Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/07/03 2:22 p.m.20 views

Idor Lead to Delete exported data file

Description In this case attacker is able to delete requested export data file Steps to repro:- 1.Create 2 accounts 2.Login in both account and goto export section and create new export in both account 3.Delete acc1's exported file and capture this request in burp suite and change the id of this...

1AI score
Exploits0References1
Huntr
Huntr
added 2022/06/29 11:15 a.m.20 views

Heap Use After Free in function Q_IsTypeOn

Description Heap Use After Free in function QIsTypeOn at src/bifs/unquantize.c:169 gpac version git log commit ea3af7c8242d1a82657dc3a518df5a5b1b5e27ed HEAD - master, origin/master, origin/HEAD Author: Romain Bouqueau Date: Tue Jun 28 19:25:58 2022 +0200 POC ./MP4Box -bt ./pochuaf1s.dat...

4.4CVSS7.9AI score0.00356EPSS
Exploits1
Huntr
Huntr
added 2022/05/08 8:58 a.m.20 views

Reflected Xss using url based payload

Description Hi there i found that url parameter is not verified by server so an attacker can use javascript schema to run xss on user's browser Proof of Concept 1. Visit this page http://localhost/invoices/EditPageOption?code=ListProducto-new&url=javascript:prompt2 2. Click on back button PoC:-...

4.3CVSS0.00724EPSS
Exploits1
Huntr
Huntr
added 2022/05/03 3:14 p.m.20 views

A heap-buffer-overflow in mobi_decode_infl in index.c

Description A heap-buffer-overflow in mobidecodeinfl in index.c Env Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal mobitool build: May 3 2022 20:46:07 clang Ubuntu Clang 11.1.0 libmobi: 0.10 Build export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasa...

5.8CVSS5.6AI score0.00782EPSS
Exploits1
Huntr
Huntr
added 2022/04/27 4:23 a.m.20 views

Cross-site Scripting (XSS) - Reflected

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept Turn on debugger mode. Add path /?alertorigin to any endpoint - script will be reflected, executed...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2022/03/21 5:34 a.m.20 views

Stored Cross Site Scripting

Vulnerability Type Stored Cross Site-Scripting XSS Affected URL https://localhost/openemr-6.0.0/interface/new/newcomprehensivesave.php Affected Parameters “formfname” “formlname” Authentication Required? Yes Issue Summary A stored XSS vulnerability found in “/interface/new/newcomprehensivesave.ph...

3.5CVSS5.3AI score0.51472EPSS
Exploits2References1
Huntr
Huntr
added 2022/03/20 7:41 a.m.20 views

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3

Description There is a Unrestricted Upload of File vulnerability in AdminUpdateController.class.php in ShowDoc v2.10.3 Proof of Concept POST /showdoc-2.10.3/server/index.php?s=/api/adminUpdate/download HTTP/1.1 Host: 10.211.55.5 Content-Length: 66 Accept: application/json, text/plain, / User-Agen...

6.5CVSS1.1AI score0.01458EPSS
Exploits1References2
Huntr
Huntr
added 2022/03/15 6:31 p.m.20 views

The grav application allows large characters to insert in the input field "Full Name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request

Proof of Concept: 1. Go to http://site/admin/accounts/users/testuser 2. There will a Full name input field 3. Add more than 1 lakhs+ characters to the Full name field 4. You will see the application accepts large characters and if we will increase the characters then it can lead to Dos. POC Image...

2.6AI score
Exploits0
Huntr
Huntr
added 2022/03/14 4:53 a.m.20 views

Stored XSS viva cshtm file upload

Description This is a bypass of the report:https://huntr.dev/bounties/8702e2bf-4af2-4391-b651-c8c89e7d089e/. Here the upload functionality allows the malicious files with the extension .cshtm which leads to Stored XSS. Proof of Concept 1.First, open your text file/notepad and paste the below...

3.5CVSS0.3AI score0.00807EPSS
Exploits1
Huntr
Huntr
added 2022/03/13 11:59 a.m.20 views

Stored XSS due to Unrestricted File Upload

Description Stored XSS via uploading files in .xsl format. Proof of Concept filename="poc.xsl" alert1 Steps to Reproduce 1.Login into showdoc.com.cn.\ 2.Navigate to file library https://www.showdoc.com.cn/attachment/index\ 3.In the File Library page, click the Upload button and choose the poc.xsl...

3.5CVSS5.5AI score0.0061EPSS
Exploits1
Huntr
Huntr
added 2022/03/06 2:32 p.m.20 views

Insufficient Granularity of Access Control

Description There are no rate limits and reuse of captcha is allowed resulting in reuse of same captcha to issue notifications to administrator Proof of Concept Capture the newsletter subscription flow in burp and continue with entering email & captcha until below POST form request is captured...

