Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/10/27 3:38 a.m.21 views

DOM XSS on lab.flipper.net via the "channel" or "version" parameters

Description Hi ! The Web Platform for the Flipper is vulnerable to DOM XSS via the channel and version parameters. This occurs because when the user clicks on Choose firmware the values are passed directly to innerHTML without parsing. Proof of Concept 1. 1 The user access the following URL :...

1AI score
Exploits0
Huntr
Huntr
added 2022/10/20 10:37 a.m.21 views

Stored Cross-site scripting

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept Visit: http:///phpmyfaq/admin/?action=meta Click button Add template meta data Inject payload in field Page type: "alert"XSS"...

4.9CVSS0.1AI score0.00528EPSS
Exploits1
Huntr
Huntr
added 2022/10/20 10:27 a.m.21 views

Weak Password Requirement

Description We can change password with just 1 character when we use change password function. Proof of Concept When you change password, just press an charactor and then submit. Your password has been changed...

7.5CVSS1.3AI score0.01139EPSS
Exploits1
Huntr
Huntr
added 2022/10/12 7:39 p.m.21 views

Moderators can perform Time based SQL injection attack.

The API endpoint /api/chat/users/setenabled POST is vulnerable to a Time based blind SQL injection attack via body parameter ‘userId’. It allows a Moderator to read, modify or delete the entries in the sqlite database. Moderator can leak the streamkey to access admin dashboard. Proof of concept...

7.5CVSS0.3AI score0.00903EPSS
Exploits0
Huntr
Huntr
added 2022/09/26 4:32 p.m.21 views

No password confirmation on sensitive action like email change

Description It is important to implement password checks on sensitive features like email change Proof of Concept 1 Go to https://rdiffweb-demo.ikus-soft.com/login/ 2 Use the credentials admin , admin123 and login into your account 3 Navigate to the endpoint...

7.5CVSS7AI score0.00749EPSS
Exploits0References1
Huntr
Huntr
added 2022/09/24 11:47 a.m.21 views

No Limit in "title" length while adding SSH key , results in memory consumption/DOS attack

Description There must be a fixed length for user input parameters like "title" while adding SSH key. Allowing users to enter long strings may result in a DOS attack or memory corruption Proof of Concept 1Go to https://rdiffweb-demo.ikus-soft.com/prefs/sshkeys endpoint . 2Click on add SSH key...

5CVSS1.9AI score0.00951EPSS
Exploits1
Huntr
Huntr
added 2022/09/21 6:16 p.m.21 views

Stored Cross-Site Scripting (XSS)

Description There is insufficient input validation in the title of user notifications. Proof of Concept Steps to reproduce: 1. Log in to an admin account 2. Hover over the username & click on Notifications 3. Create a new notification with the Title alertdocument.location and an arbitrary message...

4.9CVSS1.1AI score0.93712EPSS
Exploits0
Huntr
Huntr
added 2022/09/19 2:51 p.m.21 views

The settings of repositories is vulnerable to CSRF

Description The malicious user can change the settings of repository by sending the URL to the victim. Proof of Concept 1.Login into the application https://rdiffweb-demo.ikus-soft.com/settings/admin/test-encoding . 2.Go to test-encoding. 3.Check that the value of remove older is forever. 4.Open...

4.3CVSS0.2AI score0.00319EPSS
Exploits1
Huntr
Huntr
added 2022/09/18 8:54 a.m.21 views

Cookie is persisting in the browser which leads to Session Fixation

Description After logging in and logging out, the application continues to use the preauthentication cookies. The cookies are same after closing the browser and after password change .And also same cookies are reassigning for another user's login which can leads to session fixation. Proof of...

7.5CVSS0.9AI score0.00727EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/13 9:10 a.m.21 views

Session_id without Secure attribute

Description User's session id with secure attribute is false. This vulnerability makes user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Proof of Concept Open the browser and get access to the minarca website, for this scenario I have used the demo/test...

