Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/07/27 7:57 p.m.57 views

HTML Injection Leads To Open Redirect

Description HTML injection is possible in the Installation title parameter, which leads to Open Redirect when clicked. Proof of Concept Open Redirect 1. Login as Admin 2. Navigate to settings 3. Edit the Installation title and set it to: Click Me 4. Save Changes 5. Click the Click Me text on the...

4.3CVSS7.3AI score0.00445EPSS
Exploits1
Huntr
Huntr
added 2022/04/25 9:35 a.m.57 views

SQL injection in Calendar.php

Description In Calendar.php line 498-513, web server get values parameter as a part of sql query without sanitize, so attacker can be manipulated sql query, which is executed by web server...

6.4CVSS0.2AI score0.01873EPSS
Exploits1
Huntr
Huntr
added 2023/05/13 2:7 p.m.56 views

IDOR 漏洞使得攻击者可以在一个组织内任意添加、删除、修改工作空间

Proof of Concept 1 系统中存在两个组织,team1和team2 2 用户user1是 team1 的管理员, 不是team2的管理员 3 用户1在team1中创建工作空间,名为workspace1. 4 用户1使用burpsuit拦截请求,在请求中将team1的ID换成team2的ID 5 查看请求,结果显示成功,用户1可以在team2中任意创建工作空间。 复现视频:https://1drv.ms/v/s!Avwg5C1eKVA4gispbgvOYQkvQ9KP?e=4yimBo...

3.3CVSS6.9AI score0.00676EPSS
Exploits1
Huntr
Huntr
added 2023/02/16 1:37 a.m.56 views

Stored XSS in the adminlog functionality.

Description There is a stored XSS in the 'adminlog' functionality. E.g. the page http://phpmyfaq.local/admin/?action=adminlog shows failed login attempts. If a user with the username 'alert1;' tries to log in, it gets logged and displayed on the adminlog unsanitized. Proof of Concept 1. visit...

4.9CVSS5.1AI score0.00537EPSS
Exploits1
Huntr
Huntr
added 2021/08/25 12:54 p.m.55 views

Sensitive Cookie Without 'HttpOnly' Flag in froxlor/froxlor

✍️ Description HTTPOnly attribute is not set for session cookies in the application. 🕵️‍♂️ Proof of Concept 💥 Impact When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session cookies that can...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2020/09/14 12:0 a.m.55 views

Prototype Pollution in mariocasciaro/object-path

Overview object-path is a tiny JavaScript utility to access deep properties using a path for Node and the Browser Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be...

6.8CVSS0.8AI score0.01528EPSS
Exploits0
Huntr
Huntr
added 2023/02/11 9:47 a.m.55 views

No Rate Limit On Reset Password

Description A rate limiting algorithm is used to check if the user session or IP address has to be limited based on the information in the session cache. In case a client made too many requests within a given time frame, HTTP servers can respond with status code 429: Too Many Requests. wikipedia ...

5CVSS6.6AI score0.00681EPSS
Exploits0
Huntr
Huntr
added 2022/12/23 1:43 a.m.54 views

Weak password at demo website version 3.1.9

Description The demo website is now version 3.1.9 but still affected of weak password requirement. Proof of Concept 1. Login to the demo website with any users. 2. Use "Change password" function, set the new password is number 1. 3. It's successful, try to re-login to check it...

7.5CVSS9.2AI score0.00643EPSS
Exploits0
Huntr
Huntr
added 2022/04/03 2:34 p.m.54 views

XSS via Embedded SVG in SVG Diagram Format

Description It is possible to embed SVG images in diagrams. When those are exported or used in a diagram in SVG format, the content of the embedded SVG image is included inline. This means the SVG markup gets inserted directly into the markup of the enclosing SVG. Since the SVG content is not...

4.3CVSS6.3AI score0.01832EPSS
Exploits1
Huntr
Huntr
added 2020/12/21 12:0 a.m.54 views

Code Injection in microsoft/nni

Description Arbitrary Code Excecution in microsoft/nni. An open source AutoML toolkit for automate machine learning lifecycle, including feature engineering, neural architecture search, model compression and hyper-parameter tuning. Technical Description This package was vulnerable to Arbitrary co...