1.1AI score
Exploits0
Huntr
Huntr
added 2022/02/18 7:7 p.m.20 views

Open Redirect on Rudloff/alltube

Description Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain...

5.8CVSS0.1AI score0.03378EPSS
Exploits1
Huntr
Huntr
added 2022/02/18 1:27 p.m.20 views

Cross-site Scripting (XSS) - Stored

Stored-xss is possible when adding a rule. Create a new Alert Rule like below and adjust the query like below with the following payload " Save the rule and see a xss-pop up...

3.5CVSS1.4AI score0.00613EPSS
Exploits1
Huntr
Huntr
added 2022/02/12 1:53 p.m.20 views

Heap-based Buffer Overflow in mruby/mruby

Description Heap Overflow occurs in mrbfsend. commit : 38b164ace7d6ae1c367883a3d67d7f559783faad Proof of Concept $ echo -ne "c2VuZCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5kIiwic2Vu ZCIsInNlbmQiLCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5kIiwic2VuZCIsInNlbmQiCg==" | base64 -d poc ASAN ...

7.5CVSS8AI score0.00908EPSS
Exploits1
Huntr
Huntr
added 2022/01/26 8:16 a.m.20 views

Cross-site Scripting (XSS) - DOM in tastyigniter/tastyigniter

Description TastyIgniter provides a professional and reliable platform for restaurants wanting to offer online food ordering and table reservation to their customers. this is vulnerable for stored xss Proof of Concept Impact This vulnerability is capable of Stored XSS...

3.5CVSS2.6AI score0.00708EPSS
Exploits1
Huntr
Huntr
added 2022/01/22 3:30 p.m.20 views

in radareorg/radare2

Description This vulnerability is of out-of-bound read which accesses the address beyond/past the buffer. The bug exists in latest stable release radare2-5.5.4 and lastest master branch ed2030b79e68986bf04f3a6279463ab989fe400f, updated in Jan 22, 2022. Specifically, the vulnerable code and the...

5.8CVSS6.5AI score0.00954EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/22 6:14 a.m.20 views

Cross-site Scripting (XSS) - Stored in microweber/microweber

Description There is a persistent XSS Vulnerability exsists in the checkout page where we can able to execute any javascription in the last name field...

3.5CVSS2.7AI score0.00856EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/20 3:7 p.m.20 views

Prototype Pollution in mastodon/mastodon

Description Javascript is "prototype" language which means when a new "object" is created, it carries the predefined properties and methods of an "object" with itself like toString, constructor etc. By using prototype-pollution vulnerability, an attacker can overwrite/create the property of that...

4.3CVSS0.04465EPSS
Exploits1
Huntr
Huntr
added 2022/01/19 7:49 p.m.20 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Pimcore settings module is vulnerable to stored cross site scripting Proof of Concept 1 . Login to dev demo account. https://10.x-dev.pimcore.fun/ 2 . Goto settings --data objects --Add a new class -- add payload in icon field 3 . Click save and close and open that class alert will...

3.5CVSS0.1AI score0.00619EPSS
Exploits1
Huntr
Huntr
added 2022/01/17 10:9 a.m.20 views

Improper Access Control in janeczku/calibre-web

Description With default settings, low-level users will not have permission to create new shelf with public mode. However, due to incorrect checking, the function does not work as intended. Steps To Reproduce - Step 1: Login with admin account and go to http://hostname:8083/admin/user/new. Create...

4CVSS5.2AI score0.0067EPSS
Exploits1
Huntr
Huntr
added 2022/01/13 12:42 p.m.20 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description A CSRF issue is found in the audit configuration under settings. It was found that no CSRF token validation is getting done on the server-side. If we remove the CSRF token and keep the CSRF token field empty, the action is getting performed. Proof of Concept Request POST...

4.3CVSS4.5AI score0.00434EPSS
Exploits1
Huntr
Huntr
added 2022/01/13 4:39 a.m.20 views

Improper Input Validation in chatwoot/chatwoot

Description This vulnerability impacts all fields sent to Chatwoot. Any field that has an excessive amount of characters in it will cause the agent's page to take an abnormal amount of time to load, often requiring the content to be removed before the page will load. In my example, I put 20000000...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/01/12 1:18 p.m.20 views

Cross-site Scripting (XSS) - Stored in e107inc/e107

A Stored Cross-Site Scripting XSS using svg exists in e107 version 2.3.1 Date: 12/1/2022 Exploit Author: Trương Hữu Phúc Contact me: + Github: https://github.com/truonghuuphuc + Facebook: https://www.facebook.com/DdosFulzac.auz1/ + Email: [email protected] + Product: e107 + Version: 2.3.1...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2022/01/12 12:1 p.m.20 views

Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm

Description Hi there, I would like to report a CSRF vulnerability in yetiforcecompany/yetiforcecrm. This allows an attacker to create a new admin. Even when SameSite: Strict enable, this still can be exploited by an attacker with lowest privilege account E.g. guest. Proof of Concept + These are...

