Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/01/13 6:5 a.m.21 views

A User Can Unblock Themself

Description PUT /api/v1/users/id API doesn't properly check the authorizaion. Proof of Concept 1. admin Enable user registration functionality. 2. user Register new user and login as them. 3. user Create OAuth client. 4. admin Block the new user on admin panel. 5. user Send the following request:...

4CVSS6.4AI score0.00625EPSS
Exploits1
Huntr
Huntr
added 2022/12/28 6:35 p.m.21 views

Cross-Site Request Forgery (CSRF) in Add Users

Description Hello Team, Create a member functionality is vulnerable for CSRF Attack , by exploiting CSRF vulnerability , attacker can add new Members history.pushState'', '', '/' POC video: https://drive.google.com/file/d/1dN2ug8qjwbz1CGbfuBldwamIFE4BNyH/view?usp=sharing Fix: I just want to sugge...

4.3CVSS0.6AI score0.00256EPSS
Exploits1
Huntr
Huntr
added 2022/12/28 3:49 a.m.21 views

IDOR to delete memo from archives

Description Insecure direct object references IDOR are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. Proof of Concept 1 Login into your account at demo.usememos.com 2 Turn on your burpsuite proxy 3 Go to archived memos ...

4CVSS0.00534EPSS
Exploits1
Huntr
Huntr
added 2022/12/21 3:38 p.m.21 views

No rate limit on "resend email feature" while enable or disable 2FA from /prefs/mfa endpoint

Description When a user is setting up 2FA , a verification code will be sent to the registered email . There is no rate limit on email triggering that will result in an email flood / does attack or will also increase the expenses on your mail server as an attacker can send 1 million emails throug...

4CVSS0.1AI score0.00632EPSS
Exploits1
Huntr
Huntr
added 2022/12/05 12:53 a.m.21 views

Insufficient Upload Filtering

Description The upload filter in Ampache 5.5.5 is insufficient and does not prevent authenticated users from uploading files with malicious extensions, which can lead to remote code execution RCE depending on the local server configuration. This vulnerability assumes several things which has been...

6.5CVSS6.5AI score0.00758EPSS
Exploits1
Huntr
Huntr
added 2022/12/01 9:56 p.m.21 views

File Upload Filter Bypass

Description A sanitization filter bypass in plupload.php in MicroweberCMS v1.3.1 allows remote authenticated attackers to upload files outside the restricted location. The target $path for the image is being sanitized here: php $pathrestirct = userfilespath; if isset$REQUEST'path' and...

5.8CVSS0.3AI score0.38236EPSS
Exploits1
Huntr
Huntr
added 2022/11/29 2:6 p.m.21 views

Limited LFI via Path Traversal

Description A path thraversal vulnerability in SuiteCRM 7.12.8 and earlier allows remote authenticated attackers to include a php file at an arbitrary path via unsanitized request parameters. Details In Suite CRM v7.12.8, SubpanelCreates.php and SubpanelEdit.php trust unsanitized user input to lo...

6.5CVSS8.6AI score0.28113EPSS
Exploits1
Huntr
Huntr
added 2022/11/26 2:30 p.m.21 views

Reflect Cross Site Scripting

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept Go to your web phpmyfaq and visit below URL. Exploit URL:...

5.8CVSS6.1AI score0.04381EPSS
Exploits2
Huntr
Huntr
added 2022/11/24 6:38 a.m.21 views

Missing CSRF protection

Description Any user can Add Questions on FAQ section -- https://roy.demo.phpmyfaq.de/index.php?action=ask&categoryid=0 This section is vulnerable to CSRF. The aggressor can abuse this without prior knowledge of others'. The successful CSRF will send new questions from the victim's browser Captur...

4.9CVSS0.3AI score0.00479EPSS
Exploits1
Huntr
Huntr
added 2022/11/15 3:51 a.m.21 views

Missing Authentication for Critical Function

Description Generally, when users try to change the password, they are asked to verify the request by entering the old password. For the same reason, verification should be there on changing email. when user changes the email address then the website sends verification mail to the new mail id...

