Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
•added 2023/03/19 11:18 a.m.•20 views

Cross site scripting on setting module

Description pimcore is vulnerable to XSS in translate module. Proof of Concept Step to Reproduce. 1. Go to https://11.x-dev.pimcore.fun/admin/ and login. 2. In the left menu bar, go to Settings - Document Types and click on Add button to add a new record. 3. Now click on translate. Add XSS payloa...

4.9CVSS5.2AI score0.0042EPSS
Exploits1
Huntr
Huntr
•added 2023/03/16 8:0 a.m.•20 views

Broken Access Control on "http://localhost/api/user" endpoint

Description Able to create an Admin account from normal User account. Steps 1.Navigate to https://localhost/. 2.Then click on login and then register, fill the form and click Register. 3.Now login with a newly created user account with intercepting the traffics in burp. 4.Turn on the burp interce...

6.5CVSS8.4AI score0.00706EPSS
Exploits2References1
Huntr
Huntr
•added 2023/03/04 2:13 p.m.•20 views

Remote Code Execution Vulnerability Through Unrestrict File Write

Description In the import setting function, in the file Froxlor\lib\Froxlor\SImExporter.php php fileputcontents$imgfilename, $imgdata; if functionexists'finfoopen' $finfo = finfoopenFILEINFOMIMETYPE; $mimetype = finfofile$finfo, $imgfilename; finfoclose$finfo; else $mimetype =...

6.5CVSS8.4AI score0.73247EPSS
Exploits1References1
Huntr
Huntr
•added 2023/02/27 3:47 a.m.•20 views

Missing Authorization Check Allows Impersonated Secure Messages

Description Due to the lack of an authorization check when sending secure messages, an attacker with access to a low level patient account in the portal can impersonate other users when sending secure messages. This would allow a malicious actor to impersonate high-level users...

5.5CVSS6.3AI score0.0043EPSS
Exploits1
Huntr
Huntr
•added 2023/02/23 11:49 p.m.•20 views

Cross-Site Scripting (Stored/Persistent) in Categories

Description • The application is vulnerable to Cross-Site Scripting XSS attacks. This occurs when web applications do not properly validate user-supplied inputs before including them in dynamic web pages. • By intercepting the HTTP Request using Burp-suite tool before submitting into the webpage,...

4.3CVSS5.3AI score0.00398EPSS
Exploits1References1
Huntr
Huntr
•added 2023/02/23 3:1 p.m.•20 views

XSS in button home page

Description vuln was find in File/Documents/Home , any button in page Proof of Concept 1. Login in URL : https://demo.pimcore.fun/admin 2. Go to File - Open Documents - Home 3. click any button in page - Edit Link 4. in tab Advanced, inject payload to : Attributes key="value" For more understandi...

4.9CVSS5.6AI score0.00553EPSS
Exploits1
Huntr
Huntr
•added 2023/02/21 12:9 p.m.•20 views

XSS

Description HTML injection in user profile Vulnerability is in: http://34.245.133.152:9080/users/settings/profile - About Me Proof of Concept Request: PUT /answer/api/v1/user/info HTTP/1.1 Host: localhost:9080 Content-Length: 213 sec-ch-ua: "Not ABrand";v="24", "Chromium";v="110" Content-Type:...

4.9CVSS6AI score0.00522EPSS
Exploits1
Huntr
Huntr
•added 2023/02/17 6:31 p.m.•20 views

Broken Access Control

Vulnerability Broken Access Control Issue Description: • Access control is the way how a web application grants access to content and functions to some users and not others. • These checks are performed after authentication and govern what ā€˜authorized’ users are allowed to do. • Jeffrey discovere...

5CVSS7.5AI score0.01035EPSS
Exploits1
Huntr
Huntr
•added 2023/02/16 4:45 p.m.•20 views

Cross-site Scripting (XSS) - Stored

Description 1. https://11.x-dev.pimcore.fun/admin/ 2. Go to Settings - Thumbnails - Video Thumbnails 3. Click the button Add Media Segment 4. Write : " and then click ok...

4.9CVSS5.6AI score0.00401EPSS
Exploits1
Huntr
Huntr
•added 2023/02/15 8:25 a.m.•20 views

Unauthorized Rest Api owned by Joomla(officially accepted)

Description Joomla has provided the Rest API since version 4.0. These apis need to provide authentication information when accessing, but if public is added to the request parameters when accessing the api. Then any unauthenticated user can directly access Proof of Concept Api can directly obtain...