6CVSS1.1AI score0.00531EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/12 11:21 a.m.20 views

Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq

Description chaskid is a Open Source Messaging Platform for Marketing, Support & Sales this package is vulnerable for xss Proof of Concept Impact This vulnerability is capable of stored XSS...

4.3CVSS1.2AI score0.00616EPSS
Exploits1
Huntr
Huntr
added 2022/01/11 5:32 p.m.20 views

Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore

Description The application does not escape special characters before output to FE, lead to stored XSS. Proof of Concept 1. Go to Workflows Create Workflow Add Task/Event 2. Set a title with XSS payload, e.g: aa Impact XSS can have huge implications for a web application and its users. User...

3.5CVSS1.8AI score0.00642EPSS
Exploits1
Huntr
Huntr
added 2022/01/02 10:1 p.m.20 views

Cross-site Scripting (XSS) - Stored in getgrav/grav

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. I used &58 instead of : in the href attribute of tag to bypass the xss...

3.5CVSS1.2AI score0.01416EPSS
Exploits1
Huntr
Huntr
added 2021/12/30 4:29 p.m.20 views

Cross-site Scripting (XSS) - Reflected in keystonejs/keystone

Description On Login Page, There Is A "from=" parameter in URL which is vulnerable to open redirect and which can be escalated to reflected XSS. Proof of Concept 1. Install Keystone 6 On Your System. 2. Go To http://localhost:3000/signin?from=http://evil.com And Login And You'll Be Redirected To...

4.3CVSS0.03982EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/27 4:43 p.m.20 views

in mruby/mruby

Description A NULL Pointer Dereference was discovered in mrbclass. The vulnerability causes a segmentation fault and application crash. version 6de0fcb ./mruby -v mruby 3.0.0 2021-03-05 System information Ubuntu 20.04 focal, AMD EPYC 7742 64-Core @ 16x 2.25GHz Proof of Concept poc base64 poc...

5CVSS0.9AI score0.00856EPSS
Exploits1
Huntr
Huntr
added 2021/12/27 8:28 a.m.20 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description The livehelperchat is an open source live chat service. In this service, general users can chat 1:1 with administrators. When administrators send XSS PoC to general users, XSS occurs in general users' chat rooms. Since XSS PoC is saved in the chat room, XSS occurs even if you access t...

3.5CVSS1.3AI score0.0046EPSS
Exploits1
Huntr
Huntr
added 2021/12/26 1:9 p.m.20 views

Data Source Name Injection

Description TiDB Importer uses Go MySQL Driver for connecting to MySQL servers. This driver utilizes Data Source Name DSN strings for describing database connections with the following format: username:password@protocoladdress/dbname?param=value The driver has a built-in protection against LOCAL...

7.5CVSS0.00562EPSS
Exploits0References1
Huntr
Huntr
added 2021/12/26 10:55 a.m.20 views

Cross-site Scripting (XSS) - Stored in star7th/showdoc

Description Stored XSS via upload attachment with format .svg in File Library. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept PoC.svg var...

3.5CVSS0.2AI score0.00642EPSS
Exploits1
Huntr
Huntr
added 2021/12/21 5:58 a.m.20 views

Cross-Site Request Forgery (CSRF) in polonel/trudesk

Description There is a CSRF vulnerability which would allow an attacker to restart the server by simply having a victim with the appropriate privileges visit an attacker's crafted webpage. The vulnerability exists when performing a GET request to the /api/v1/admin/restart endpoint There is also...

1AI score
Exploits0
Huntr
Huntr
added 2021/12/20 9:40 a.m.20 views

Cross-site Scripting (XSS) - Stored in polonel/trudesk

Description There are several areas in the web application that are vulnerable to stored XSS. They include: The chat feature when sending messages /messages/startconversation The name field when creating a department /departments Name field when creating teams /teams You can also exploit the XSS...

6AI score
Exploits0
Huntr
Huntr
added 2021/12/15 2:13 p.m.20 views

Cross-site Scripting (XSS) - Stored in pimcore/web2print-tools

Description Stored XSS in the Description of the Favorite Output Channel Configurations. Steps to reproduce 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In the left menu bar, click the Settings icon then choose Favorite Output Channel Configurations, the Favorite Output Channel...

6.3AI score
Exploits0
Huntr
Huntr
added 2021/12/14 12:19 p.m.20 views

Business Logic Errors in yetiforcecompany/yetiforcecrm

Description YetiForceCRM application is vulnerable to Business Logic Errors in the Weight of a Product since that value can be a negative number. Proof of Concept 1.After login, in the left menu bar, click Databases - Products 2.Click any product to go to the product details. 3.In the product...

