Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/12/09 3:15 p.m.21 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET ANY. To expand: One way GET could be...

4.3CVSS4.3AI score0.00363EPSS
Exploits0
Huntr
Huntr
added 2021/11/07 7:27 p.m.21 views

in v2fly/v2ray-core

Description Good afternoon. While looking at your code, we discovered an off-by-one index comparison against length may lead to out-of-bounds read flaw in your v2ray-core repository. Indexing operations on arrays, slices or strings should use an index at most one less than the length. If the inde...

6.4CVSS1.2AI score0.00844EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/05 4:49 a.m.21 views

Cross-site Scripting (XSS) - Generic in snipe/snipe-it

Description XSS in bulk audit function via the asset tag parameter Proof of Concept 1: Go to http:///hardware/bulkaudit feature 2: Use alertdocument.domain as "Asset Tag" parameter 3: Click "Audit", the XSS should be triggered via the message Asset Tag ASSETTAG not found. Impact This vulnerabilit...

3.5CVSS0.3AI score0.00521EPSS
Exploits1
Huntr
Huntr
added 2021/11/01 1:56 p.m.21 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET/ANY. To expand: One way GET/ANY could be...

4.3CVSS0.4AI score0.00429EPSS
Exploits1
Huntr
Huntr
added 2021/10/20 2:2 p.m.21 views

Cross-site Scripting (XSS) - Stored in getgrav/grav

Description Grav is vulnerable to XSS. It is possible to use instead of : in tags. Proof of Concept Payload: HTML CLICK HERE 1: Edit a page with the payload user with low privileges. 2: Check out the target page and click on CLICK HERE. PoC video. Impact This vulnerability is capable of executing...

3.5CVSS0.6AI score0.00573EPSS
Exploits1
Huntr
Huntr
added 2021/10/05 6:55 a.m.21 views

Cross-Site Request Forgery (CSRF) in pkp/pkp-lib

Description Missing CSRF token in role stage assignment, save language settings, and task notification 1: http://10.0.2.15/index.php/e/$$$call$$$/grid/settings/roles/user-group-grid/unassign-stage?stageId=1&userGroupId=5 2:...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/09/29 7:34 p.m.21 views

in stanfordnlp/corenlp

✍️ Description The Stanford CoreNLP package provides a set of natural language analysis tools written in Java, is using a vulnerable XML External Entity XXE. An attacker that is able to provide a crafted XML file as input to the getTextContentFromTagsFromFile function in the "XMLUtils.java" file...

5CVSS0.7AI score0.01317EPSS
Exploits1
Huntr
Huntr
added 2021/09/20 4:8 p.m.21 views

in dompdf/dompdf

Description DomPDF is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate...

1AI score0.0143EPSS
Exploits1References1
Huntr
Huntr
added 2021/09/07 2:21 a.m.21 views

Cross-site Scripting (XSS) - Reflected in engintron/engintron

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.5AI score
Exploits0References1
Huntr
Huntr
added 2021/09/01 6:43 p.m.21 views

Sensitive Cookie Without 'HttpOnly' Flag in pi-hole/adminlte

✍️ Description Please enter a description of the vulnerability. The cookie persistentlogin is set without httponly flag 🕵️‍♂️ Proof of Concept Enable remember me during Login POST /admin/index.php?login HTTP/1.1 Host: 192.168.159.138 Content-Length: 30 Cache-Control: max-age=0...

5CVSS0.2AI score0.01101EPSS
Exploits1References1
Huntr
Huntr
added 2021/08/24 4:37 p.m.21 views

Improper Privilege Management in circuitverse/circuitverse

✍️ Description subscribe to any private project 🕵️‍♂️ Proof of Concept There is two different user called user-A and user-B.\ 1. User-A created a private project .\ 2. Now User-B sent bellow request to subscribe to above private project PUT /commontator/threads/496401/subscribe HTTP/2 Host:...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/08/20 7:6 a.m.21 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

✍️ Description Attacker able to Remove budgeted amount with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

4.3CVSS1.3AI score0.00501EPSS
Exploits1
Huntr
Huntr
added 2021/08/05 12:55 p.m.21 views

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Attacker able to delete any document from Processing problem with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege use...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/07/08 8:10 a.m.21 views

Open Redirect in ionicabizau/parse-url

✍️ Description parse-url mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while parse-url sees it as a relative path. Which will lead to SSRF attacks, open redirects, or...

