Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/07/18 7:34 p.m.22 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker can delete any Exports for any user with CSRF vulnerability when the Admin or SuperAdmin or an authorized user click on PoC.html file, it is enough to attacker know the Export's names on server. I convert the...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/07/01 2:45 a.m.22 views

Session Fixation in filegator/filegator

✍️ Description the password reset function is vulnerable to session fixation bug, it's a small low hanging bug 🕵️‍♂️ Proof of Concept open filegator and login with similar accounts in multiple browsers. change the password of the user in one browser and reload the other login session. we can see...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/06/14 2:51 a.m.22 views

Cross-site Scripting (XSS) - Stored in polonel/trudesk

💥 BUG Stored xss using fullname 💥 IMPACT There is no xss filter present . Using this stored xss external user can attack admin and can execute arbitary javascript code in vicitm account . TESTED VERSION ========== trudesk 1.1.5 💥 STEP TO REPRODUCE 1. First goto...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/02/14 12:0 a.m.22 views

Code Injection in adobe/himl

Description himl is a hierarchical config using yaml in Python, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip install himl Run exploit.py import os os.system'pip install himl...

1.6AI score
Exploits0References1
Huntr
Huntr
added 2021/01/30 12:0 a.m.22 views

Code Injection in ewels/multiqc

Description MultiQC Aggregate results from bioinformatics analyses across many samples into a single report. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install multiqc Run exploit.py import os os.system'pip3 install...

2.4AI score
Exploits0References1
Huntr
Huntr
added 2020/10/16 12:0 a.m.22 views

in microweber/microweber

Description microweber/microweber is vulnerable to Arbitrary File Upload. Effective controls have not been implemented to restrict users from uploading malicious content to the web server. Files containing code like .php, .exe and etc can be uploaded successfully. Steps To Reproduce-: 1. Login in...

7.5CVSS2AI score0.01299EPSS
Exploits0
Huntr
Huntr
added 2020/10/12 12:0 a.m.22 views

Prototype Pollution in starcounter-jack/json-patch

Description fast-json-patch is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js let fastjsonpatch = require"fast-json-patch"; functio...

1.2AI score
Exploits0
Huntr
Huntr
added 2020/09/17 12:0 a.m.22 views

in seleniumhq/selenium

Description Selenium is an umbrella project encapsulating a variety of tools and libraries enabling web browser automation. Selenium specifically provides infrastructure for the W3C WebDriver specification — a platform and language-neutral coding interface compatible with all major web browsers...

2.3AI score
Exploits0
Huntr
Huntr
added 2020/09/05 12:0 a.m.22 views

Cross-site Scripting (XSS) - Stored in arachnys/cabot

Description Executed Persistent stored XSS in cabot check settings, as well as the address field. As per CVEs present Stored XSS is a High Severity bug. Proof of Concept 1. setup cabot to reproduce the vulnerability 2. create an account now login to the account 3. Go to checks Create and navigate...

0.4AI score
Exploits0References3
Huntr
Huntr
added 2020/07/30 12:0 a.m.22 views

Code Injection in z4nzu/hackingtool

Description The hackingtool by Z4nzu is a pool of pentest tools that is useful to hackers to do fast hacking from information gathering to web attacks to wireless hacking and much more which are provided in terminal UI. It is built using python3. However it uses os.system command in various place...

1.1AI score
Exploits0
Huntr
Huntr
added 2020/03/27 12:0 a.m.22 views

Command Injection in quobject/aws-cli-js

Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. The issue arises here. Proof of Concept Credit: Mik317 1. Create the following PoC file: js // poc.js var awsCli = require"aws-cli-js"; var Options = awsCli.Options; var Aws =...

1.7AI score
Exploits0
Huntr
Huntr
added 2023/09/30 11:50 a.m.21 views

Open Redirect

Description There is an open redirect in the endpoint /project/switch/project due to the use of symfony's redirect function from a user controlled input. Proof of Concept php $targetPath = $request-query-get'targetPath', false; if $targetPath return $this-redirect$targetPath;...