7.3AI score
Exploits0References1
Huntr
Huntr
•added 2023/02/15 12:10 a.m.•20 views

User with only "edit" can delete post and somethimes can add post

Description If you create a user with edit-only user rights, they should not be able to perform delete or add actions. This is really an admin error, because users with edit permissions can delete posts, and in the case of FAQs, they can also add posts. Proof of Concept 1.Create new user with edi...

4CVSS5AI score0.00699EPSS
Exploits1
Huntr
Huntr
•added 2023/02/14 7:33 p.m.•20 views

stored HTML-Injection in the Comments Part

i was able to detect a stored HTML Injection by answering available questions. Lets see : ------------ AHMED HASSAN STORED HTML INJECTION 1 will now answer a question Comment sent lets see the stored HTML Injection As you can see the stored HTML Injection is working. Thanks for watching...

4.9CVSS5.8AI score0.00476EPSS
Exploits1References2
Huntr
Huntr
•added 2023/02/13 5:15 p.m.•20 views

The XSS playload injected in "Display Name" parameter in creating Contacts are vulnerable to Cross-Site Scripting (Stored/Persistent)

Description The XSS playload injected in "Display Name" parameter in creating Contacts are vulnerable to Cross-Site Scripting Stored/Persistent. Steps to Reproduce: 1. First is go to the user dashboard then contacts: https://demo.modoboa.org/contacts// 2. Then Add new contact, enter the payload...

5.3AI score
Exploits0
Huntr
Huntr
•added 2023/02/08 1:52 p.m.•20 views

Stored XSS in Site Name

Description Stored Cross-site Scripting XSS vulnerability in Site name of answerdev/answer Proof of Concept 1. Log in then 2. Admin --- Setting --- General 3. Enter below payload at Site Name For More Understanding please check POC:...

4.3CVSS5.1AI score0.00526EPSS
Exploits1
Huntr
Huntr
•added 2023/02/04 8:49 a.m.•20 views

Remote Code Execution in "Import Settings" feature

Description Due to Improper data validation in "Import Settings" feature, an authenticated attacker can send crafted settings with malicious payload inside "system.croncmdline" value. Step to reproduce Requirement: PHP code must be executed on attacker machine - Step 1: Attacker run web server an...

6.5CVSS8.5AI score0.03928EPSS
Exploits1
Huntr
Huntr
•added 2023/02/03 8:6 a.m.•20 views

IDOR Vulnerability Allows add tag entry user other

Description IDOR Vulnerability Allows add tag entry user other, allows adding tags to any user, since there is no user authentication. And not limiting the input causes the entry interface to break Proof of Concept Step 1. User A manages entry id 6 Step 2. User B manages entry id 7 Step 3. Login...

5CVSS5.4AI score0.00498EPSS
Exploits1References1
Huntr
Huntr
•added 2023/02/02 1:6 a.m.•20 views

Heap Buffer Overflow in function gf_isom_box_size at src/isomedia/box_funcs.c:1997

Description Heap Buffer Overflow in function gfisomboxsize at src/isomedia/boxfuncs.c:1997 gpac version git log commit bbca869177585aaca8eb66d8541079e6f364798e HEAD - master, origin/master, origin/HEAD Author: jeanlf Date: Wed Jan 18 11:40:30 2023 +0100 fixed potentially missing last packets in...

4.4CVSS7.5AI score0.00358EPSS
Exploits1
Huntr
Huntr
•added 2023/01/31 2:58 p.m.•20 views

Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug

Description Cross Site Scripting XSS in Model\DataObject\Data\UrlSlug of pimcore/pimcore Proof of Concept 1. Login in stable account URL : https://demo.pimcore.fun/admin 2. Go to System Data --- UrlSlug 3. Enter Payload in UrlSlug with starting with "/" slash. For more understanding please check...

4.9CVSS5.3AI score0.03015EPSS
Exploits1
Huntr
Huntr
•added 2023/01/27 2:12 p.m.•20 views

Unauthenticated CSRF to XSS on login page

Description The user-email parameter is vulnerable to XSS on the login page. In this way it is possible to make execute Javascript code on an unauthenticated user. To exploid the vulnerability, since the it is a POST request, it's necessary an HTML poc in order to trigger a CSRF on the login form...