3.5CVSS5.1AI score0.00484EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/03 8:16 p.m.21 views

XSS Stored inside help links onevent attribute

📜 Description Cross-site scripting XSS is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. The persistent or stored XSS vulnerability is a more devastating variant of a...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2022/10/27 3:38 a.m.21 views

DOM XSS on lab.flipper.net via the "channel" or "version" parameters

Description Hi ! The Web Platform for the Flipper is vulnerable to DOM XSS via the channel and version parameters. This occurs because when the user clicks on Choose firmware the values are passed directly to innerHTML without parsing. Proof of Concept 1. 1 The user access the following URL :...

1AI score
Exploits0
Huntr
Huntr
added 2022/10/20 10:37 a.m.21 views

Stored Cross-site scripting

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept Visit: http:///phpmyfaq/admin/?action=meta Click button Add template meta data Inject payload in field Page type: "alert"XSS"...

4.9CVSS0.1AI score0.00528EPSS
Exploits1
Huntr
Huntr
added 2022/10/20 10:27 a.m.21 views

Weak Password Requirement

Description We can change password with just 1 character when we use change password function. Proof of Concept When you change password, just press an charactor and then submit. Your password has been changed...

7.5CVSS1.3AI score0.01139EPSS
Exploits1
Huntr
Huntr
added 2022/10/12 7:39 p.m.21 views

Moderators can perform Time based SQL injection attack.

The API endpoint /api/chat/users/setenabled POST is vulnerable to a Time based blind SQL injection attack via body parameter ‘userId’. It allows a Moderator to read, modify or delete the entries in the sqlite database. Moderator can leak the streamkey to access admin dashboard. Proof of concept...

7.5CVSS0.3AI score0.00903EPSS
Exploits0
Huntr
Huntr
added 2022/09/26 4:32 p.m.21 views

No password confirmation on sensitive action like email change

Description It is important to implement password checks on sensitive features like email change Proof of Concept 1 Go to https://rdiffweb-demo.ikus-soft.com/login/ 2 Use the credentials admin , admin123 and login into your account 3 Navigate to the endpoint...

7.5CVSS7AI score0.00749EPSS
Exploits0References1
Huntr
Huntr
added 2022/09/24 11:47 a.m.21 views

No Limit in "title" length while adding SSH key , results in memory consumption/DOS attack

Description There must be a fixed length for user input parameters like "title" while adding SSH key. Allowing users to enter long strings may result in a DOS attack or memory corruption Proof of Concept 1Go to https://rdiffweb-demo.ikus-soft.com/prefs/sshkeys endpoint . 2Click on add SSH key...

5CVSS1.9AI score0.00951EPSS
Exploits1
Huntr
Huntr
added 2022/09/21 6:16 p.m.21 views

Stored Cross-Site Scripting (XSS)

Description There is insufficient input validation in the title of user notifications. Proof of Concept Steps to reproduce: 1. Log in to an admin account 2. Hover over the username & click on Notifications 3. Create a new notification with the Title alertdocument.location and an arbitrary message...

4.9CVSS1.1AI score0.93712EPSS
Exploits0
Huntr
Huntr
added 2022/09/19 2:51 p.m.21 views

The settings of repositories is vulnerable to CSRF

Description The malicious user can change the settings of repository by sending the URL to the victim. Proof of Concept 1.Login into the application https://rdiffweb-demo.ikus-soft.com/settings/admin/test-encoding . 2.Go to test-encoding. 3.Check that the value of remove older is forever. 4.Open...

4.3CVSS0.2AI score0.00319EPSS
Exploits1
Huntr
Huntr
added 2022/09/18 8:54 a.m.21 views

Cookie is persisting in the browser which leads to Session Fixation

Description After logging in and logging out, the application continues to use the preauthentication cookies. The cookies are same after closing the browser and after password change .And also same cookies are reassigning for another user's login which can leads to session fixation. Proof of...