5.8CVSS6.8AI score0.33629EPSS
Exploits1References1
Huntr
Huntr
added 2023/09/30 6:39 a.m.21 views

Reflected XSS in /admin/index.php

Description Description I noticed, your website is very secure. But you overlooked a flaw XSS Proof of Concept 1. Step 1: Access the demo website 2. Step 2: Access admin/index.php?action=ngductung"img src/onerror="alert'XSS' 3. Step 3: Detect XSS Video PoC...

7.2AI score0.01105EPSS
Exploits1
Huntr
Huntr
added 2023/09/20 2:19 a.m.21 views

NULL Pointer Dereference

Environment Windows 10 22H2 19045.3448 Version I checked against the latest trunk as of 09/19/23 at commit 3a126babc77dd5af4cd8fb0c45d8c0eb172c7b8c and the current release 4.12.0. Description This is a null pointer dereference that causes the IE driver to crash when selenium gets the cookies from...

5CVSS7AI score0.00852EPSS
Exploits1
Huntr
Huntr
added 2023/09/02 8:55 p.m.21 views

Relative path traversal

Description The endpoint /system/data-exports/:filename is intended to export AnythingLLM data zip file for download based on a specified filename parameter. However, a critical security vulnerability arises due to insufficient validation and sanitization of the request.params.filename parameter...

7.5CVSS6.7AI score0.00752EPSS
Exploits1
Huntr
Huntr
added 2023/09/01 2:55 a.m.21 views

stack-overflow in gf_bt_check_line scene_manager/loader_bt.c:408

Description stack-overflow in MP4Box Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.8AI score0.00297EPSS
Exploits1References1
Huntr
Huntr
added 2023/08/31 2:45 a.m.21 views

Out of Bounds Read in MPEG12_ParseSeqHdr media_tools/mpeg2_ps.c

Description Out of Bounds Read in MP4Box. Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.9AI score0.00293EPSS
Exploits1References1
Huntr
Huntr
added 2023/08/13 6:10 a.m.21 views

Improper validation of intent data received in TextViewerActivity allows opening of arbitrary files

Description Tested on Build87 of the Inure application. It was discovered that the application had an exported activity .activities.association.TextViewerActivity which accepted intent data via the file scheme + text/ mime type and opened the associated files from provided URI data string. It is...

3.3CVSS6.9AI score0.00314EPSS
Exploits1
Huntr
Huntr
added 2023/08/05 5:2 a.m.21 views

IDOR in Users Edit screen

Description By manipulating the User ID in the URL, users with low privilege can view the information of any users Proof of Concept Step 1: Login as user1 with author privilege, see that he can only access the edit screen of himself. Click on edit button. Step 2: See the userID in the URL, modify...

4CVSS6.8AI score0.00592EPSS
Exploits1
Huntr
Huntr
added 2023/08/01 5:2 a.m.21 views

Pre-Auth SQLi leading to RCE in Social Media Skeleton v1.0

Summary A SQL Injection vulnerability exists in Social Media Skeleton v1.0 via the username and password parameters in admin/login.php. Not to be confused with login.php, which properly escapes special characters. Issue Description SQL injection SQLi is a code injection technique used to attack...

8.2AI score
Exploits0References5
Huntr
Huntr
added 2023/07/27 1:14 p.m.21 views

Server Side Request Forgery (SSRF)

Description It is possible to access the local environment in the Webhook function. Therefore, Blind SSRF makes it possible to perform a port scan against the local environment. Proof of Concept After logging in, access the webhook setting page, specify the URL with the following pattern, and che...

2.8CVSS6.6AI score0.00533EPSS
Exploits1References2
Huntr
Huntr
added 2023/07/04 7:34 p.m.21 views

Out of bounds read in VobSub loader

Description The gpac VobSub parser takes a FILE handle and attempts to load the information from that file into its memory. The main focus of this report revolves around the first few lines of the function and how they make some assumptions about buffer sizes that allows for an out-of-bounds read...

