/03/10 5:24 p.m.22 views

SSL verification omitted in OAuth2 credential flow

Description Pulsar uses Curl to send HTTPS requests and typically uses the tlsAllowInsecure global variable derived from isTlsAllowInsecureConnection to determine whether SSL verification¹ should be enabled/disabled². In the linked occurances, those checks do not occur and SSL verification is...

5.1CVSS0.2AI score0.00704EPSS
Exploits1
Huntr
Huntr
added 2022/03/09 9:26 p.m.22 views

Integer Overflow or Wraparound

Description The microweber application allows large characters to insert in the input field like "Town, ZIP, State, Address, and Additional Info field" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1.Buy a product and in the Shipping metho...

5CVSS2.1AI score0.03421EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/04 10:29 a.m.22 views

hostname spoofing via javascript

Description If use parse-url for security check on url, it is dangerous because hostname spoofing through JavaScript scheme is possible. It also occurred in url.parse of node.js in 2018, and node.js acknowledged the vulnerability for this. So Node.js has patched it, and there are cases where a CV...

0.6AI score0.0405EPSS
Exploits0References2
Huntr
Huntr
added 2022/02/20 6:3 a.m.22 views

Cross-site Scripting (XSS) - Reflected

Description There is a Reflected cross site scripting issue chained using these endpoints: 1 /admin/content/0/edit 2 /apiqqalert1fca4/page Proof of Concept 1. Login to https://demo.microweber.org 2. Now visit https://demo.microweber.org/demo/admin/content/0/edit 3. Now open this url in same tab o...

3.5CVSS0.8AI score0.009EPSS
Exploits1
Huntr
Huntr
added 2022/02/13 1:39 a.m.22 views

Improper Authorization in librenms/librenms

Description LibreNMS v22.1.0 allows users with the normal role/level to interact with the plugin setting resulting in the users could take action such as switching on/off any installed plugins which are supposedly accessible by the Administrator only. Proof of Concept Affected endpoints: 1 GET...

4CVSS0.7AI score0.0102EPSS
Exploits1
Huntr
Huntr
added 2022/02/10 3:54 p.m.22 views

Improper Privilege Management in snipe/snipe-it

Description Unprivilege user can create maintainance for asset Proof of Concept 1. Create regular user and set DENY to all permissions in asset models.\ 2. Login as the user and sent bellow request to create maintainance for asset await fetch"https://demo.snipeitapp.com/hardware/maintenances",...

6.5CVSS1AI score0.012EPSS
Exploits1
Huntr
Huntr
added 2022/02/04 9:53 p.m.22 views

Cross-site Scripting (XSS) - DOM in hakimel/reveal.js

Description The onmessage event listener in /plugin/notes/speaker-view.html does not check the origin of postMessage before adding the content to the webpage. The vulnerable code allows any origin to postMessage on the browser window and feeds attacker's input to parts using which attacker can...

4.3CVSS1AI score0.03679EPSS
Exploits1
Huntr
Huntr
added 2022/01/31 12:56 p.m.22 views

in gpac/gpac

Description Null Pointer Dereference in gitnboxdel Proof of Concept bash echo -n AAAAEW1ldGEwMDAwMDAwMDAAAABjMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAAAAARZ2l0bjAwMDAwMDAwMA== | base64 -d poc ./MP4Box -bt ./poc...

4.3CVSS0.8AI score0.04615EPSS
Exploits2References1
Huntr
Huntr
added 2022/01/24 4:38 a.m.22 views

Improper Access Control in liukuo362573/yishaadmin

Description YiShaAdmin is vulnerable to Improper Access Control via the /admin/SystemManage/LogApi/GetPageListJson endpoint. Anyone can view the Log API of the YiShaAdmin without any authentication. This API contains the sensitive information include: ExecuteURL, ExecuteParam, ExecuteTime,...

1.1AI score
Exploits0
Huntr
Huntr
added 2022/01/19 3:4 a.m.22 views

None in bobthecow/mustache.php

Description In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strictcallables is true when section value is controllable. Proof of Concept './cache', 'strictcallables'=true ; echo $m-render' repo phpinfo;// No repos : / repo phpinfo;// ',...

6.5CVSS2.4AI score0.00691EPSS
Exploits1
Huntr
Huntr
added 2022/01/15 3:28 a.m.22 views

in stanfordnlp/corenlp

Description When a malicious schema XML file is passed to getValidatingXmlParser, the parser is vulnerable to XXE when the SchemaFactory parses the schema XML file. In...

7.5CVSS1.1AI score0.01217EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/10 3:59 a.m.22 views

Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite

Description Hi there, I would like to report a Cross Site Request Forgery in phoronix source code. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to...