6.5CVSS1.6AI score0.02482EPSS
Exploits0References1
Huntr
Huntr
added 2022/10/01 4:40 a.m.53 views

Path Traversal (CWE-22) leak sensitive data

Description Path Traversal successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server. Proof of Concept Note: If you can not see the poc image , you can follow this link...

5CVSS2.3AI score0.00997EPSS
Exploits1
Huntr
Huntr
added 2022/07/08 5:16 p.m.53 views

Bypass IP detection to brute-force password

Description In login API, by default, the IP address will be blocked when the user tries to login incorrectly more than 5 times but we can bypass this mechanism by abuse X-Forwarded-For header to bypass IP dectection and perform password brute-force. Proof of Concept POST /demo/api/userlogin...

7.5CVSS0.6AI score0.0092EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/14 7:29 p.m.53 views

Leakage of third-party OAuth token via redirect

Description The application allows the usage of third-parties to store the files, such as Google Drive, Github, Gitlab, etc. It's possible to bypass the protection of the redirect parameter and redirect the user and the OAuth token to an attacker controlled site. Proof of Concept 1. An attacker...

5.8CVSS6.7AI score0.01125EPSS
Exploits1
Huntr
Huntr
added 2022/01/16 5:54 a.m.53 views

in liquibase/liquibase

Description The XMLChangeLogSAXParser function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

7.5CVSS0.8AI score0.02921EPSS
Exploits1
Huntr
Huntr
added 2022/03/12 7:36 p.m.52 views

The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Proof of Concept 1. Go to add post http://site.com/admin/post/create 2. click on create new post 3. There will a option called post title 4. Fill the input field with huge characters, more than 1 lakh 5. Copy the below payload and put it in the input fields and click on continue. 6. You will see...

4.3CVSS2.2AI score0.04498EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/06 6:51 p.m.52 views

Server-Side Request Forgery (SSRF)

Description The fix for my previous report CVE-2022-0767 is still incomplete and could be bypassed via IPV4/IPV4 embedding : ssrf-ipv4ipv6.etclab.top will resolve to 0:0:0:0:0:ffff:127.0.0.1 Proof of Concept POST /admin/book/1 HTTP/1.1 Host: 127.0.0.1:8083 User-Agent: Mozilla/5.0 Windows NT 10.0;...

7.5CVSS0.01042EPSS
Exploits2
Huntr
Huntr
added 2022/02/27 10:28 a.m.52 views

Insecure Storage of Sensitive Information

Vulnerability name: EXIF Geolocation Data Not Stripped From Uploaded Images vulnerability Description:- When the user uploads his profile picture, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of microweber users like their...

4CVSS0.4AI score0.01074EPSS
Exploits1References3
Huntr
Huntr
added 2022/04/10 2:30 p.m.51 views

URL Restriction Bypass

Description The validation of URLs contains flaws that allow bypassing security restrictions that are applied in the security profiles of PlantUML. There are two different flaws through which validation mechanisms can be circumvented. In the examples images are loaded to showcase the bypass...

6.4CVSS0.1AI score0.01514EPSS
Exploits1
Huntr
Huntr
added 2021/07/30 5:39 p.m.51 views

in sergix44/xbackbone

✍️ Description According to 1 we have : The secure attribute is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure attribute is to prevent cookies from being observed by unauthorized parties due to the...

1AI score
Exploits0
Huntr
Huntr
added 2023/07/17 9:18 p.m.50 views

XSS with CSP bypass leads to diagrams backdoor

🔒️ Requirements The user must go on a link and remove a square. In the following section, I'll give PoCs only for chromium based browsers 📝 Description 📦 Load plugins by default Thanks to the ?p= parameter, it is possible to enforce the user to load built-in plugins without warning for a specific...

5.8CVSS6.2AI score0.00346EPSS
Exploits0
Huntr
Huntr
added 2022/08/19 4:26 p.m.50 views

Full account takeover

POC: Step 1: Use a normal user account Step 2: Change user password in edit profile function Step 3: Enter data fields that change normally Step 4: Use burp suite to intercept requests to update profile Step 5: Change id from 2 to id 1 and send request The result of logging in with the new userna...