0.6AI score0.02483EPSS
Exploits2
Huntr
Huntr
added 2021/05/23 12:55 p.m.21 views

Improper Access Control in bramp/myip

✍️ Description Google Maps API key is enabled without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. If Google Maps is not used in your project, then all the following APIs should...

Exploits0
Huntr
Huntr
added 2021/04/08 3:12 a.m.21 views

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in sebhildebrandt/systeminformation

✍️ Description The systeminformation package is vulnerable to Improper Input Validation through versions function. 🕵️‍♂️ Proof of Concept javascript // PoC.js const si = require'systeminformation'; si.versionstoString : = console.log"This is a PoC" ; 💥 Impact This vulnerability allows attackers to...

3.7AI score
Exploits0
Huntr
Huntr
added 2020/12/21 12:0 a.m.21 views

Cross-site Scripting (XSS) - Generic in netlify/netlify-cms

Description netlify-cms-widget-markdown is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce 1. Use the application or use the demo https://cms-demo.netlify.com//collections/posts/new 2. Switch to markdown mode in edtior. 3. Insert the xss payload in to the editorbody 4. XSS payload will...

0.1AI score
Exploits0
Huntr
Huntr
added 2020/05/27 12:0 a.m.21 views

in conradirwin/em-imap

Overview em-imap is a gem that allows you to connect to an IMAP4rev1 server in a non-blocking fashion. Affected versions of this package are vulnerable to Man-in-the-Middle MitM. The hostname in a TLS server certificate is not verified. An attacker can acquire the identity of a trusted server and...

5.8CVSS5.7AI score0.00751EPSS
Exploits1References1
Huntr
Huntr
added 2025/12/04 6:25 p.m.20 views

NLTK – Multiple CorpusReader classes allow Arbitrary File Read via Path Traversal

This report is not public...

8.6CVSS5.9AI score0.00924EPSS
Exploits3
Huntr
Huntr
added 2023/10/13 9:17 a.m.20 views

Restricted vim sandbox escape

Description Restricted vim doesn't allow executing shell commands but it's possible to bypass this by setting GCONVPATH environment variable. I'm not sure if this can be consider a vulnerability but I decided to report it anyway found this while playing TeamItaly CTF . Proof of Concept Save this...

7.1AI score
Exploits0
Huntr
Huntr
added 2023/10/07 5:2 p.m.20 views

CSRF in Send Reminder

Description CSRF in Send Reminder Proof of Concept 1 .Attacker sent form fake to victim history.pushState'', '', '/'; document.forms0.submit; 2 .Victim click, execute send reminder unexpected Video Poc https://drive.google.com/file/d/1eibfxIbACA6DWObg2bjZjJBiqTPlwWd/view?usp=sharing...

6.8CVSS7.1AI score0.00265EPSS
Exploits1
Huntr
Huntr
added 2023/10/05 4:30 p.m.20 views

Stored Cross Site Scripting (XSS)

Description The location endpoint is not sanitized which leads to the Stored Cross Site Scripting XSS Proof of Concept 1. Login as a standard user non-admin Asset page List All https://drive.google.com/file/d/1qymhc6sMe9EeS2bOe4CE2XTAbzFkgHao/view?usp=drivelink 2. Click to open any asset Edit Ass...

4.9CVSS6.3AI score0.00527EPSS
Exploits4References2
Huntr
Huntr
added 2023/09/30 6:39 a.m.20 views

Reflected XSS in /admin/index.php

Description Description I noticed, your website is very secure. But you overlooked a flaw XSS Proof of Concept 1. Step 1: Access the demo website 2. Step 2: Access admin/index.php?action=ngductung"img src/onerror="alert'XSS' 3. Step 3: Detect XSS Video PoC...