3.3CVSS7AI score0.00352EPSS
Exploits1
Huntr
Huntr
added 2023/06/30 5:41 a.m.21 views

CSV Injection while export users

1 admin add a user, or a user signup. 2 the user logins and edit himeself 3 the user change his realname as "=1+cmd|'/C calc'!A0" 4 admin go to export the users as a csv file 5 admin open the csv and we can see that the calculator is opened. see https://owasp.org/www-community/attacks/CSVInjectio...

7.5CVSS6.2AI score0.00677EPSS
Exploits0
Huntr
Huntr
added 2023/05/26 5:57 a.m.21 views

Stored XSS on item name - Bypass of (CVE-2023-2516)

Description first create two user accounts and grant them permission to access a same folder. In one of the accounts, generate a new item within the folder. Paste the payload XSS into this field, then save the item. Once saved, click on the item to activate an XSS alert. This is the bypass of...

4.9CVSS6.3AI score0.00683EPSS
Exploits2References1
Huntr
Huntr
added 2023/05/18 6:5 a.m.21 views

Divide By Zero FPE

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Release: n/a Codename: bookworm Version I checked against the latest release as of 05/18/23 the current master branch at commit a6ae93532ea5615c876c81a6580badbfa01d4383 . Description This AddressSanitizer output is...

5CVSS6.7AI score0.00639EPSS
Exploits1
Huntr
Huntr
added 2023/05/04 6:10 a.m.22 views

Cross-site Scripting and CSP Bypass in app.diagrams.net

Description The application allows the user to import a CSV template into the schema, but does not clean the input from the columns resulting in any javascript code being executed. Proof of Concept Example CSV import. Use for comments and for configuration. Paste CSV below. The following names ar...

5.8CVSS7AI score0.00534EPSS
Exploits0References1
Huntr
Huntr
added 2023/05/02 9:55 a.m.21 views

Stored XSS bypass in "FAQ"

Description Stored XSS in "Add new FAQ" feature via inject XSS payload in the answer at the following https://roy.demo.phpmyfaq.de/admin/?action=editentry Steps 1- Login as admin and Go to the following URL https://roy.demo.phpmyfaq.de/admin/?action=editentry to add a new faq 2-Enter the "Questio...

5.8CVSS6.6AI score0.00483EPSS
Exploits0
Huntr
Huntr
added 2023/05/02 8:59 a.m.21 views

Reflected XSS at search_query[] query string

Description Reflected XSS Cross-Site Scripting is a common web security vulnerability that can occur when a user inputs malicious Javascript syntax into the search field. The search function allows users to look for content on the website, and the search keywords are appended to the URL query...

5.8CVSS6.6AI score0.0062EPSS
Exploits1
Huntr
Huntr
added 2023/04/24 7:23 a.m.21 views

Stored XSS in the module named "Dashboard"

Description I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible. Proof of Concept link video PoC https://drive.google.com/file/d/19lzyLY20fn0WdgRxsIrIRSfkrq36j7s5/view?usp=sharing Steps 1.Login as administrator...

6.3AI score0.0044EPSS
Exploits1References1
Huntr
Huntr
added 2023/04/11 10:59 p.m.21 views

Path Traversal at Slack Image Endpoint

Summary Lightdash version \ Required. 1. Install the Lightdash server & database. \ 2. Connect Lightdash to a dbt project and add some metrics. 3. Create and share insights with your team. 4. Craft...

7.2AI score
Exploits0
Huntr
Huntr
added 2023/04/06 8:31 a.m.21 views

Cross site scripting vulnerability in throsten /phpmyfaq

Description Cross site scripting vulnerability in throsten /phpmyfaq in tag field at admin dashboard. Proof of Concept 1 . Login to the demo admin account. https://roy.demo.phpmyfaq.de/admin/ 2 . Go to admin dashboard -- Contents -- Add new FaQ --Faq meta data 3 . Add payload in tag field payload...