6.8CVSS1AI score0.0081EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/05 3:29 p.m.22 views

Insecure Temporary File in tensorflow/tensorflow

Description tensorflow package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...

3.3CVSS2.1AI score0.0011EPSS
Exploits0
Huntr
Huntr
added 2022/01/03 3:36 a.m.22 views

in livehelperchat/livehelperchat

Description When resetting your password, you're able to enumerate users based on the way that the server responds to your request. If you enter an email that doesn't exist for example: [email protected], then the server will respond with an HTTP 302 FOUND status response code indicated by line 97 o...

5CVSS5.6AI score0.00899EPSS
Exploits1
Huntr
Huntr
added 2021/12/28 7:53 p.m.22 views

Improper Access Control in bookstackapp/bookstack

Description parentChapter permissions are not enforced during sort. Users with only book-update permissions on their own page can move their pages into restricted chapters via modifying the parentChapter id in the sortmap. Users do not need to have access to restricted books / chapter in order to...

4CVSS2.9AI score0.00707EPSS
Exploits1
Huntr
Huntr
added 2021/12/13 5:57 p.m.22 views

Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Description I found file upload XSS, Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. Proof of Concept 1. login and navigate to https://gitstable.yetiforce.com/index.php?module=Users&view=PreferenceEdit&record=5 2. Layout photo Add file. 3...

3.5CVSS5.3AI score0.00456EPSS
Exploits1
Huntr
Huntr
added 2021/12/10 1:1 p.m.22 views

in mruby/mruby

Description NULL Pointer Dereference in mrbfullgc Proof of Concept a = a. nil AddressSanitizer:DEADLYSIGNAL ================================================================= ==21352==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 pc 0x556b44382444 bp 0x7fff4e9961d0 sp...

5CVSS1.3AI score0.01621EPSS
Exploits1
Huntr
Huntr
added 2021/10/06 6:3 a.m.22 views

in chevereto/chevereto-free

Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/10/05 5:7 a.m.22 views

Cross-site Scripting (XSS) - Generic in snipe/snipe-it

Description At File Uploads allows for arbitrary execution of JavaScript Step to Reproduct XSS at filename Goto detail of one asset At tab File choose to upload file with filename contain payload: file'name XSS when upload file .svg In list file types are allowed don't have file .svg Goto detail ...

4.3CVSS0.00764EPSS
Exploits1
Huntr
Huntr
added 2021/09/19 10:44 a.m.22 views

Inefficient Regular Expression Complexity in pksunkara/inflect

✍️ Description The inflect package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted tablename as input to the classify function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. 🕵️‍♂️...

5CVSS1.2AI score0.01183EPSS
Exploits1
Huntr
Huntr
added 2021/09/17 6:15 a.m.22 views

Heap-based Buffer Overflow in mruby/mruby

Description Heap buffer overflow in mruby Proof of Concept // poc.rb %= % .clear ensure begin unless ?n = % :regex or 11 Compile mruby with asan git clone https://github.com/mruby/mruby cd mruby LDFLAGS="-fsanitize=address" CFLAGS="-fsanitize=address -g" make ./bin/mruby poc.rb Result ./bin/mruby...

7.7AI score
Exploits0
Huntr
Huntr
added 2021/09/13 3:43 p.m.22 views

Prototype Pollution in antfu/utils

Description @antfu/utils is a collection of common JavaScript / TypeScript utils. It is vulnerable to Prototype Pollution on the deepMerge function. This allows for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. About the vulnerability Prototype Pollution...

7.5CVSS7.3AI score0.00991EPSS
Exploits1References1
Huntr
Huntr
added 2021/09/09 10:11 a.m.22 views

Cross-site Scripting (XSS) - Reflected in yourls/yourls

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

4.3CVSS2.3AI score0.00696EPSS
Exploits0References1
Huntr
Huntr
added 2021/08/31 11:5 p.m.22 views

Path Traversal in yogeshojha/rengine

✍️ Description Local File Inclusion through Path Traversal 🕵️‍♂️ Proof of Concept While logged in into a Rengine instance, go to /api/getFileContents/?nucleitemplate&name=../../../../../../../../etc/passwd. The contents of /etc/passwd are included into the response. 💥 Impact This vulnerability is...

2.4AI score
Exploits0
Huntr
Huntr
added 2021/08/30 5:45 a.m.22 views

Prototype Pollution in immerjs/immer

✍️ Description immer package is vulnerable to Prototype Pollution. 🕵️‍♂️ Proof of Concept Create the following PoC file: // poc.js const immer = require"immer"; immer.enablePatches; let obj = ; const patch = op: 'add', path: "proto","polluted", value: "Yes! Its Polluted"; console.log"Before : " +...