5CVSS0.6AI score0.00508EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/09 8:2 a.m.21 views

Password can be set extremely weak

Description In this scenario, I use the demo website. It allows us to add more user to test. With password, we can set it 1 Or any charater. There is no policy for password or no password checking. Moreover, it also allows us to change password and the new password also can be set with password...

6.5CVSS1.1AI score0.00785EPSS
Exploits1
Huntr
Huntr
added 2022/08/28 4:44 p.m.21 views

Stored Cross-Site Scripting (XSS)

Description Input fields allowing Markdown Input are vulnerable to XSS. This requires Superadmin permissions though. Proof of Concept Steps to reproduce: 1. Log in to the admin account 2. Go to Admin - General Settings 3. Enter the Payload in the Login Note and Dashboard Message fields. 4. Go to...

4.3CVSS1.4AI score0.00595EPSS
Exploits1
Huntr
Huntr
added 2022/08/25 9:58 p.m.21 views

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively we can see the...

5CVSS5.2AI score0.00977EPSS
Exploits0References1
Huntr
Huntr
added 2022/08/23 12:2 p.m.21 views

Privilage escalation allows user with read access only to edit admin portal and take actions

Overview of the Vulnerability Authentication and session management controls can be bypassed in a variety of ways including, calling an internal post-authentication page, modifying the given URL parameters, by manipulating the form, or by counterfeiting sessions. The authentication method for thi...

6.5CVSS1.4AI score0.00437EPSS
Exploits1References2
Huntr
Huntr
added 2022/08/19 6:0 p.m.21 views

Persistent Cross Site Scripting - WidgetsManagement Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On WidgetsManagement module from Settings, the "title"parameter is not validated and it's used directly without any encoding or validation on Vitger/dashboards/ChartFilter.tpl. It allows attacker to injec...

4.9CVSS0.3AI score0.00626EPSS
Exploits1
Huntr
Huntr
added 2022/08/19 5:57 p.m.21 views

Persistent Cross Site Scripting - BusinessHours Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On BusinessHours module from Settings, the type of name parameter is "Text" but it is not validated and it's used directly without any encoding or validation on EditViewBlocks.tpl. It allows attacker to...

4.9CVSS1.1AI score0.00547EPSS
Exploits1
Huntr
Huntr
added 2022/08/06 5:53 p.m.21 views

Previously created sessions continue being valid after MFA activation [namelessmc.com]

Description 1. Hello Team I found one issue related to your 2FA system on https://namelessmc.com/user/settings/?do=enabletfa&s=2 Vulnerability Type: 1. Improper Access Control - Generic STEP TO REPRODUCE: 1. 1- access the same account on https://namelessmc.com/ in two devices 2. 2- on device 'A' ...

6.4CVSS0.5AI score0.00594EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/06 3:18 p.m.21 views

No password brute-force protection on login page

Description The login page doesn't have any protection against a brute-force password attack, which allows an attacker to try every possible password combination without any restriction. Proof of Concept 1. 1- Send a login request of the target user POST http://localhost:5000/api/account/login...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/08/02 7:53 a.m.21 views

Cross-site Scripting - Reflected

Description The pricelevel parameter in openemr is vulnerable to reflected XSS Proof of Concept 1. Open the web browser to access the website 2. Access the url: http://openemr.vn/interface/forms/feesheet/review/feesheetoptionsajax.php?pricelevel=%3Cimg%20src%3da%20onerror%3dalertdocument.cookie%3...

5.8CVSS0.7AI score0.95839EPSS
Exploits1References1
Huntr
Huntr
added 2022/07/28 11:29 p.m.21 views

Reflected XSS on conversion filter function

Description Fava v1.22 have a conversion filter function on income statement dashboard which allow user to perform XSS due to improper validation on filter conversion. Proof of Concept 1 Navigate to Fava demo instance https://fava.pythonanywhere.com/example-beancount-file/incomestatement/. 2 Filt...