4CVSS2.1AI score0.00708EPSS
Exploits1
Huntr
Huntr
added 2021/12/10 6:38 p.m.20 views

Cross-site Scripting (XSS) - Reflected in yetiforcecompany/yetiforcecrm

Description Application is vulnerable to Reflected cross site scripting attack on create Invoice. Proof of Concept Step 1: Login into the application https://gitstable.yetiforce.com/index.php Step 2: Navigate to Quick Create - Cost Invoice Step 3: Click on Source and enter the XSS Playload in...

4.3CVSS0.1AI score0.00782EPSS
Exploits1
Huntr
Huntr
added 2021/12/07 12:51 p.m.20 views

Inefficient Regular Expression Complexity in nltk/nltk

Description nltk is vulnerable to ReDoS attack because of ^-?0-9+.0-9+?$ regex. If attacker succeeds to use malicious payload against RegexpTagger used in function getpostagger and maltregextagger, it will cause a nasty DoS. Proof of Concept // PoC.py import re, time pattern =...

5CVSS2.5AI score0.01461EPSS
Exploits1
Huntr
Huntr
added 2021/11/03 7:33 a.m.20 views

Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk

Description Stored XSS via parameter title when create new ticket Details At the table tickets in admin, when rendering data for column Ticket it allows for arbitrary execution of JavaScript Vulnerability code data: "ticket", render: function data, type, row, meta if type === 'display' data = '' ...

4.3CVSS0.4AI score0.0098EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/11 10:54 p.m.20 views

in stanfordnlp/corenlp

Description The Stanford CoreNLP package provides a set of natural language analysis tools written in Java, is using a vulnerable XML External Entity XXE. An attacker that is able to provide a crafted XML file as input to the readDocument function in the "DomReader.java" file may allow an attacke...

7.5CVSS0.01826EPSS
Exploits1
Huntr
Huntr
added 2021/09/26 7:9 p.m.20 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in kcal-app/kcal

Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2021/09/19 7:26 p.m.20 views

Inefficient Regular Expression Complexity in nltk/nltk

✍️ Description The nltk package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide as an input to the readcomparisonblock function in the file "nltk/corpus/reader/comparativesents.py" may cause an application to consume an excessive amount of CPU. Belo...

5CVSS0.7AI score0.01649EPSS
Exploits1
Huntr
Huntr
added 2021/08/24 9:25 p.m.20 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

✍️ Description csrf bug to create a group chatlist 🕵️‍♂️ Proof of Concept There is no csrf token checking during creating a group-chatlist.\ Bellow request is vulnerable to csrf attack document.getElementById"myForm".submit 💥 Impact csrf bug to create a group chatlist...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/08/10 8:32 a.m.20 views

Server-Side Request Forgery (SSRF) in erudika/scoold

✍️ Description Affected URL is vulnerable to Server-Side Request Forgery SSRF. An attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. 🕵️‍♂️ Proof of Concept @GetMapping"", "/id/" public String get@PathVariablerequired = false...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/08/05 12:55 p.m.20 views

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Attacker able to change any task state from changes/tickets/problems with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/08/02 5:13 p.m.20 views

in star7th/showdoc

✍️ Description The referenced code contains a hard-coded salt that is used for all passwords, ideally - a unique salt should be generated for each password and then would be stored alongside it as oppose to the constant one that is used for all passwords in the showdoc repository. 🕵️‍♂️ Proof of...

4CVSS0.2AI score0.0046EPSS
Exploits1
Huntr
Huntr
added 2021/08/02 4:58 p.m.20 views

in star7th/showdoc

✍️ Description The referenced code block computes a MD5 hash based on a string "rgrsfsrfsrf", the current time, and a random number. The string used is static and does not appear to change, therefore I'm not sure why it is there in the first place as it does not provide any additional security...

4.3CVSS0.6AI score0.01064EPSS
Exploits0
Huntr
Huntr
added 2021/07/31 9:51 p.m.20 views

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to delete any Personal Data if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that Personal data with idrecord value equal to 2 have been deleted. // PoC.html history.pushState'', '', '/'...

2.9AI score
Exploits0
Huntr
Huntr
added 2021/07/31 2:5 p.m.20 views

in amirsanni/mini-inventory-and-sales-management-system

💥 BUG unprivileged user can update stoke 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ 2. Now goto user-B account and here user-B cant see any item.\ Now user-B execute...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/07/05 8:9 a.m.20 views

Server-Side Request Forgery (SSRF) in chatwoot/chatwoot

✍️ Description SSRF via SVG file upload 🕵️‍♂️ Proof of Concept create a new inbox, change its avatar to an SVG file with SSRF payload in it. and open the image in a new tab. 💥 Impact Host redirect...

1.1AI score0.00367EPSS
Exploits0
Total number of security vulnerabilities4072