4.3CVSS6.6AI score0.00473EPSS
Exploits1
Huntr
Huntr
added 2023/03/30 9:36 a.m.21 views

Stored cross site scripting vulnerability in Save grid option in pimcore dashboard

Description Stored cross site scripting vulnerability in Save grid option in pimcore dashboard. Proof of Concept 1. Login to the demo account https://11.x-dev.pimcore.fun/admin/login 2. On left side menu go to document -- perspective -- cdp https://11.x-dev.pimcore.fun/admin/?perspective=CDP 3. i...

4.9CVSS5.2AI score0.00479EPSS
Exploits1
Huntr
Huntr
added 2023/03/29 4:49 p.m.21 views

Stored XSS on Multiple Edit Page

Description A stored XSS with alert on Editing page. \ I clone repo from master branch and build with docker. Footer show: Version: 1.3.4 Proof of Concept Request image Request raw: POST /api/saveedit HTTP/1.1 Host: 192.168.125.131 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:109.0...

4.9CVSS6.3AI score0.00346EPSS
Exploits1
Huntr
Huntr
added 2023/03/28 3:4 p.m.21 views

Reflected XSS in LimeSurvey

Description There is a XSS in Lime Survey. The $GET'keyword' is not sanitized : echo $GET'keyword'; Proof of Concept We can read cookie contents :...

6AI score
Exploits0
Huntr
Huntr
added 2023/03/26 4:31 p.m.21 views

XSS in Classification Store of Data Objects module in Settings

Description pimcore is vulnerable to XSS at Name field in Classification Store of Data Objects module in Settings. The vulnerability exists in all 3 tabs: Group Collections, Group, Key Definitions. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left men...

4.9CVSS5.2AI score0.00378EPSS
Exploits1
Huntr
Huntr
added 2023/03/24 5:5 p.m.21 views

Improper Access Control which allows one provider to view and edit others provider appointment's details

Description Login using one provider's credential. After login successfully, notice there is POST request to /index.php/backendapi/ajaxgetcalendarappointments which allows the provider to view their own appointments information. However, by changing the recordid parameter to any number start from...

5.5CVSS5.6AI score0.00447EPSS
Exploits1
Huntr
Huntr
added 2023/03/20 9:36 p.m.21 views

Stored XSS in name parameter of "Customers Reports"

Description The name parameter of the "Static Routes" functionality is vulnerable to stored XSS. Proof of Concept 1.Login to https://demo.pimcore.fun/admin/. 2.Now go to Marketing - Customers Reports - Add and Enter the name of the new item a-zA-Z-. 3.Then capture the request on the burp suite an...

4.9CVSS6.8AI score0.00497EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/16 8:16 a.m.21 views

Store XSS in create tag

Description Feature create tag permit attacker injection html tag and execute it. Proof of Concept 1. Add question 2. Create tag with payload in description: 3. Post your question 4. Go to link http:///tags//timeline and click created. Payload executed. POC...

4.9CVSS6.1AI score0.00518EPSS
Exploits1
Huntr
Huntr
added 2023/03/08 4:3 p.m.21 views

Stored HTML Injection via Company Name

Description easyappointments present an html injection vulnerability on the company name field on "/index.php/backend/settings" page. Steps: 1. login as admin 2. go to /index.php/backend/settings Page 3. insert the payload in Company Name field 4. go back to the home page and see the result. Proo...

4.7CVSS5.2AI score0.00431EPSS
Exploits1
Huntr
Huntr
added 2023/02/27 3:47 a.m.21 views

Missing Authorization Check Allows Impersonated Secure Messages

Description Due to the lack of an authorization check when sending secure messages, an attacker with access to a low level patient account in the portal can impersonate other users when sending secure messages. This would allow a malicious actor to impersonate high-level users...

5.5CVSS6.3AI score0.0043EPSS
Exploits1
Huntr
Huntr
added 2023/02/24 8:30 p.m.21 views

Authorization Token Never Expires

Description The vulnerability is related to the Authorization header used for user login. After logging out, the token in the Authorization header remains valid and does not expire. Additionally, the token has an excessively long duration of 10 hours, as confirmed by a request. This vulnerability...