7.2AI score0.01105EPSS
Exploits1
Huntr
Huntr
added 2023/09/23 5:58 p.m.20 views

stored xss using journal-role when user try to export user of any journal

BUG ========== stored xss using journal-role when user try to export user of any journal SUMMURY ========= lower level user can attack higher level user using this xss STEP TO REPRODUCE ================ 1. from Admin account create a journal called "journal-A" .\ \ 2. Admin goto above journal...

7AI score0.00338EPSS
Exploits1
Huntr
Huntr
added 2023/09/22 9:44 a.m.20 views

Insufficient Session Expiration

Description User's action is still vaild when admin changed privileges. Proof of Concept 1. Admin create user1 and grant all privileges. 2. go into incognito mode and login as user1 then go to user list page. 3. admin create user2 and in user1 browser refresh the page to see user2. 4. Then admin...

7.2AI score0.00576EPSS
Exploits1References1
Huntr
Huntr
added 2023/09/18 7:45 p.m.20 views

SQL Injection in `icms2/install/index.php`

Introduction I'm quite hesitant about reporting this vulnerability. After thinking about it, I knew I needed to provide this information to you!. As described in the documentation https://docs.instantcms.ru/en/manual/instal, at Post-Installation steps, you described that the installation director...

7.4AI score
Exploits0
Huntr
Huntr
added 2023/09/02 8:55 p.m.20 views

Relative path traversal

Description The endpoint /system/data-exports/:filename is intended to export AnythingLLM data zip file for download based on a specified filename parameter. However, a critical security vulnerability arises due to insufficient validation and sanitization of the request.params.filename parameter...

7.5CVSS6.7AI score0.00752EPSS
Exploits1
Huntr
Huntr
added 2023/08/28 2:23 a.m.20 views

IDOR Vulnerability Allow Low-Level User change role Everyone Includes Admin

Description By manipulating the userid in API PUT /answer/admin/api/user/role, users with low privilege can change role any users Proof of Concept Step 1: Login as user1 with user privilege Step2: Call API PUT /answer/admin/api/user/role with user privilege , change role everyone includes Admin...

6.5CVSS7AI score0.00682EPSS
Exploits1
Huntr
Huntr
added 2023/08/18 3:0 p.m.20 views

There are 6 NULL Pointer Dereference vulnerabilities in MP4Box

NULL Pointer Dereference in function utils/xmlparser.c:1038 Description NULL Pointer Dereference in function utils/xmlparser.c:1038 Environment No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal Version MP4Box - GPAC version...

1.9CVSS6.6AI score0.00305EPSS
Exploits2References6
Huntr
Huntr
added 2023/08/14 10:55 a.m.20 views

Stored XSS in the Cases functionality

Description When creating or editing a case, the web application fails to perform sufficient sanitisation on the description POST parameter, allowing users to inject HTML with malicious JavaScript events. The application does attempt to remove unauthorised elements and events; however, the testin...

4.9CVSS6.6AI score0.00464EPSS
Exploits1
Huntr
Huntr
added 2023/08/14 8:20 a.m.20 views

Cookie without Secure flag

Description There is a ICMS62EC2566CC4B5 cookie without Secure flag and this is authentication cookie. Proof of Concept Link photo PoC: https://drive.google.com/file/d/1uWsRKMT-KyuRPA01Ra1W3YphQgNmMkuu/view?usp=sharing...

3.5CVSS7.1AI score0.00289EPSS
Exploits1
Huntr
Huntr
added 2023/08/14 7:12 a.m.20 views

New password can be set as same as the old password

Description The web application allows us to set new password as the old one at Password change function. Detail: 1/ Access to the demo website and go to My profile. 2/ Choose Edit profile, at the Security tab, change the password with the new password and the old password are the same. 3/ Logout...