7.5CVSS0.9AI score0.00727EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/13 9:10 a.m.21 views

Session_id without Secure attribute

Description User's session id with secure attribute is false. This vulnerability makes user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Proof of Concept Open the browser and get access to the minarca website, for this scenario I have used the demo/test...

5CVSS0.6AI score0.00508EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/09 8:2 a.m.21 views

Password can be set extremely weak

Description In this scenario, I use the demo website. It allows us to add more user to test. With password, we can set it 1 Or any charater. There is no policy for password or no password checking. Moreover, it also allows us to change password and the new password also can be set with password...

6.5CVSS1.1AI score0.00785EPSS
Exploits1
Huntr
Huntr
added 2022/08/28 4:44 p.m.21 views

Stored Cross-Site Scripting (XSS)

Description Input fields allowing Markdown Input are vulnerable to XSS. This requires Superadmin permissions though. Proof of Concept Steps to reproduce: 1. Log in to the admin account 2. Go to Admin - General Settings 3. Enter the Payload in the Login Note and Dashboard Message fields. 4. Go to...

4.3CVSS1.4AI score0.00595EPSS
Exploits1
Huntr
Huntr
added 2022/08/25 9:58 p.m.21 views

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively we can see the...

5CVSS5.2AI score0.00977EPSS
Exploits0References1
Huntr
Huntr
added 2022/08/23 12:2 p.m.21 views

Privilage escalation allows user with read access only to edit admin portal and take actions

Overview of the Vulnerability Authentication and session management controls can be bypassed in a variety of ways including, calling an internal post-authentication page, modifying the given URL parameters, by manipulating the form, or by counterfeiting sessions. The authentication method for thi...

6.5CVSS1.4AI score0.00437EPSS
Exploits1References2
Huntr
Huntr
added 2022/08/19 6:0 p.m.21 views

Persistent Cross Site Scripting - WidgetsManagement Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On WidgetsManagement module from Settings, the "title"parameter is not validated and it's used directly without any encoding or validation on Vitger/dashboards/ChartFilter.tpl. It allows attacker to injec...

4.9CVSS0.3AI score0.00626EPSS
Exploits1
Huntr
Huntr
added 2022/08/06 5:53 p.m.21 views

Previously created sessions continue being valid after MFA activation [namelessmc.com]

Description 1. Hello Team I found one issue related to your 2FA system on https://namelessmc.com/user/settings/?do=enabletfa&s=2 Vulnerability Type: 1. Improper Access Control - Generic STEP TO REPRODUCE: 1. 1- access the same account on https://namelessmc.com/ in two devices 2. 2- on device 'A' ...

6.4CVSS0.5AI score0.00594EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/06 3:18 p.m.21 views

No password brute-force protection on login page

Description The login page doesn't have any protection against a brute-force password attack, which allows an attacker to try every possible password combination without any restriction. Proof of Concept 1. 1- Send a login request of the target user POST http://localhost:5000/api/account/login...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/08/02 7:53 a.m.21 views

Cross-site Scripting - Reflected

Description The pricelevel parameter in openemr is vulnerable to reflected XSS Proof of Concept 1. Open the web browser to access the website 2. Access the url: http://openemr.vn/interface/forms/feesheet/review/feesheetoptionsajax.php?pricelevel=%3Cimg%20src%3da%20onerror%3dalertdocument.cookie%3...

5.8CVSS0.7AI score0.95839EPSS
Exploits1References1
Huntr
Huntr
added 2022/07/28 11:29 p.m.21 views

Reflected XSS on conversion filter function

Description Fava v1.22 have a conversion filter function on income statement dashboard which allow user to perform XSS due to improper validation on filter conversion. Proof of Concept 1 Navigate to Fava demo instance https://fava.pythonanywhere.com/example-beancount-file/incomestatement/. 2 Filt...

