Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/07/31 2:5 p.m.20 views

in amirsanni/mini-inventory-and-sales-management-system

💥 BUG unprivileged user can update stoke 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ 2. Now goto user-B account and here user-B cant see any item.\ Now user-B execute...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/07/05 8:9 a.m.20 views

Server-Side Request Forgery (SSRF) in chatwoot/chatwoot

✍️ Description SSRF via SVG file upload 🕵️‍♂️ Proof of Concept create a new inbox, change its avatar to an SVG file with SSRF payload in it. and open the image in a new tab. 💥 Impact Host redirect...

1.1AI score0.00367EPSS
Exploits0
Huntr
Huntr
added 2021/06/11 5:29 p.m.20 views

in hascheksolutions/opentrashmail

✍️ Description Hi, there is a local file inclusion vulnerability in opentrashmail. In https://github.com/HaschekSolutions/opentrashmail/blob/master/web/api.phpL23 : php ?php define'DS', DIRECTORYSEPARATOR; define'ROOT', dirnameFILE; // $action = strtolower$REQUEST'a'; $email =...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/05/25 10:34 p.m.20 views

in thisistherk/fast_obj

✍️ Description Whilst experimenting with the test code built from commit d97389 with Clang 11 +UBSan on Ubuntu 20.04.2 LTS, we discovered an OBJ file which produces a signed integer overflow and a pointer overflow followed by a SIGSEGV 🕵️‍♂️ Proof of Concept echo...

2.8AI score
Exploits0
Huntr
Huntr
added 2021/05/13 2:22 a.m.20 views

Heap-based Buffer Overflow in strukturag/libde265

✍️ Description heap-buffer-overflow of decctx.cc in function readspsNAL 🕵️‍♂️ Proof of Concept Verification steps: 1.Get the source code of Bento4 2.Compile the Bento4 bash $ ./autogen.sh $ export CFLAGS="-g -lpthread -fsanitize=address" $ export CXXFLAGS="-g -lpthread -fsanitize=address" $...

7.5CVSS2.5AI score0.0202EPSS
Exploits1References1
Huntr
Huntr
added 2021/05/03 3:53 a.m.20 views

OS Command Injection in sztheory/exifcleaner

✍️ Description Command Injection using XSS via EXIF Data. The application displays the image metadata in HTML format without removing malicious tags, therefore an XSS attack can be performed. bash exiftool -Comment='OverJT' MYIMAGE.png Being an application made in electron, it allows to easily...

1.1AI score0.0434EPSS
Exploits1References2
Huntr
Huntr
added 2021/02/14 12:0 a.m.20 views

Prototype Pollution in trenskow/keyd

Description keyd is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Sensitive Information Disclosure/Denial of ServiceDoS/Remote Code Execution. Proof of...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/02/13 12:0 a.m.20 views

Prototype Pollution in elcharitas/js-dot

Description Prototype Pollution in js-dot Proof of Concept 1. Create the following PoC file: // poc.js var jsDot = require"js-dot" var obj = console.log"Before : " + .polluted; jsDot.setobj,"proto.polluted","Yes! Its Polluted"; console.log"After : " + .polluted; 2. Execute the following commands ...

2.1AI score
Exploits0
Huntr
Huntr
added 2020/11/24 12:0 a.m.20 views

Business Logic Errors in braitsch/node-login

Description node-login is a template for quickly building login systems on top of Node.js & MongoDB. The business logic which updates account details fails to verify if the provied email is associated with another account. Proof of Concept 1. Navigate to /signup and Create two accounts with data...

1.5AI score
Exploits0
Huntr
Huntr
added 2020/11/19 12:0 a.m.20 views

Code Injection in jadonk/bonescript

Overview BoneScript is a node.js library for physical computing on embedded Linux, starting with support for BeagleBone. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in the setDate function. Proof of...

1.9AI score
Exploits0
Huntr
Huntr
added 2020/07/28 12:0 a.m.20 views

Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr

Overview dolibarr is a modern and easy to use web software to manage your business. This package is vulnerable to Cross-site Scripting XSS. The module renders user-uploaded html files in the browser when the attachment parameter is removed from the direct download URL...

