Lucene search
K
HuntrMost viewed

4073 matches found

Huntr
Huntr
added 2022/09/20 1:45 a.m.22 views

Use After Free in function movemark

Description Use After Free in function movemark at mark.c:234. vim version git log commit bcd6924245c0e73d8be256282656c06aaf91f17c grafted, HEAD - master, tag: v9.0.0507, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/fuzz/test/poc10huaf.dat -c :qa!...

4.4CVSS7.8AI score0.00464EPSS
Exploits1
Huntr
Huntr
added 2022/09/18 8:54 a.m.22 views

Cookie is persisting in the browser which leads to Session Fixation

Description After logging in and logging out, the application continues to use the preauthentication cookies. The cookies are same after closing the browser and after password change .And also same cookies are reassigning for another user's login which can leads to session fixation. Proof of...

7.5CVSS0.9AI score0.00727EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/13 9:10 a.m.22 views

Session_id without Secure attribute

Description User's session id with secure attribute is false. This vulnerability makes user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Proof of Concept Open the browser and get access to the minarca website, for this scenario I have used the demo/test...

5CVSS0.6AI score0.00508EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/07 8:21 a.m.22 views

Null Pointer Dereference Caused Segmentation Fault

Description Null pointer dereference caused segmentation fault. This can cause Denial-of -service attack. Proof of Concept MP4Box -bt POC2 POC2 is here ASAN iso file Unknown box type 0000 in parent moov iso file Unknown box type 0000 in parent moov iso file Unknown box type 0000 in parent moov is...

1.3AI score
Exploits0
Huntr
Huntr
added 2022/08/26 12:36 p.m.22 views

CSRF on deleting an API key

Description An attacker can send a crafted link to a Froxlor admin. The admin, after clicking on the link and logging in, will redirect to the API key deletion endpoint, which is a GET request. This will result in deleting the API key with the specified id from the attacker. Proof of Concept 1...

4.3CVSS5.2AI score0.00371EPSS
Exploits1
Huntr
Huntr
added 2022/08/19 5:57 p.m.22 views

Persistent Cross Site Scripting - BusinessHours Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On BusinessHours module from Settings, the type of name parameter is "Text" but it is not validated and it's used directly without any encoding or validation on EditViewBlocks.tpl. It allows attacker to...

4.9CVSS1.1AI score0.00547EPSS
Exploits1
Huntr
Huntr
added 2022/08/07 3:28 p.m.22 views

Stored XSS on Admin Translations

Description Key/Name field in Admin Translation Settings is vulnerable to XSS. Proof of Concept 1 - Go to Settings, Admin Translations. 2 - Click on Add, and put the XSS payload: " on Name then save 3 - XSS popup will be triggered. Both Stable and Dev versions are vulnerable. Video PoC...

4.3CVSS0.4AI score0.01451EPSS
Exploits1
Huntr
Huntr
added 2022/08/06 3:13 p.m.22 views

IDOR in password change page leads to administrative account takeover

Description The password change function doesn't properly handle the Change Password role, allowing to any user, that has this role enabled, to change the password of any user in the system, including the administrator account. Proof of Concept 1. 1 - Log in as a normal user that can change its o...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/08/02 1:44 a.m.22 views

Path Traversal

Description Via the /attachments/:id/download/thumbnails/:filename endpoint, an authenticated user can access any arbitrary file in the system through a path traversal vulnerability in the filename parameter. \ \ The filename parameter is not sanitized and its used to craft the path of the target...

4CVSS1.2AI score0.00813EPSS
Exploits1
Huntr
Huntr
added 2022/07/05 9:30 a.m.22 views

Weak Password Policy

Description This application commafeed is using a weak password policy. Acunetix was able to guess the credentials required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all...