5.8CVSS0.6AI score0.00605EPSS
Exploits1
Huntr
Huntr
added 2022/07/28 4:38 p.m.21 views

Full Read Server-Side Request Forgery (SSRF)

Description In the recipe edit page, is possible to upload an image directly or via an URL provided by the user. The function that handles the fetching and saving of the image via the URL doesn't have any URL verification, which allows to fetch internal services. \ \ Furthermore, after the resour...

7AI score
Exploits0
Huntr
Huntr
added 2022/07/25 12:26 p.m.21 views

Idor disclose other user's appointment

Description:- In this case an idor allow an attacker to view portal user's appointments Proof of Concept 1.Goto http://demo.openemr.io/openemr/portal/home.php and then goto my profile my appointment 2.Click on edit appointment button and capture the request in burp suite 3. Change eid parameter t...

4CVSS0.2AI score0.00696EPSS
Exploits1
Huntr
Huntr
added 2022/07/22 6:41 p.m.21 views

Reflected XSS in fava application

Description The "querystring" parameter of fava application is vulnerable to reflected XSS for which a attacker can modify any information that the user is able to modify. Proof of Concept 1.Open the url:...

5.8CVSS0.9AI score0.00698EPSS
Exploits1References2
Huntr
Huntr
added 2022/07/19 1:28 p.m.21 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Description The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session Proof of Concept PHPSESSID:"ID" Created:"Tue, 19 Jul 2022 13:15:32 GMT" Domain:"demo.pimcore.fun" Expires / Max-Age:"Sessio...

Exploits0References2
Huntr
Huntr
added 2022/06/01 8:6 a.m.21 views

Weak Password Requirements

Description Weak password policy leads to successful bruteforce attack Steps to reproduce 1.Go to http://localhost:8083/login and login with default credentials admin/admin123 2.Go to http://localhost:8083/me and change password to 123 3. Noticed that password has been changed successful...

7.5CVSS9.2AI score0.00742EPSS
Exploits1
Huntr
Huntr
added 2022/05/25 12:55 p.m.21 views

Out of Bounds Read in string_scan_range

Description When providing crafted input, an attacker can cause rread32 within stringscanrange to do an out of bounds read. This causes a segmentation fault, but could also potentially enable information disclosure. What's interesting is there is already a comment stating "may oobread" near this...

6.4CVSS8.1AI score0.01383EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/24 3:51 p.m.21 views

proxying Big files leads to potential DOS

Description consider following script exploit.py put drawiodockerinstace your address and also bigfileaddress should be serve a big image file 250 MB python from multiprocessing import Process import requests def fun: try:...

5CVSS6.2AI score0.00969EPSS
Exploits1
Huntr
Huntr
added 2022/05/22 8:5 p.m.21 views

Path Traversal

🔒️ Requirements Privilege: User 📝 Description File path isn't properly sanitized and allow ... 🕵️‍♂️ Proof of Concept Listing other user folder content First, create a user with Read privilege and with specific home folder like /test. Then, Connect to his account and access the home page...

5.5CVSS0.3AI score0.00953EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/20 12:29 a.m.21 views

Improper Access Control - Articles

Description A low-privileged user can modify and delete admin articles just by changing the value of the articleid parameter. Proof of Concept - Step 1 - Authenticated as an unprivileged user, create a New article - Step 2 - Click Edit article - Step 3 - Intercept requests and Save your article -...

4CVSS0.00786EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/16 11:20 a.m.21 views

Buffer Over-read in function get_one_sourceline

Description Buffer Over-read in function getonesourceline at scriptfile.c:1976 vim version git log commit 5a8fad32ea9c075f045b37d6c7739891d458f82b HEAD - master, tag: v8.2.4962, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch6s.dat -c :qa...

4.6CVSS6.8AI score0.00373EPSS
Exploits0
Huntr
Huntr
added 2022/04/19 7:10 a.m.21 views

A null pointer reference in libmobi.