3.5CVSS2.4AI score0.00928EPSS
Exploits1References2
Huntr
Huntr
added 2020/06/24 12:0 a.m.20 views

Denial of Service in nescalante/urlregex

Overview urlregex No-dependency URL validation for Node and the browser. This package is vulnerable to Regular Expression Denial of Service ReDoS. An attacker providing a long string in String.test can cause a Denial of Service attack. PoC node const urlRegex = require"urlregex"; const isValid =...

2.1AI score
Exploits0References1
Huntr
Huntr
added 2020/05/23 12:0 a.m.20 views

Code Injection in domharrington/node-gitlog

Description The gitlogplus module is vulnerable against an arbitrary command injection issue which is made possible since some user-inputs are executed inside a command which doesn't have validations of any kind. POC 1. Create the following PoC file: js // poc.js var git = require'gitlogplus';...

1.9AI score
Exploits0
Huntr
Huntr
added 2020/05/02 12:0 a.m.20 views

Code Injection in easy-team/node-tool-utils

Description The node-tool-utils module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js const tool = require'node-tool-utils'; tool.checkPortUsed"test; touc...

2.5AI score
Exploits0
Huntr
Huntr
added 2020/04/19 12:0 a.m.20 views

Code Injection in rapidfacture/pdf-toolz

Description The pdf-toolz module is vulnerable against arbitrary command injection due to the fact some inputs given by the user are unsafely processed and executed. POC 1. Create the following PoC file: js // poc.js var pdf = require'pdf-toolz/PDF2Image'; pdf.pdfToImage"a", "test; touch HACKED; ...

2AI score
Exploits0
Huntr
Huntr
added 2026/01/28 12:48 p.m.19 views

Infinite Loop Denial of Service via Circular Dependencies in Functional Model Deserialization

Description A vulnerability in keras.src.models.functional.functionalfromconfig allows a Denial of Service DoS attack via an infinite loop. When reconstructing a Functional model from a configuration e.g., via keras.models.loadmodel, the deserialization logic fails to detect or break out of...

5.8AI score
Exploits0
Huntr
Huntr
added 2023/10/15 12:9 p.m.19 views

leaked all users names from a user without known permissions

Description - From any user account without authority go to /admin/users page to view employee information but can leak all employee names that exist on the platform. - The vulnerabilities occurred in the 3 features : delete, set active state, assign role in page /admin/users and...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/10/13 6:44 a.m.19 views

stack-buffer-overflow in gf_text_get_utf8_line

Description stack-buffer-overflow in gftextgetutf8line at filters/loadtext.c:381. Version git log commit 7edc40feef23efd8c9948292d269eae76fa475af HEAD - master, origin/master, origin/HEAD Author: jeanlf Date: Thu Oct 12 16:58:53 2023 +0200 ./bin/gcc/MP4Box -version MP4Box - GPAC version...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/10/10 7:49 p.m.19 views

privilege escalation bug to edit survey

BUG ======== normal user can edit any survey AFFTED VERSION ============ 6.2.10 SUMMRUY ========== normal user has view permiision in survey . But still that user can edit the survey by adding that survey to his own group . STEP TO REPRODUCE ================= 1. There is already a superadminuser-...

7.1AI score
Exploits0
Huntr
Huntr
added 2023/10/09 6:37 p.m.19 views

post body leaked to third party site when 303 redirect happen

BUG ======= post body leaked to third party site when 303 redirect happen SUMMURY ============ as per specification provided https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections during redirection of 303 POST request, body should be lost and request method should be GET .\ \ check the...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/10/09 5:53 a.m.19 views

Cross-Site Request Forgery (CSRF) in

Description CSRF led to change permissions of participant in Edit Assignment sessions. Proof of Concept Payload: https://drive.google.com/file/d/1dHY9CS6R4mKM4F0im5n1aUxFamMEjbAa/view?usp=sharing Video PoC: https://drive.google.com/file/d/1AdDFE-qOF-EvVEJzzXKguMfr6ZkXXEx/view?usp=drivelink...

7.2AI score0.00255EPSS
Exploits1
Huntr
Huntr
added 2023/09/30 3:18 p.m.19 views

CSRF on marking an admin task as complete

Description A data altering method is done through a get request in AdminTaskToggleDoneView, making it vulnerable to csrf attack. In django, get request is considered as a safe method and is not protected against csrf. Proof of Concept python class AdminTaskToggleDoneViewLoginRequiredMixin,...