4CVSS7.1AI score0.00358EPSS
Exploits0
Huntr
Huntr
added 2023/08/02 4:31 a.m.20 views

Unauthenticated Blind SQL Injection in '/tags/autocomplete'

Description The application was found to be vulnerable to an unauthenticated blind SQL injection in the /tags/autocomplete page. The GET parameter term does not sufficiently sanitize input. Proof of Concept 1. Make a GET request to...

6.4CVSS8.1AI score0.00777EPSS
Exploits1
Huntr
Huntr
added 2023/07/27 1:14 p.m.20 views

Server Side Request Forgery (SSRF)

Description It is possible to access the local environment in the Webhook function. Therefore, Blind SSRF makes it possible to perform a port scan against the local environment. Proof of Concept After logging in, access the webhook setting page, specify the URL with the following pattern, and che...

2.8CVSS6.6AI score0.00533EPSS
Exploits1References2
Huntr
Huntr
added 2023/07/16 1:53 a.m.20 views

Server Side Request Forgery (SSRF)

Description There is Blind SSRF on the vocabulary screen in the administrator screen. Proof of Concept Step 1. Log in to the administrator screen and access "Import new vocabulary" from the "vocabulary" page. Step 2. Specify the following Payload in the "Vocabulary URL" field and check that the...

3.3CVSS6.3AI score0.00563EPSS
Exploits1References2
Huntr
Huntr
added 2023/07/05 10:42 a.m.20 views

Use of predictable RNG for password generation

Description pkp-lib implements a password-generation function with the following line of code being integral to its functionality: PHP for ... $password .= mtrand1, 4 == 4 ? $numbersmtrand0, strlen$numbers - 1 : $lettersmtrand0, strlen$letters - 1; This relies upon mtrandlow, high; to generate a...

5.1CVSS6.9AI score0.00605EPSS
Exploits1References2
Huntr
Huntr
added 2023/06/30 5:41 a.m.20 views

CSV Injection while export users

1 admin add a user, or a user signup. 2 the user logins and edit himeself 3 the user change his realname as "=1+cmd|'/C calc'!A0" 4 admin go to export the users as a csv file 5 admin open the csv and we can see that the calculator is opened. see https://owasp.org/www-community/attacks/CSVInjectio...

7.5CVSS6.2AI score0.00677EPSS
Exploits0
Huntr
Huntr
added 2023/05/25 5:24 p.m.20 views

SQL Injection in the "Users" function of Piwigo

Description Authenticated admin can perform an SQL injection attack by abusing the "Users" function. Proof of Concept - Log in as an admin and access the 'Users' function. - Observe the request on Burp suite POST /piwigo/ws.php?format=json&method=pwg.users.getList. - Manipulate the 'order' or...

8.5AI score
Exploits0
Huntr
Huntr
added 2023/04/25 7:20 p.m.20 views

Stored XSS in the module named "Create Case"

Description I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible. You have almost filtered out all possible cases of XSS, but I noticed that there is still 1 case that you left out. by using this xss command: Pro...

4.3CVSS6.3AI score0.00547EPSS
Exploits1References1
Huntr
Huntr
added 2023/04/10 10:21 a.m.20 views

Stored Cross Site Scripting at FAQ Answer

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.9CVSS5.8AI score0.00541EPSS
Exploits1References1
Huntr
Huntr
added 2023/04/06 8:31 a.m.20 views

Cross site scripting vulnerability in throsten /phpmyfaq

Description Cross site scripting vulnerability in throsten /phpmyfaq in tag field at admin dashboard. Proof of Concept 1 . Login to the demo admin account. https://roy.demo.phpmyfaq.de/admin/ 2 . Go to admin dashboard -- Contents -- Add new FaQ --Faq meta data 3 . Add payload in tag field payload...

4.3CVSS6.6AI score0.00473EPSS
Exploits1
Huntr
Huntr
added 2023/04/05 5:45 p.m.20 views

Broken Access Control On Item via ID

Description By editing the ID on the request or HTML I can see some information of any item via ID Proof of Concept 1. Create two account with perrmission on two folder and set permission for each user. \ 2. Create item with each user \ 3. View detail a item and change itemid on request view...