1.1AI score
Exploits0References2
Huntr
Huntr
added 2022/06/27 4:14 a.m.22 views

Out-of-bound read data in function suggest_trie_walk() abusing array byts

Description Out-of-bound read data in function suggesttriewalk abusing array byts in line spellsuggest.c:1925 Tested version: v8.2.5166 commit f65cc665fa751bad3ffe75f58ce1251d6695949f HEAD - master, tag: v8.2.5166, origin/master, origin/HEAD Author: Bram Moolenaar Date: Sun Jun 26 18:17:50 2022...

5.8CVSS7.2AI score0.0132EPSS
Exploits1
Huntr
Huntr
added 2022/06/20 6:52 p.m.22 views

Mastadon's Misconfigured Rack_Attack.rb Does Not Appropriately Protect Against Brute Force Attacks

Description Mastadon relies on the RackAttack.rb file to manage API throttling in the application through the declaration of absolute paths i.e., /auth/signin. By appending random strings of characters to the end of the directory in a POST request it is possible to bypass brute force protections...

7.5CVSS9.3AI score0.01002EPSS
Exploits0References1
Huntr
Huntr
added 2022/06/09 9:45 a.m.22 views

Cross-site Scripting (XSS) - Reflected

Description The time parameter in fava is vulnerable to reflected XSS Proof of Concept 1. 1.Open the web browser to access the fava webpage. 2. 2.Access the url:...

5.8CVSS0.1AI score0.00698EPSS
Exploits1References2
Huntr
Huntr
added 2022/06/02 2:36 p.m.22 views

Path traversal leads to arbitrary file deletions and file writes

Description Deploy and run gogs in Windows. Proof of Concept 1.Create a repository in Gogs, upload a file named test to the repository on the web page, The content of the file is as follows: xml 1111 2.The attacker can remove any files. http request: POST...

6.4CVSS0.3AI score0.02251EPSS
Exploits1
Huntr
Huntr
added 2022/05/25 7:40 a.m.22 views

Incorrect Behavior Make Crash and Can not Access Account

Description Incorrect Behavior Make Crash and Can not Access Account Proof of Concept 1. Send a test message and get the request, send it to Repeater 2. Replace the value of owner and cId with the id of two victims 3. Send the request...

4CVSS2.4AI score0.01176EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/16 10:58 a.m.22 views

heap-use-after-free in function find_pattern_in_path

Description heap-use-after-free in function findpatterninpath at search.c:3683 vim version git log commit 5a8fad32ea9c075f045b37d6c7739891d458f82b HEAD - master, tag: v8.2.4962, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pochuafs.dat -c...

6.8CVSS7AI score0.0111EPSS
Exploits1
Huntr
Huntr
added 2022/05/14 6:25 a.m.22 views

xss using .xsig file

Description xss using .xsig file Proof of Concept 1. Save this file as test.xsig file and upload it to http://localhost/ListAttachedFile 2. now view this file in chrome browser and see xss is executed...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/04/20 5:49 p.m.22 views

Cross-site Scripting (XSS) - Generic

Description The Stream URL of octoprint application allowing xss payload to execute for which its leads to Cross-site Scripting XSS Proof of Concept Login to the application Now go to settings - Webcam & Timelapse - Stream URL and insert the payload " in the Stream URL and click on "Test" You wil...

4.6CVSS0.2AI score0.01177EPSS
Exploits1
Huntr
Huntr
added 2022/04/20 8:31 a.m.22 views

chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.

Steps to reproduce the issue git clone https://github.com/hpjansson/chafa.git cd chafa export CFLAGS="-g -O0" export CXXFLAGS="-g -O0" ./autogen.sh ./configure --disable-shared make ./tools/chafa/chafa ./poc.gif gdb --args ./tools/chafa/chafa ./poc.gif...

4.3CVSS3.3AI score0.0085EPSS
Exploits1
Huntr
Huntr
added 2022/03/29 10:15 a.m.22 views

Inf loop

Description A inf loop security issue in gpac/gpac Proof of Concept The issue occurs in code: src/mediatools/avilib.cL1974, when the gpac avidmx filter parses the AVI format file. choose a simple AVI format file, the data's header is as follows in xxd mode $ xxd ./1.avi | head -n 2 00000000: 5249...