7.5CVSS1.7AI score0.01651EPSS
Exploits1
Huntr
Huntr
added 2021/08/25 6:0 p.m.22 views

Cross-site Scripting (XSS) - Reflected in leantime/leantime

✍️ Description Cross-site scripting XSS vulnerabilities Line 9 of delCanvasItem.tpl.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. 🕵️‍♂️ Proof of Concept /leancanvas/delCanvasItem/" 💥 Impact The attacker can: Perform any action within the...

3.3AI score
Exploits0References1
Huntr
Huntr
added 2021/08/05 12:55 p.m.22 views

Sensitive Cookie Without 'HttpOnly' Flag in glpi-project/glpi

✍️ Description According to 1 we have : HttpOnly is an additional flag included in a Set-Cookie HTTP response header. Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie 💥 Impact This vulnerability is capable of take control...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/08/04 9:52 a.m.22 views

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to change any password and username with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. I...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/08/02 6:20 p.m.22 views

in frangoteam/fuxa

✍️ Description This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. 🕵️‍♂️ Proof of Concept fs.writeFileSyncruntime.settings.userSettingsFile, JSON.stringifyreq.body, null, 4; mergeUserSettingsreq.body; res.end; FIx Consider using a rate-limiting...

1.8AI score
Exploits0References1
Huntr
Huntr
added 2021/07/18 7:34 p.m.22 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker can delete any Exports for any user with CSRF vulnerability when the Admin or SuperAdmin or an authorized user click on PoC.html file, it is enough to attacker know the Export's names on server. I convert the...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/07/01 2:45 a.m.22 views

Session Fixation in filegator/filegator

✍️ Description the password reset function is vulnerable to session fixation bug, it's a small low hanging bug 🕵️‍♂️ Proof of Concept open filegator and login with similar accounts in multiple browsers. change the password of the user in one browser and reload the other login session. we can see...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/06/14 2:51 a.m.22 views

Cross-site Scripting (XSS) - Stored in polonel/trudesk

💥 BUG Stored xss using fullname 💥 IMPACT There is no xss filter present . Using this stored xss external user can attack admin and can execute arbitary javascript code in vicitm account . TESTED VERSION ========== trudesk 1.1.5 💥 STEP TO REPRODUCE 1. First goto...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/02/14 12:0 a.m.22 views

Code Injection in adobe/himl

Description himl is a hierarchical config using yaml in Python, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip install himl Run exploit.py import os os.system'pip install himl...

1.6AI score
Exploits0References1
Huntr
Huntr
added 2021/01/30 12:0 a.m.22 views

Code Injection in ewels/multiqc

Description MultiQC Aggregate results from bioinformatics analyses across many samples into a single report. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install multiqc Run exploit.py import os os.system'pip3 install...

2.4AI score
Exploits0References1
Huntr
Huntr
added 2020/10/16 12:0 a.m.22 views

in microweber/microweber

Description microweber/microweber is vulnerable to Arbitrary File Upload. Effective controls have not been implemented to restrict users from uploading malicious content to the web server. Files containing code like .php, .exe and etc can be uploaded successfully. Steps To Reproduce-: 1. Login in...

7.5CVSS2AI score0.01299EPSS
Exploits0
Huntr
Huntr
added 2020/10/12 12:0 a.m.22 views

Prototype Pollution in starcounter-jack/json-patch

Description fast-json-patch is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js let fastjsonpatch = require"fast-json-patch"; functio...

1.2AI score
Exploits0
Huntr
Huntr
added 2020/09/17 12:0 a.m.22 views

in seleniumhq/selenium

Description Selenium is an umbrella project encapsulating a variety of tools and libraries enabling web browser automation. Selenium specifically provides infrastructure for the W3C WebDriver specification — a platform and language-neutral coding interface compatible with all major web browsers...

2.3AI score
Exploits0
Huntr
Huntr
added 2020/09/05 12:0 a.m.22 views

Cross-site Scripting (XSS) - Stored in arachnys/cabot

Description Executed Persistent stored XSS in cabot check settings, as well as the address field. As per CVEs present Stored XSS is a High Severity bug. Proof of Concept 1. setup cabot to reproduce the vulnerability 2. create an account now login to the account 3. Go to checks Create and navigate...

0.4AI score
Exploits0References3
Huntr
Huntr
added 2020/07/30 12:0 a.m.22 views

Code Injection in z4nzu/hackingtool

Description The hackingtool by Z4nzu is a pool of pentest tools that is useful to hackers to do fast hacking from information gathering to web attacks to wireless hacking and much more which are provided in terminal UI. It is built using python3. However it uses os.system command in various place...

1.1AI score
Exploits0
Total number of security vulnerabilities4072