4CVSS6.5AI score0.00381EPSS
Exploits1
Huntr
Huntr
added 2023/04/02 10:56 a.m.20 views

Bypass check length at Add Folder feature lead to XSS in module=evvtgendoc

Description I found Stored XSS on https://demo.corebos.com/index.php?action=index&module=evvtgendoc after I was Add Folder Proof of Concept Step 1: Go to Documents function https://demo.corebos.com/index.php?action=index&module=Documents , click Add Folder. Step 2: Intercept request by Burpsuite...

4.9CVSS6.2AI score0.00471EPSS
Exploits1
Huntr
Huntr
added 2023/03/30 11:19 a.m.20 views

Stored cross site scripting vulnerability in operator any getter in pimcore grid configuration

Description Stored cross site scripting vulnerability in operator any getter in pimcore grid configuration. Proof of Concept 1. Login to the demo account https://11.x-dev.pimcore.fun/admin/login 2. On left side menu go to document -- perspective -- cdp...

4.9CVSS5.3AI score0.00523EPSS
Exploits1
Huntr
Huntr
added 2023/03/24 7:29 p.m.20 views

Cross site scripting on contact module

Step to reproduce 1. Open into https://demo.corebos.com and navigate to settings Users. 2. Add XSS payload into Entity Name. 3. Now navigate to contact Create contact Add contact and click on more information click add opportunity. 4. On Assign to drop menu select XSS payload and save. XSS Payloa...

4.9CVSS6.1AI score0.00506EPSS
Exploits1
Huntr
Huntr
added 2023/03/21 3:25 a.m.20 views

Unauthenticated Access to Users PII

Description A Unauthorized/Unauthenticated Attacker can access PII data of all the Users. Some of the PII leaked are: first name, last name, email, username, IP address, twofactorsecret, twofactorrecoverycodes Proof of Concept http://localhost/api/user It shows you details of all the users...

4CVSS6.4AI score0.00504EPSS
Exploits0
Huntr
Huntr
added 2023/03/19 11:18 a.m.20 views

Cross site scripting on setting module

Description pimcore is vulnerable to XSS in translate module. Proof of Concept Step to Reproduce. 1. Go to https://11.x-dev.pimcore.fun/admin/ and login. 2. In the left menu bar, go to Settings - Document Types and click on Add button to add a new record. 3. Now click on translate. Add XSS payloa...

4.9CVSS5.2AI score0.0042EPSS
Exploits1
Huntr
Huntr
added 2023/03/16 8:0 a.m.20 views

Broken Access Control on "http://localhost/api/user" endpoint

Description Able to create an Admin account from normal User account. Steps 1.Navigate to https://localhost/. 2.Then click on login and then register, fill the form and click Register. 3.Now login with a newly created user account with intercepting the traffics in burp. 4.Turn on the burp interce...

6.5CVSS8.4AI score0.00706EPSS
Exploits2References1
Huntr
Huntr
added 2023/03/04 2:13 p.m.20 views

Remote Code Execution Vulnerability Through Unrestrict File Write

Description In the import setting function, in the file Froxlor\lib\Froxlor\SImExporter.php php fileputcontents$imgfilename, $imgdata; if functionexists'finfoopen' $finfo = finfoopenFILEINFOMIMETYPE; $mimetype = finfofile$finfo, $imgfilename; finfoclose$finfo; else $mimetype =...

6.5CVSS8.4AI score0.73247EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/27 3:47 a.m.20 views

Missing Authorization Check Allows Impersonated Secure Messages

Description Due to the lack of an authorization check when sending secure messages, an attacker with access to a low level patient account in the portal can impersonate other users when sending secure messages. This would allow a malicious actor to impersonate high-level users...

5.5CVSS6.3AI score0.0043EPSS
Exploits1
Total number of security vulnerabilities4072