6.8CVSS8.4AI score0.00775EPSS
Exploits1
Huntr
Huntr
added 2023/02/19 10:33 a.m.21 views

Insufficient Session Expiration

Description Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. When handling sessions, web developers can rely either on server tokens or generate session identifiers within the application. Each session should...

7.5CVSS8.9AI score0.00438EPSS
Exploits0References1
Huntr
Huntr
added 2023/02/16 7:27 p.m.21 views

Stored XSS From Visitor to Acc Takeover

Description Using X-Forwarded-For Header Visitor can manipulate ip to trigger xss Proof of Concept 1.Visit any url and Add Header X-Forward-For: 127.0.0.1" 2.If admin check in dashboard xss will trigger Check This image...

4.9CVSS5.6AI score0.00493EPSS
Exploits1
Huntr
Huntr
added 2023/02/14 2:9 p.m.21 views

stored XSS after XSS Filter Bypass through exporting an HTML-Document

Hello, After mitigation of all submitted XSS Vulnerabilities i was able to detect another XSS and bypass the XSS Filters in the FAQ Site while generating an HTML Export. Lets see : ------------------- This is th XSS Paylaod with XSS Ahmed 2 Only XSS Ahmed 2 will work ! Now lets export in in HTML5...

4.9CVSS5.2AI score0.00472EPSS
Exploits1References2
Huntr
Huntr
added 2023/02/10 12:46 p.m.21 views

SQL Injection in Custom Fields

Description SQL injection when updating custom fields in the admin panel. Malicious web admins can use POST /app/admin/custom-fields/edit-result.php with parameters fieldType=set&fieldSize='1' CHARACTER SET utf8; SELECT sleep3; to execute the inserted SQL command SELECT sleep3; and thus result th...

5.8CVSS8AI score0.0305EPSS
Exploits3
Huntr
Huntr
added 2023/02/06 7:24 a.m.21 views

Stored XSS

Description A Cross-Site Scripting XSS vulnerability exists in Dolibarr before 16.0.4 via the ticket creation flow. Exploitation requires that an admin change the value of the box using "onbeforeinput" event. In the worst case, the victim who inadvertently triggers the attack is a highly privileg...

6AI score0.00893EPSS
Exploits1References2
Huntr
Huntr
added 2023/02/04 6:14 p.m.21 views

GET based CSRF on delete user functionality

Description The /account/delete functionality is vulnerable to CSRF. In this way, an attacker can trick the victim to delete his own account just clicking on the link. Steps to reproduce - Login with a user - Now go here: https://app.wallabag.it/account/delete - The account is now deleted without...

4.3CVSS6.2AI score0.00301EPSS
Exploits1
Huntr
Huntr
added 2023/02/03 8:6 a.m.21 views

IDOR Vulnerability Allows add tag entry user other

Description IDOR Vulnerability Allows add tag entry user other, allows adding tags to any user, since there is no user authentication. And not limiting the input causes the entry interface to break Proof of Concept Step 1. User A manages entry id 6 Step 2. User B manages entry id 7 Step 3. Login...

5CVSS5.4AI score0.00498EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/26 11:56 p.m.21 views

CSRF attack used to change user's email, thus blocking its access to the application.

Description The application lacks protection against Cross-Site Request Forgery CSRF because it fails to verify the implementation of the CSRF Token. For example, if a victim visits the following site crafted by the attacker while logged in at the target application, the browser will issue the...

4.3CVSS6.4AI score0.00412EPSS
Exploits1
Huntr
Huntr
added 2023/01/24 5:13 p.m.21 views

Multiple stored XSS

Description Hello! Found multiple stored XSS. PoCs "About me" XSS Insert this code in "About me" http://host/users/settings/profile Website title XSS go to /admin/general, edit 'Site Name' adding the following payload alert"XSS ATTACK!" The script will be executed every time you reload the page...

4.9CVSS5.7AI score0.00393EPSS
Exploits1
Total number of security vulnerabilities4072