Exploits0
Huntr
Huntr
•added 2023/01/26 6:43 p.m.•20 views

Admin TakeOver

Description The endpoint /api/v2/token/ allows an unauthorized user to perform brute-forcing and the app doesn't block the request which not having any SESSION COOKIE or even CSRF token Request POST /api/v2/token/ HTTP/1.1 Host: demo.modoboa.org User-Agent: Mozilla/5.0 X11; Linux x8664; rv:109.0...

7.5CVSS8.9AI score0.15088EPSS
Exploits4References1
Huntr
Huntr
•added 2023/01/11 1:30 p.m.•20 views

Function of modifying userinfo has storage xss vulnerability

Description This vulnerability allows a malicious user to submit malicious html code on the profile page, causing the identity token to be stolen as soon as another user/administrator accesses the profile page, resulting in the account being taken over by someone else Proof of Concept step1. Log ...

6CVSS8.6AI score0.00714EPSS
Exploits1References1
Huntr
Huntr
•added 2023/01/05 9:52 a.m.•20 views

Cookie Session Not Expiring Even After Deleting the users

Description The session is not expiring in another browser if we delete the user. Proof of Concept 1. Create two users with an admin role for the POC 2. Login in two different browsers Firefox user A and Chrome user B respectively 3. Go the settings-users and delete user B from user A Firefox...

4CVSS6.3AI score0.00655EPSS
Exploits1
Huntr
Huntr
•added 2023/01/01 12:3 p.m.•20 views

Stored XSS via blog author parameter on admin.php?p=config

Description The blog author parameter is unsanitized on the page admin.php?p=config. In this way is possible to inject arbitrary javascript code Proof of Concept - Login as regular user - Go to http://localhost/flatpress/admin.php?p=config - Set as blog author "alertdocument.domain - Refresh page...

4.9CVSS5.9AI score0.00479EPSS
Exploits1
Huntr
Huntr
•added 2022/12/29 5:57 p.m.•20 views

Bypassing filters to trigger XSS while creating memos

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. Payload: " Proof of Concept 1 Go to https://demo.usememos.com/ and login...

6CVSS0.2AI score0.00991EPSS
Exploits1
Huntr
Huntr
•added 2022/12/25 9:13 a.m.•20 views

Stored XSS in notes Title

Description Stored XSS Vulnerability was found while a user creates a new Note & Enter the Name for the Note. The Title of the Note gets directly rendered at "Note Map" Functionality which is leading to HTML injection and Cross site scripting stored & reflected every time the user opens the note...

4.9CVSS6.2AI score0.00398EPSS
Exploits1References2
Huntr
Huntr
•added 2022/12/24 10:56 a.m.•20 views

Stored XSS in resource file uploading

Description The Resources upload feature does not restrict the type of uploaded file. An attacker can upload an html file and the browser still renders it. The CSP is set to default-src 'self' to prevent inline script execution. However, this can be easily bypassed by uploading a .js file then...

4.9CVSS5.7AI score0.00575EPSS
Exploits1
Huntr
Huntr
•added 2022/12/23 4:51 p.m.•20 views

CSRF allows attacker to add malicious tags to vitim account

Description Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user Proof of Concept 1 Go to...

4.3CVSS1.4AI score0.00586EPSS
Exploits1
Huntr
Huntr
•added 2022/12/23 12:28 p.m.•20 views

Denial of Service

Description There is no limit of "Nickname" content length while updating your information that lead to Denial of Service by entering huge number of characters if you insert the following POST request "email": "[email protected]", "id": 104, "nickname":...

5CVSS0.1AI score0.00678EPSS
Exploits1
Huntr
Huntr
•added 2022/12/23 12:9 p.m.•20 views

Full account takeover

Description Account take over via changing email and username and displayed name, After login you and open your settings you can update information ,There is an IDOR here that allows me to change any user email and username and displayed name Proof of Concept...

6.5CVSS0.5AI score0.00911EPSS
Exploits1
Huntr
Huntr
•added 2022/12/21 3:38 p.m.•20 views

No rate limit on "resend email feature" while enable or disable 2FA from /prefs/mfa endpoint

Description When a user is setting up 2FA , a verification code will be sent to the registered email . There is no rate limit on email triggering that will result in an email flood / does attack or will also increase the expenses on your mail server as an attacker can send 1 million emails throug...