6.5CVSS0.7AI score0.00703EPSS
Exploits1
Huntr
Huntr
added 2022/07/23 4:9 a.m.49 views

Null Pointer Dereference Caused Segmentation Fault

Description Null pointer dereference caused segmentation fault. This can cause Denial-of -service attack. version smlijun@ubuntu:/gpacasan/bin/gcc$ ./MP4Box -version MP4Box - GPAC version 2.1-DEV-rev243-gf87b12b32-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Plea...

1.9CVSS5.7AI score0.00488EPSS
Exploits1
Huntr
Huntr
added 2022/07/07 4:56 p.m.49 views

Cross-site scripting - DOM

Description DOM XSS with filter bypass on /demo/module/ using type parameter without authentication. Proof of Concept...

4.3CVSS0.7AI score0.00508EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/13 6:4 a.m.49 views

RCE in the Desktop App because of Unsafe Link Handling

Description URLs or links in a diagram are passed to shell.openExternal without additional validation. This is a dangerous function and can be exploited when URLs with arbitrary schemes are passed to it. It allows code execution through various methods, as described in detail here: -...

6.8CVSS8.7AI score0.01361EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/13 8:59 p.m.49 views

global heap buffer overflow in skip_range

✍️ Description When fuzzing vim commit f420ff244 v8.2.4747 with clang 13 and ASan, I discovered a global buffer overflow. Proof of Concept Here is the minified poc bash r 0norm0V:^ How to build bash LD=lld AS=llvm-as AR=llvm-ar RANLIB=llvm-ranlib CC=clang CXX=clang++ CFLAGS="-fsanitize=address"...

6.8CVSS0.2AI score0.03104EPSS
Exploits1
Huntr
Huntr
added 2022/04/07 2:42 p.m.49 views

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true

Description Hello and thank you for the wonderful library! We use it extensively in our app. However, I think we've identified an XSS vulnerability in the Export plug-in. If you set the exportOptions in your Bootstrap Table to true, then you can force arbitrary Javascript to execute see the...

3.5CVSS0.6AI score0.00717EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/23 3:46 a.m.49 views

Heap-based Buffer Overflow in allinurl/goaccess

Description Good evening, I hope you're doing well during these challenging times. During recent research, we discovered a heap-buffer-overflow vulnerability impacting countinvalid on line 555 of src/gstorage.c. It appears that this is caused by an excessive number of invalid log strings combined...

Exploits0
Huntr
Huntr
added 2021/10/03 1:8 p.m.49 views

Prototype Pollution in kriszyp/json-schema

Description A constructed payload sent to validate will lead to prototype pollution. Proof of Concept // PoC.js const validate = require"json-schema"; const instance = JSON.parse "$schema": "type": "object", "properties": "proto": "type": "object", "properties": "polluted": "type": "string",...

7.5CVSS1.9AI score0.03563EPSS
Exploits1
Huntr
Huntr
added 2023/10/13 6:39 a.m.48 views

Cross-Site Request Forgery Vulnerability in Logout Functionality

Description Logout CSRF is a security vulnerability where an attacker forces a user to unknowingly log out of their session by tricking them into triggering a logout request through a malicious website or link. GET http://localhost:8080/logout Proof of Concept history.pushState'', '', '/'...

6.8CVSS6.9AI score0.00318EPSS
Exploits1References1
Huntr
Huntr
added 2023/08/14 7:6 p.m.48 views

STORED XSS in File Upload

Description In the file upload, I can't upload files with extension like html,php,.. but I can upload a file with extension "inc" and that leads to stored XSS. Proof of Concept https://drive.google.com/file/d/1eDE63KXbZLYraDus6hSXwiTaLDVx9ut/view?usp=sharing...

4.9CVSS6.9AI score0.00484EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/27 2:51 p.m.48 views

Open Redirect using Host header Injection

Description A web server commonly hosts several web applications on the same IP address, referring to each application via the virtual host. In an incoming HTTP request, web servers often dispatch the request to the target virtual host based on the value supplied in the Host header. Without prope...