4.3CVSS2.8AI score0.00821EPSS
Exploits1
Huntr
Huntr
added 2022/03/20 11:13 a.m.22 views

Path Traversal due to `send_file` call

A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be possible to...

5CVSS3.3AI score0.01296EPSS
Exploits1
Huntr
Huntr
added 2022/03/18 8:49 a.m.22 views

CRHTLF can lead to invalid protocol extraction potentially leading to XSS

Description \r, \n, \t characters in the URI can lead to XSS as URI.js will fail to extract javascript: protocol from a URI. See Section 4.4 Step 3 "Remove all ASCII tab or newline from input." of the WHATWG URL spec. Proof of Concept const parse = require'urijs' const express = require'express'...

4.3CVSS2.2AI score0.00663EPSS
Exploits1
Huntr
Huntr
added 2022/03/14 3:8 p.m.22 views

The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber

Proof of Concept 1. Go to http://127.0.0.1/admin/view:modules/loadmodule:users/action:profile 2. Click on edit profile 3. Fill the first name & last name field with huge characters, more than 1 lakh 4. Copy the below payload and put it in the input fields and click on continue. 5. You will see th...

4CVSS2.5AI score0.03731EPSS
Exploits1
Huntr
Huntr
added 2022/03/10 5:24 p.m.22 views

SSL verification omitted in OAuth2 credential flow

Description Pulsar uses Curl to send HTTPS requests and typically uses the tlsAllowInsecure global variable derived from isTlsAllowInsecureConnection to determine whether SSL verification¹ should be enabled/disabled². In the linked occurances, those checks do not occur and SSL verification is...

5.1CVSS0.2AI score0.00704EPSS
Exploits1
Huntr
Huntr
added 2022/03/09 9:26 p.m.22 views

Integer Overflow or Wraparound

Description The microweber application allows large characters to insert in the input field like "Town, ZIP, State, Address, and Additional Info field" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1.Buy a product and in the Shipping metho...

5CVSS2.1AI score0.03421EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/04 10:29 a.m.22 views

hostname spoofing via javascript

Description If use parse-url for security check on url, it is dangerous because hostname spoofing through JavaScript scheme is possible. It also occurred in url.parse of node.js in 2018, and node.js acknowledged the vulnerability for this. So Node.js has patched it, and there are cases where a CV...

0.6AI score0.0405EPSS
Exploits0References2
Huntr
Huntr
added 2022/02/20 6:3 a.m.22 views

Cross-site Scripting (XSS) - Reflected

Description There is a Reflected cross site scripting issue chained using these endpoints: 1 /admin/content/0/edit 2 /apiqqalert1fca4/page Proof of Concept 1. Login to https://demo.microweber.org 2. Now visit https://demo.microweber.org/demo/admin/content/0/edit 3. Now open this url in same tab o...

3.5CVSS0.8AI score0.009EPSS
Exploits1
Huntr
Huntr
added 2022/02/13 1:39 a.m.22 views

Improper Authorization in librenms/librenms

Description LibreNMS v22.1.0 allows users with the normal role/level to interact with the plugin setting resulting in the users could take action such as switching on/off any installed plugins which are supposedly accessible by the Administrator only. Proof of Concept Affected endpoints: 1 GET...

4CVSS0.7AI score0.0102EPSS
Exploits1
Huntr
Huntr
added 2022/02/10 3:54 p.m.22 views

Improper Privilege Management in snipe/snipe-it

Description Unprivilege user can create maintainance for asset Proof of Concept 1. Create regular user and set DENY to all permissions in asset models.\ 2. Login as the user and sent bellow request to create maintainance for asset await fetch"https://demo.snipeitapp.com/hardware/maintenances",...