Description The vulnerability at src/index.cL 1054, function mobitrieinsertinfl. At line 1063 shown as below, function mobigetcncxstringflat uses len as parameter, len got from t.tagvalues. While at line 1060, program doesn’t check the initial value of tagvaluescount, when the for loop begins wit...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/04/12 11:56 p.m.21 views

librenms bills Description & Notes Stored XSS

Description Please enter a description of the vulnerability. Proof of Concept 1. Login 2. go to http://librenms/bills 3. Click to Create Bill 4. Add Description or Notes "" // PoC.js payload1 payload2 POST /bills/ HTTP/1.1 Host: 192.168.0.4 Connection: keep-alive Content-Length: 310 Cache-Control...

4.9CVSS0.2AI score0.94216EPSS
Exploits0References1
Huntr
Huntr
added 2022/03/03 3:38 a.m.21 views

Cross-site Scripting (XSS) - Reflected

Description Please enter a description of the vulnerability. Proof of Concept xss in function add domain POST /add/web v-custom-doc-domain=alert1 https://drive.google.com/file/d/1EeoOX7Pmn5ptuweine4Cgcy1fyd6qEzJ/view?usp=sharing Impact...

4.3CVSS0.6AI score0.01077EPSS
Exploits1
Huntr
Huntr
added 2022/02/25 4:31 a.m.21 views

Cross-site Scripting (XSS) - Stored

Description pimcore is vulnerable to Stored XSS at Title field in the SEO & Settings tab of a Document page. Payload " Step to reproduce 1.Go to https://demo.pimcore.fun/admin/ and login. 2.Click on any document Home, de,... in the Documents 3.Go to SEO & Settings tab, in the Title field, input...

3.5CVSS0.2AI score0.6662EPSS
Exploits1
Huntr
Huntr
added 2022/02/23 4:46 p.m.22 views

Server-Side Request Forgery (SSRF)

Description There is a Blind SSRF in fetching remote images in /uploaddocimg/ endpoint. It's because it does not check hostname before sending HTTP Request to it and only if the content-type be a valid image it will save the response. However, we do not have a full SSRF but there is still a blind...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/02/18 1:27 p.m.21 views

Cross-site Scripting (XSS) - Stored

Stored-xss is possible when adding a rule. Create a new Alert Rule like below and adjust the query like below with the following payload " Save the rule and see a xss-pop up...

3.5CVSS1.4AI score0.00613EPSS
Exploits1
Huntr
Huntr
added 2022/02/16 3:54 p.m.21 views

Cross-site Scripting (XSS) - Stored

Description The application does not escape special characters before output to FE, lead to stored XSS. Proof of Concept 1. Go to Content Menus or Content Items. 2. Add an Item with the title set to XSS payload, e.g: Title" 3. Save Draft or Publish Go to View/Preview Draft. XSS will be triggered...

4.3CVSS0.3AI score0.00728EPSS
Exploits1
Huntr
Huntr
added 2022/02/15 11:36 a.m.21 views

OS Command Injection in part-db/part-db

Description OS command injection also known as shell injection is a web security vulnerability that allows an attacker to execute arbitrary operating system OS commands on the server that is running an application, and typically fully compromise the application and all its data. Very often, an...

10CVSS1AI score0.35436EPSS
Exploits5
Huntr
Huntr
added 2022/02/12 7:20 p.m.21 views

Cross-site Scripting (XSS) - Stored in librenms/librenms

Description Cross-Site Scripting vulnerability in LibreNMS v22.1.0 which allows attackers to execute arbitrary javascript code in the browser of a victim which affected Devices module Add Device in sysName, Hardware and Community fields. Proof of Concept Endpoint: 1 POST http://HOST/addhost...

3.5CVSS0.2AI score0.00847EPSS
Exploits1
Huntr
Huntr
added 2022/02/11 11:27 p.m.21 views

in snipe/snipe-it

Description An attacker can enumerate users through the response time in the password reset page. When you visit the password reset page, you will be provided with the option to enter your email address. Let's use two different emails, one will be a valid address, and another will be an invalid...

5CVSS5.2AI score0.00988EPSS
Exploits1References1
Total number of security vulnerabilities4072