5.8CVSS6.1AI score0.00599EPSS
Exploits1References2
Huntr
Huntr
added 2022/08/06 3:5 p.m.48 views

Full Read Server-Side Request Forgery (SSRF)

Description Via the /api/upload/upload-by-url endpoint is possible to upload an image via an URL provided by the user. The function that handles this upload, doesn't verify or validate the provided URL, allowing to fetch internal services. \ \ Furthermore, after the resource is fetched, there is ...

4CVSS0.6AI score0.02298EPSS
Exploits1
Huntr
Huntr
added 2022/08/06 3:48 a.m.48 views

Insufficient Session Expiration After Password Change

Description During my test, I found that in Cockpit v 2.1.2, the application was not validating the request after password change. This allows attacker to update user account details even after admin changes password. Steps to Reproduce : 1. Login with your account and click on click on "Account...

7.5CVSS0.8AI score0.00956EPSS
Exploits1
Huntr
Huntr
added 2022/03/12 5:44 a.m.48 views

Unrestricted XML Files Leads to Stored XSS

Description The web Application restricts upload files by blacklist extensions. It's not safe for the application to prevent the attack, there are many extension can cause an attack to user and web application. By uploading XML files, the users can perform an Stored XSS attack Proof of Concept 1...

3.5CVSS0.01877EPSS
Exploits1
Huntr
Huntr
added 2022/02/20 5:21 a.m.48 views

Insertion of Sensitive Information Into Debugging Code

Description Laravel debug mode exposes sensitive data, eg: internal source codes, stack traces, sql queries, databases names, tables names, user's cookies, email, phone number, username, laravel version, php version, etc Proof of Concept 1. Login into http://demo.microweber.org 2. Navigate to thi...

4CVSS0.6AI score0.01376EPSS
Exploits1
Huntr
Huntr
added 2022/11/20 3:54 p.m.47 views

Stored XSS - XSS in RSS link href attribute

📜 Description Cross-site scripting XSS is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. The persistent or stored XSS vulnerability is a more devastating variant of a...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2022/03/28 10:45 a.m.47 views

Use after free in utf_ptr2char

✍️ Description When fuzzing vim commit 9dac9b175, I discovered a use after free. I'm testing on ubuntu 20.04 with clang 13. Proof of Concept Here is the minimized poc bash s/\v/\r /%',600 How to build bash LD=lld AS=llvm-as AR=llvm-ar RANLIB=llvm-ranlib CC=clang CXX=clang++...

6.8CVSS7.8AI score0.01462EPSS
Exploits1
Huntr
Huntr
added 2022/01/18 7:23 a.m.47 views

Heap-based Buffer Overflow in vim/vim

Description Heap-buffer-overflow in vim Proof of Concept ./vim -u NONE -X -Z -e -s -S poc3 -c :qa! POC3 is here. Bt ==728741==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000025500 at pc 0x0000008961b2 bp 0x7ffca76ad0b0 sp 0x7ffca76ad0a8 READ of size 1 at 0x621000025500 thread T0...

7.5CVSS8AI score0.02086EPSS
Exploits1
Huntr
Huntr
added 2021/10/11 6:37 a.m.47 views

Improper Authorization in collectiveaccess/pawtucket2

Description Users without any readaccess to a lightbox can still view its contents via incrementing the id Proof of Concept ... http://10.0.2.15/pawtucket/index.php/Lightbox/Present/setid/1 http://10.0.2.15/pawtucket/index.php/Lightbox/Present/setid/2...

3.3AI score
Exploits0
Huntr
Huntr
added 2022/05/14 12:37 p.m.47 views

Local file inclusion

Description https://app.diagrams.net/embed2.js?&fetch= is used to fetch data and i tried to perform ssrf by extracting google cloud metadata but was unable to do but i am still able to fetch server files like /etc/passwd. Proof of Concept 1. Visit https://app.diagrams.net/embed2.js?&fetch= 2. Ent...