6.5CVSS1AI score0.012EPSS
Exploits1
Huntr
Huntr
added 2022/02/04 9:53 p.m.22 views

Cross-site Scripting (XSS) - DOM in hakimel/reveal.js

Description The onmessage event listener in /plugin/notes/speaker-view.html does not check the origin of postMessage before adding the content to the webpage. The vulnerable code allows any origin to postMessage on the browser window and feeds attacker's input to parts using which attacker can...

4.3CVSS1AI score0.03679EPSS
Exploits1
Huntr
Huntr
added 2022/01/31 12:56 p.m.22 views

in gpac/gpac

Description Null Pointer Dereference in gitnboxdel Proof of Concept bash echo -n AAAAEW1ldGEwMDAwMDAwMDAAAABjMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAAAAARZ2l0bjAwMDAwMDAwMA== | base64 -d poc ./MP4Box -bt ./poc...

4.3CVSS0.8AI score0.04615EPSS
Exploits2References1
Huntr
Huntr
added 2022/01/24 4:38 a.m.22 views

Improper Access Control in liukuo362573/yishaadmin

Description YiShaAdmin is vulnerable to Improper Access Control via the /admin/SystemManage/LogApi/GetPageListJson endpoint. Anyone can view the Log API of the YiShaAdmin without any authentication. This API contains the sensitive information include: ExecuteURL, ExecuteParam, ExecuteTime,...

1.1AI score
Exploits0
Huntr
Huntr
added 2022/01/15 3:28 a.m.22 views

in stanfordnlp/corenlp

Description When a malicious schema XML file is passed to getValidatingXmlParser, the parser is vulnerable to XXE when the SchemaFactory parses the schema XML file. In...

7.5CVSS1.1AI score0.01217EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/10 3:59 a.m.22 views

Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite

Description Hi there, I would like to report a Cross Site Request Forgery in phoronix source code. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to...

6.8CVSS1AI score0.0081EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/08 3:40 p.m.22 views

Improper Access Control in chocobozzz/peertube

Description Unauthenticated users can obtain comments on private videos Proof of Concept Vísit the following API link where 123 is the ID of the private video: /api/v1/videos/123/comment-threads Response contains all the comments on that private video. Impact This vulnerability disclosure comment...

4CVSS3.5AI score0.00684EPSS
Exploits0
Huntr
Huntr
added 2022/01/05 3:29 p.m.22 views

Insecure Temporary File in tensorflow/tensorflow

Description tensorflow package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...

3.3CVSS2.1AI score0.0011EPSS
Exploits0
Huntr
Huntr
added 2022/01/03 3:36 a.m.22 views

in livehelperchat/livehelperchat

Description When resetting your password, you're able to enumerate users based on the way that the server responds to your request. If you enter an email that doesn't exist for example: [email protected], then the server will respond with an HTTP 302 FOUND status response code indicated by line 97 o...

5CVSS5.6AI score0.00899EPSS
Exploits1
Huntr
Huntr
added 2021/12/28 7:53 p.m.22 views

Improper Access Control in bookstackapp/bookstack

Description parentChapter permissions are not enforced during sort. Users with only book-update permissions on their own page can move their pages into restricted chapters via modifying the parentChapter id in the sortmap. Users do not need to have access to restricted books / chapter in order to...

4CVSS2.9AI score0.00707EPSS
Exploits1
Huntr
Huntr
added 2021/12/13 5:57 p.m.22 views

Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Description I found file upload XSS, Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. Proof of Concept 1. login and navigate to https://gitstable.yetiforce.com/index.php?module=Users&view=PreferenceEdit&record=5 2. Layout photo Add file. 3...

3.5CVSS5.3AI score0.00456EPSS
Exploits1
Huntr
Huntr
added 2021/12/10 1:1 p.m.22 views

in mruby/mruby

Description NULL Pointer Dereference in mrbfullgc Proof of Concept a = a. nil AddressSanitizer:DEADLYSIGNAL ================================================================= ==21352==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 pc 0x556b44382444 bp 0x7fff4e9961d0 sp...