5.8CVSS0.6AI score0.00605EPSS
Exploits1
Huntr
Huntr
added 2022/07/28 4:38 p.m.21 views

Full Read Server-Side Request Forgery (SSRF)

Description In the recipe edit page, is possible to upload an image directly or via an URL provided by the user. The function that handles the fetching and saving of the image via the URL doesn't have any URL verification, which allows to fetch internal services. \ \ Furthermore, after the resour...

7AI score
Exploits0
Huntr
Huntr
added 2022/07/25 12:26 p.m.21 views

Idor disclose other user's appointment

Description:- In this case an idor allow an attacker to view portal user's appointments Proof of Concept 1.Goto http://demo.openemr.io/openemr/portal/home.php and then goto my profile my appointment 2.Click on edit appointment button and capture the request in burp suite 3. Change eid parameter t...

4CVSS0.2AI score0.00696EPSS
Exploits1
Huntr
Huntr
added 2022/07/22 6:41 p.m.21 views

Reflected XSS in fava application

Description The "querystring" parameter of fava application is vulnerable to reflected XSS for which a attacker can modify any information that the user is able to modify. Proof of Concept 1.Open the url:...

5.8CVSS0.9AI score0.00698EPSS
Exploits1References2
Huntr
Huntr
added 2022/07/19 1:28 p.m.21 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Description The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session Proof of Concept PHPSESSID:"ID" Created:"Tue, 19 Jul 2022 13:15:32 GMT" Domain:"demo.pimcore.fun" Expires / Max-Age:"Sessio...

Exploits0References2
Huntr
Huntr
added 2022/06/01 8:6 a.m.21 views

Weak Password Requirements

Description Weak password policy leads to successful bruteforce attack Steps to reproduce 1.Go to http://localhost:8083/login and login with default credentials admin/admin123 2.Go to http://localhost:8083/me and change password to 123 3. Noticed that password has been changed successful...

7.5CVSS9.2AI score0.00742EPSS
Exploits1
Huntr
Huntr
added 2022/05/25 12:55 p.m.21 views

Out of Bounds Read in string_scan_range

Description When providing crafted input, an attacker can cause rread32 within stringscanrange to do an out of bounds read. This causes a segmentation fault, but could also potentially enable information disclosure. What's interesting is there is already a comment stating "may oobread" near this...

6.4CVSS8.1AI score0.01383EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/24 3:51 p.m.21 views

proxying Big files leads to potential DOS

Description consider following script exploit.py put drawiodockerinstace your address and also bigfileaddress should be serve a big image file 250 MB python from multiprocessing import Process import requests def fun: try:...

5CVSS6.2AI score0.00969EPSS
Exploits1
Huntr
Huntr
added 2022/05/22 8:5 p.m.21 views

Path Traversal

🔒️ Requirements Privilege: User 📝 Description File path isn't properly sanitized and allow ... 🕵️‍♂️ Proof of Concept Listing other user folder content First, create a user with Read privilege and with specific home folder like /test. Then, Connect to his account and access the home page...

5.5CVSS0.3AI score0.00953EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/20 12:29 a.m.21 views

Improper Access Control - Articles

Description A low-privileged user can modify and delete admin articles just by changing the value of the articleid parameter. Proof of Concept - Step 1 - Authenticated as an unprivileged user, create a New article - Step 2 - Click Edit article - Step 3 - Intercept requests and Save your article -...

4CVSS0.00786EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/16 11:20 a.m.21 views

Buffer Over-read in function get_one_sourceline

Description Buffer Over-read in function getonesourceline at scriptfile.c:1976 vim version git log commit 5a8fad32ea9c075f045b37d6c7739891d458f82b HEAD - master, tag: v8.2.4962, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch6s.dat -c :qa...

4.6CVSS6.8AI score0.00373EPSS
Exploits0
Huntr
Huntr
added 2022/04/20 5:49 p.m.21 views

Cross-site Scripting (XSS) - Generic

Description The Stream URL of octoprint application allowing xss payload to execute for which its leads to Cross-site Scripting XSS Proof of Concept Login to the application Now go to settings - Webcam & Timelapse - Stream URL and insert the payload " in the Stream URL and click on "Test" You wil...