4CVSS0.1AI score0.00632EPSS
Exploits1
Huntr
Huntr
•added 2022/12/15 8:38 p.m.•20 views

Stored XSS in Roles

Description Stored cross-site scripting vulnerabilities arise when user input is stored and later embedded into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of an...

4.3CVSS5.4AI score0.00473EPSS
Exploits1References1
Huntr
Huntr
•added 2022/12/13 8:48 p.m.•20 views

Cross site scripting vulnerability in pimcore

Description Cross site scripting vulnerability in pimcore/pimcore "title field " in data objects Proof of Concept 1. Login with dev account https://11.x-dev.pimcore.fun/admin/?dc=1670962076&perspective= 2. Go to setting -- data objects -- classes -- events 3. Click media under genaral settings 4...

4.9CVSS5.3AI score0.00459EPSS
Exploits1
Huntr
Huntr
•added 2022/12/12 11:41 p.m.•20 views

Stored XSS on User Management, Category, Add New FAQ, Add News and Configuration

Description Improper validation on user input in Add Category module, Add New FAQ module, Add News and edit Configuration in phpMyFAQ v3.1.9 allow user to execute malicious javascript payload which lead to vulnerability Stored XSS Proof of Concept - Login to demo instance...

4.9CVSS5.4AI score0.00401EPSS
Exploits0References1
Huntr
Huntr
•added 2022/12/07 6:59 a.m.•20 views

Html Injection in Groups

Description Insert XSS payload in groups fieldsName, Description Proof of Concept 1. login to the dashboard 2. navigate to groups 3. insert Name and Description aaaaatest POC: https://drive.google.com/file/d/1ZsxN-zKoyuiosrgfG8a9Z1sFe9mde-8/view?usp=sharing...

4.9CVSS5.3AI score0.00494EPSS
Exploits1
Huntr
Huntr
•added 2022/12/01 9:56 p.m.•20 views

File Upload Filter Bypass

Description A sanitization filter bypass in plupload.php in MicroweberCMS v1.3.1 allows remote authenticated attackers to upload files outside the restricted location. The target $path for the image is being sanitized here: php $pathrestirct = userfilespath; if isset$REQUEST'path' and...

5.8CVSS0.3AI score0.38236EPSS
Exploits1
Huntr
Huntr
•added 2022/11/29 2:6 p.m.•20 views

Limited LFI via Path Traversal

Description A path thraversal vulnerability in SuiteCRM 7.12.8 and earlier allows remote authenticated attackers to include a php file at an arbitrary path via unsanitized request parameters. Details In Suite CRM v7.12.8, SubpanelCreates.php and SubpanelEdit.php trust unsanitized user input to lo...

6.5CVSS8.6AI score0.28113EPSS
Exploits1
Huntr
Huntr
•added 2022/11/24 6:38 a.m.•20 views

Missing CSRF protection

Description Any user can Add Questions on FAQ section -- https://roy.demo.phpmyfaq.de/index.php?action=ask&categoryid=0 This section is vulnerable to CSRF. The aggressor can abuse this without prior knowledge of others'. The successful CSRF will send new questions from the victim's browser Captur...

4.9CVSS0.3AI score0.00479EPSS
Exploits1
Huntr
Huntr
•added 2022/11/04 10:33 p.m.•20 views

Username and email enumeration via Forgot password feature

šŸ“œ Description User enumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system. The malicious actor is looking for differences in the server's response based on the validity of submitted credentials. The differences can be inside the...

1.4AI score
Exploits0References1
Huntr
Huntr
•added 2022/11/03 9:48 p.m.•20 views

Unauthenticated stored XSS via username & name parameters

There is a stored XSS vulnerability due to improper sanitization of usernames. Vulnerable code User.php line 532: php public function isValidLoginstring $login: bool $login = string$login; if strlen$login loginMinLength || !pregmatch$this-validUsername, $login $this-errors =...

6.1AI score
Exploits0
Huntr
Huntr
•added 2022/11/02 4:43 p.m.•20 views

Stored XSS and HTML injection from markdown

Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform both a Stored XSS and an HTML injection. Thanks to this attack i...