5CVSS1.3AI score0.01621EPSS
Exploits1
Huntr
Huntr
added 2021/10/06 6:3 a.m.22 views

in chevereto/chevereto-free

Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/10/05 5:7 a.m.22 views

Cross-site Scripting (XSS) - Generic in snipe/snipe-it

Description At File Uploads allows for arbitrary execution of JavaScript Step to Reproduct XSS at filename Goto detail of one asset At tab File choose to upload file with filename contain payload: file'name XSS when upload file .svg In list file types are allowed don't have file .svg Goto detail ...

4.3CVSS0.00764EPSS
Exploits1
Huntr
Huntr
added 2021/09/19 10:44 a.m.22 views

Inefficient Regular Expression Complexity in pksunkara/inflect

✍️ Description The inflect package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted tablename as input to the classify function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. 🕵️‍♂️...

5CVSS1.2AI score0.01183EPSS
Exploits1
Huntr
Huntr
added 2021/09/17 6:15 a.m.22 views

Heap-based Buffer Overflow in mruby/mruby

Description Heap buffer overflow in mruby Proof of Concept // poc.rb %= % .clear ensure begin unless ?n = % :regex or 11 Compile mruby with asan git clone https://github.com/mruby/mruby cd mruby LDFLAGS="-fsanitize=address" CFLAGS="-fsanitize=address -g" make ./bin/mruby poc.rb Result ./bin/mruby...

7.7AI score
Exploits0
Huntr
Huntr
added 2021/09/13 3:43 p.m.22 views

Prototype Pollution in antfu/utils

Description @antfu/utils is a collection of common JavaScript / TypeScript utils. It is vulnerable to Prototype Pollution on the deepMerge function. This allows for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. About the vulnerability Prototype Pollution...

7.5CVSS7.3AI score0.00991EPSS
Exploits1References1
Huntr
Huntr
added 2021/09/09 10:11 a.m.22 views

Cross-site Scripting (XSS) - Reflected in yourls/yourls

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

4.3CVSS2.3AI score0.00696EPSS
Exploits0References1
Huntr
Huntr
added 2021/09/01 6:43 p.m.22 views

Sensitive Cookie Without 'HttpOnly' Flag in pi-hole/adminlte

✍️ Description Please enter a description of the vulnerability. The cookie persistentlogin is set without httponly flag 🕵️‍♂️ Proof of Concept Enable remember me during Login POST /admin/index.php?login HTTP/1.1 Host: 192.168.159.138 Content-Length: 30 Cache-Control: max-age=0...

5CVSS0.2AI score0.01101EPSS
Exploits1References1
Huntr
Huntr
added 2021/08/31 11:5 p.m.22 views

Path Traversal in yogeshojha/rengine

✍️ Description Local File Inclusion through Path Traversal 🕵️‍♂️ Proof of Concept While logged in into a Rengine instance, go to /api/getFileContents/?nucleitemplate&name=../../../../../../../../etc/passwd. The contents of /etc/passwd are included into the response. 💥 Impact This vulnerability is...

2.4AI score
Exploits0
Huntr
Huntr
added 2021/08/30 5:45 a.m.22 views

Prototype Pollution in immerjs/immer

✍️ Description immer package is vulnerable to Prototype Pollution. 🕵️‍♂️ Proof of Concept Create the following PoC file: // poc.js const immer = require"immer"; immer.enablePatches; let obj = ; const patch = op: 'add', path: "proto","polluted", value: "Yes! Its Polluted"; console.log"Before : " +...

7.5CVSS1.7AI score0.01651EPSS
Exploits1
Huntr
Huntr
added 2021/08/25 6:0 p.m.22 views

Cross-site Scripting (XSS) - Reflected in leantime/leantime

✍️ Description Cross-site scripting XSS vulnerabilities Line 9 of delCanvasItem.tpl.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. 🕵️‍♂️ Proof of Concept /leancanvas/delCanvasItem/" 💥 Impact The attacker can: Perform any action within the...

3.3AI score
Exploits0References1
Total number of security vulnerabilities4073