4.6CVSS0.2AI score0.01152EPSS
Exploits1
Huntr
Huntr
added 2022/04/19 7:10 a.m.21 views

A null pointer reference in libmobi.

Description The vulnerability at src/index.cL 1054, function mobitrieinsertinfl. At line 1063 shown as below, function mobigetcncxstringflat uses len as parameter, len got from t.tagvalues. While at line 1060, program doesn’t check the initial value of tagvaluescount, when the for loop begins wit...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/04/12 11:56 p.m.21 views

librenms bills Description & Notes Stored XSS

Description Please enter a description of the vulnerability. Proof of Concept 1. Login 2. go to http://librenms/bills 3. Click to Create Bill 4. Add Description or Notes "" // PoC.js payload1 payload2 POST /bills/ HTTP/1.1 Host: 192.168.0.4 Connection: keep-alive Content-Length: 310 Cache-Control...

4.9CVSS0.2AI score0.94216EPSS
Exploits0References1
Huntr
Huntr
added 2022/03/03 3:38 a.m.21 views

Cross-site Scripting (XSS) - Reflected

Description Please enter a description of the vulnerability. Proof of Concept xss in function add domain POST /add/web v-custom-doc-domain=alert1 https://drive.google.com/file/d/1EeoOX7Pmn5ptuweine4Cgcy1fyd6qEzJ/view?usp=sharing Impact...

4.3CVSS0.6AI score0.01077EPSS
Exploits1
Huntr
Huntr
added 2022/02/25 4:31 a.m.21 views

Cross-site Scripting (XSS) - Stored

Description pimcore is vulnerable to Stored XSS at Title field in the SEO & Settings tab of a Document page. Payload " Step to reproduce 1.Go to https://demo.pimcore.fun/admin/ and login. 2.Click on any document Home, de,... in the Documents 3.Go to SEO & Settings tab, in the Title field, input...

3.5CVSS0.2AI score0.6662EPSS
Exploits1
Huntr
Huntr
added 2022/02/23 4:46 p.m.22 views

Server-Side Request Forgery (SSRF)

Description There is a Blind SSRF in fetching remote images in /uploaddocimg/ endpoint. It's because it does not check hostname before sending HTTP Request to it and only if the content-type be a valid image it will save the response. However, we do not have a full SSRF but there is still a blind...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/02/16 3:54 p.m.21 views

Cross-site Scripting (XSS) - Stored

Description The application does not escape special characters before output to FE, lead to stored XSS. Proof of Concept 1. Go to Content Menus or Content Items. 2. Add an Item with the title set to XSS payload, e.g: Title" 3. Save Draft or Publish Go to View/Preview Draft. XSS will be triggered...

4.3CVSS0.3AI score0.00728EPSS
Exploits1
Huntr
Huntr
added 2022/02/15 11:36 a.m.21 views

OS Command Injection in part-db/part-db

Description OS command injection also known as shell injection is a web security vulnerability that allows an attacker to execute arbitrary operating system OS commands on the server that is running an application, and typically fully compromise the application and all its data. Very often, an...

10CVSS1AI score0.35436EPSS
Exploits5
Huntr
Huntr
added 2022/02/12 7:20 p.m.21 views

Cross-site Scripting (XSS) - Stored in librenms/librenms

Description Cross-Site Scripting vulnerability in LibreNMS v22.1.0 which allows attackers to execute arbitrary javascript code in the browser of a victim which affected Devices module Add Device in sysName, Hardware and Community fields. Proof of Concept Endpoint: 1 POST http://HOST/addhost...

3.5CVSS0.2AI score0.00847EPSS
Exploits1
Huntr
Huntr
added 2022/02/11 11:27 p.m.21 views

in snipe/snipe-it

Description An attacker can enumerate users through the response time in the password reset page. When you visit the password reset page, you will be provided with the option to enter your email address. Let's use two different emails, one will be a valid address, and another will be an invalid...