4.9CVSS5.8AI score0.00454EPSS
Exploits1
Huntr
Huntr
•added 2022/10/30 8:18 a.m.•20 views

heap-use-after-free in function did_set_spelllang at spell

Description heap-use-after-free in function didsetspelllang at spell.c:2256:19 vim version shell git log -1 commit 03d6e6f42b0deeb02d52c8a48c14abe431370c1c HEAD - master, tag: v9.0.0820, origin/master, origin/HEAD...

4.4CVSS1.2AI score0.00655EPSS
Exploits1
Huntr
Huntr
•added 2022/10/28 7:16 a.m.•20 views

Improper Input Validation on emails links

Description In GLPI, users can add their own email addresses to their accounts. However, there is a lack of validation which allows users to add new fields into the mailto: link. Email links support multiple parameters like : - cc - bcc - body - subject - multiple emails email1, email2, ... -...

1.7AI score
Exploits0References1
Huntr
Huntr
•added 2022/10/06 4:17 p.m.•20 views

Reflected Cross-Site Scripting in Front Payment CC

Description The frontpaymentcc.php was not properly encoding parameters cardHolderName and zip when the mode AuthorizeNet is sent. The response was a JSON string including unparsed values that will probably be sent using content-type header as text/html, leaving it vulnerable to XSS. Proof of...

5.8CVSS0.6AI score0.00578EPSS
Exploits1
Huntr
Huntr
•added 2022/10/03 12:40 p.m.•20 views

Using application logic to create an email spam attack

Description On every 3 invalid attempts the application sends a new code to the email associate with the account . An attacker can misuse this functionality of the code to create a spam attack Proof of Concept Pre-Requisites: 2FA must be enabled for your account 1 Go to...

7.5CVSS0.6AI score0.00345EPSS
Exploits0
Huntr
Huntr
•added 2022/09/09 8:2 a.m.•20 views

Password can be set extremely weak

Description In this scenario, I use the demo website. It allows us to add more user to test. With password, we can set it 1 Or any charater. There is no policy for password or no password checking. Moreover, it also allows us to change password and the new password also can be set with password...

6.5CVSS1.1AI score0.00785EPSS
Exploits1
Huntr
Huntr
•added 2022/09/08 5:37 p.m.•20 views

html injection on https://demo.microweber.org/demo/search.php?keywords=

Description hello team, I found an HTML injection on https://demo.microweber.org/demo/search.php?keywords= Proof of Concept https://demo.microweber.org/demo/search.php?keywords=ABC%3Cdiv%20style=%22%3E%3Cmarquee%3E%3Ch1%3Eyou%20are%20been%20hacked%20%3C/h1%3E%3C/marquee%3E...

5.8CVSS0.01383EPSS
Exploits1
Huntr
Huntr
•added 2022/09/06 8:52 p.m.•20 views

Stored Cross Site Scripting (XSS) via "properties" during creating new users

Description From demo url login click people icon at the left bar click "Customers" Click "New Customer" button from page Fill up the "Edit" tab Click "Save" button above Click "Properties" tab From "Add a custom Property" field , add "Test" on the first field Click and select "text" on the secon...

4.9CVSS5.2AI score0.00459EPSS
Exploits2
Huntr
Huntr
•added 2022/09/01 4:8 p.m.•20 views

Attacker can turn off 2FA of the Admin

Description The attacker can turn off the 2FA of the admin by performing the CSRF attack Steps to reproduce Step 1: Login as admin on the demo product and navigate to https://demo.corebos.com/index.php?module=Utilities&action=integration&op=getconfig2fa&userlist=1 Step 2: Turn on the 2FA and clos...

4.3CVSS7.1AI score0.00316EPSS
Exploits1References1
Huntr
Huntr
•added 2022/08/31 3:15 a.m.•20 views

Bad Sanitization on "vtlib_purify" function leads to XSS

Description The whole project is using "vtlibpurify" for the sanitization of user inputs. It does a good job while stripping HTML tags like etc. However, it allows tag and we can use javascript protocol on the href attribute via changing : character to . So, our final payload is click Proof of...

4.9CVSS5.2AI score0.00536EPSS
Exploits1
Huntr
Huntr
•added 2022/07/21 4:20 p.m.•20 views

Non-Privilege user can view Patient's Amendments

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version Open-Source electronic health records and medical practice management application has Insecure direct object reference IDOR to function ā€œPatient’s Amendmentsā€, and it never bee...

4CVSS0.2AI score0.00641EPSS
Exploits1
Total number of security vulnerabilities4072