5CVSS7.4AI score0.0164EPSS
Exploits1
Huntr
Huntr
added 2022/05/11 6:55 p.m.47 views

Uncontrolled Resource Consumption

Description The Organizr application allows large characters to insert in the input field "Username" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1.Sign up to the application, capture the request in burp suites, and send it to Repeater...

5CVSS1.4AI score0.01046EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/06 3:50 p.m.46 views

Improper Neutralization of Special Elements Used in a Template Engine

Description The Microweber application allows HTML tags in the "Blog Comments" which can be exploited by Injecting HTML payloads. Proof of Concept 1.Open any blog in which comment is allowed. 2.Insert your html code in code block. e.g., Hurry Up!Go to https://evil.com and get free $1000 in your...

6.8CVSS0.2AI score0.04998EPSS
Exploits2References1
Huntr
Huntr
added 2022/02/17 2:55 a.m.46 views

Improper Access Control to Remote Code Execution

Description In Webmin v1.984, affecting File Manager module, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as download file from remote URL and change file permission chmod. It is possible to achieve...

9CVSS0.9AI score0.96977EPSS
Exploits13
Huntr
Huntr
added 2022/02/03 3:46 p.m.46 views

Improper Authorization in phpipam/phpipam

Description In phpIPAM 1.4.5, a normal user with the role of Usercould view/read the log files via show-logs.php, errorlogs.php and accesslogs.php endpoints. It is supposedly accessible by the Administrator only. Proof of Concept Tested version: phpIPAM 1.4.5 Affected endpoints: 1 GET/POST...

4CVSS6.3AI score0.01015EPSS
Exploits1
Huntr
Huntr
added 2021/10/19 9:12 a.m.46 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description XSS in the question asking session feedback page Proof of Concept Hi'" link https://demo.fork-cms.com/private/en/faq/edit?token=u1xyihius6&id=1 paste the payload in the question section and view the question in link Impact custom javascript code execution , session stealing etc...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/10/11 4:25 p.m.46 views

Cross-site Scripting (XSS) - Stored in snipe/snipe-it

Description Multiple Stored XSS at parameter 'name' when creating a record at features 'Custom Fields', 'Asset Models', 'Suppliers', 'Locations', at Snipe-It 5.2.0 Proof of Concept // PoC.req POST /snipe-it/public/fields HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X...

3.5CVSS5.5AI score0.00803EPSS
Exploits1
Huntr
Huntr
added 2020/04/14 12:0 a.m.46 views

Code Injection in elwerene/libreoffice-convert

Description The libreoffice-convert module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js const libre = require'libreoffice-convert'; libre.convert'',...

1.9AI score
Exploits0
Huntr
Huntr
added 2023/06/07 1:13 p.m.45 views

Unauthenticated Blind SSRF

Description The Oxeye research team found Owncast vulnerable to an Unauthenticated Blind SSRF vulnerability. This vulnerability may allow an unauthenticated attacker to force the Owncast server to send HTTP requests to arbitrary locations using the GET HTTP method. This vulnerability also allows...

6.4CVSS7.5AI score0.01356EPSS
Exploits1
Huntr
Huntr
added 2022/06/25 12:25 a.m.45 views

Null pointer dereference in function diff_check

Description Null pointer dereference in function diffcheck at diff.c:1923 Version commit 8eba2bd291b347e3008aa9e565652d51ad638cfa HEAD, tag: v8.2.5151 Proof of Concept guest@elk:/trung/vim2/src$ valgrind ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/guest/trung/poc/poc22 -c :qa! ==4357==...

4.3CVSS0.01303EPSS
Exploits1
Huntr
Huntr
added 2022/05/05 11:57 p.m.45 views

Users Account Pre-Takeover or Users Account Takeover.

Team, May you all be well on your side of the screen. : While Doing some research on the https://microweber.org, I was able to find a Pre-Account Takeover vulnerability. Kindly check the proof of concept video & reproduction steps for better understanding. Proof of concept: I have uploaded the bo...

6.8CVSS0.7AI score0.08958EPSS
Exploits4
Total number of security vulnerabilities4072