5CVSS5.2AI score0.00988EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/10 2:29 a.m.21 views

Improper Access Control in liukuo362573/yishaadmin

Description https://www.github.com/liukuo362573/yishaadmin has an endpoint "/admin/File/UploadFile" that allows uploading files without authentication. Root-cause Server doesn't check user's permission when attacker access the endpoint. After that, server will directly call UploadFile function wi...

1.1AI score
Exploits0
Huntr
Huntr
added 2022/02/09 11:8 p.m.21 views

None in radareorg/radare2

Description Use After Free occurs in riobankmapaddtop. commit : 4d75eeb99a0d913e9b443e7aaf73aa44a323739d Proof of Concept $ echo -ne "VlowMFcwMOEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwEDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw...

7.5CVSS0.4AI score0.01262EPSS
Exploits1
Huntr
Huntr
added 2022/02/08 3:22 p.m.21 views

Cross-site Scripting (XSS) - Stored in microweber/microweber

Description There is a reflected XSS in creating and searching tag function . where any user can execute any malicious code results in the cookie stealing or Account takeover vulnerability Steps to Produce: Go to this particular URL URL Click on live edit , Now In the tag section and select the...

3.5CVSS0.3AI score0.00903EPSS
Exploits1
Huntr
Huntr
added 2022/01/22 2:40 p.m.21 views

in radareorg/radare2

Description This vulnerability is of out-of-bound read which accesses the address beyond/past the buffer. The bug exists in latest stable release radare2-5.5.4 and lastest master branch ed2030b79e68986bf04f3a6279463ab989fe400f, updated in Jan 22, 2022. Specifically, the vulnerable code and the...

5.8CVSS6.4AI score0.00958EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/21 9:57 a.m.21 views

in heroiclabs/nakama

Description It is possible to enumerate usernames via the Log-In function. Proof of Concept The login response provides information, whether the username is registered or not in the application. If the user is registered, and wrong password provided, the following information being displayed:...

2.6AI score
Exploits0
Huntr
Huntr
added 2022/01/17 3:20 p.m.21 views

in pimcore/pimcore

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS and digital commerce services. You can upload an infinite number of dangerous SVG files in "Settings" = "System Settings" = "Appearance and Branding" of the pimcore service. Then why is it...

4.6CVSS6.9AI score0.01115EPSS
Exploits1
Huntr
Huntr
added 2022/01/11 12:25 p.m.21 views

Improper Privilege Management in delgan/loguru

BUG ======== unprivileged user can see log file and sensitive information disclosed SUMMURY ============ loguru create log file to store the log . Log may contain many sentsitive information like username,password,token,key etc .\ So, this log file should not accessed by other user .\ But when...

4CVSS0.4AI score0.00758EPSS
Exploits1
Huntr
Huntr
added 2022/01/08 3:40 p.m.21 views

Improper Access Control in chocobozzz/peertube

Description Unauthenticated users can obtain comments on private videos Proof of Concept Vísit the following API link where 123 is the ID of the private video: /api/v1/videos/123/comment-threads Response contains all the comments on that private video. Impact This vulnerability disclosure comment...

4CVSS3.5AI score0.00684EPSS
Exploits0
Huntr
Huntr
added 2022/01/08 12:10 a.m.21 views

Insecure Temporary File in horovod/horovod

Description horovod package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...

5CVSS1.7AI score0.00922EPSS
Exploits0
Huntr
Huntr
added 2021/12/22 5:27 a.m.21 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Stored cross site scripting vulnerability in report class field on custom report feature. Proof of Concept 1 . Login to dev account https://10.x-dev.pimcore.fun/admin/ 2 . Go to marketing -- custom reports -- Report class :field in left navigation menu 3 . Add payload " in report clas...

3.5CVSS5.1AI score0.00642EPSS
Exploits1
Total number of security vulnerabilities4072