4.3CVSS6.9AI score0.00238EPSS
Exploits1References1
Huntr
Huntr
added 2023/09/28 6:51 p.m.19 views

CSRF Edit Locale files

Description CSRF edit Locale files Proof of Concept 1 .Attack sends fake requests to users history.pushState'', '', '/'; document.forms0.submit; 2 .User click, edited unwanted Locale files Payload Poc https://drive.google.com/file/d/1wpgmDoK0fGsiPSKfThVoEWq50pj7sBz5/view?usp=sharing Video Poc...

7.1AI score0.00216EPSS
Exploits1
Huntr
Huntr
added 2023/09/14 11:39 a.m.19 views

Stored XSS at LOGO+USER menu

Description Please enter a description of the vulnerability. Proof of Concept login with admin account visit https://demo.instantcms.io/admin/widgets?templatename=modern&scrollto=row-14 navigate to logo+user menu tab insert payload 1" onmouseover = "alert'hackedbytisha' at Parent row Tag CSS clas...

6.5AI score
Exploits0References1
Huntr
Huntr
added 2023/09/13 9:58 p.m.19 views

Improper input validation leads to arbitrary file deletion

Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...

6.8AI score0.0073EPSS
Exploits1
Huntr
Huntr
added 2023/09/11 9:50 a.m.19 views

Stored xss using journal-name in journal-tab

BUG ======== Stored xss using journal-name in journal-tab ACCOUNT ========== 1. user-A -- superadmin -- Victim -- Firefox browser Normal mode\ 2. user-B -- journal manager -- Attacker -- Firefox browser Container-1\ STEP TO RERPODUCE ====================== 1. From user-A account create a journal...

7.5AI score0.00449EPSS
Exploits1
Huntr
Huntr
added 2023/09/07 12:33 p.m.19 views

Reflected Cross-Site Scripting (XSS) vulnerability in the dynamic 404 page

Description When running a Cecil site by cecil serve without a 404.html, Reflected Cross-Site Scripting XSS is possible via the URI path. Proof of Concept Run the following commands: mkdir cecil-404-xss-poc cd cecil-404-xss-poc curl -L https://cecil.app/cecil.phar -o cecil chmod +x cecil ./cecil...

5.8CVSS5.9AI score0.00446EPSS
Exploits1
Huntr
Huntr
added 2023/08/25 5:5 p.m.19 views

Unverified password change : old password can be used as new password

Description Pimcore Platform v 11.0.7 is not enforcing strict password policy which allow attacker to set old password as new password Proof of Concept 1- go to https://demo.pimcore.com/admin/login 2- login with demo user credentials Username: superuser Password: enterprisedemo 3- Now login and...

7.3AI score0.00553EPSS
Exploits1
Huntr
Huntr
added 2023/08/24 11:27 p.m.19 views

Theft of Arbitrary Files due to lack of intent validation and insecure usage of provider paths in TTFViewerActivity.kt

Description Through the use of Oversecured, leading vulnerability scanner for Android and iOS applications, we were able to detect an Theft of Arbitrary Files vulnerability within TTFViewerActivity.kt. Check full issue definition in the image below: Root Cause Analysis The TTFViewerActivity faile...

5CVSS6.7AI score0.00356EPSS
Exploits0References1
Huntr
Huntr
added 2023/08/24 8:31 a.m.19 views

Input Validation Vulnerability Leading to Denial of Service in LimeSurvey v5.6.34

Vulnerability Summary: LimeSurvey is a widely used open-source online survey system. In version 5.6.34, an input validation vulnerability has been identified, allowing attackers to exploit a vulnerability in surveys containing "file upload" options. This can lead to a denial of service by...

7.3AI score
Exploits0
Huntr
Huntr
added 2023/08/19 11:30 a.m.19 views

DOM XSS in https://demo.librenms.org/eventlog

Description I noticed, your website is very secure. But you overlooked a flaw XSS Detail: 1 .Login with demo account. 2 .Go to the link: https://demo.librenms.org/eventlog and click Filter 3 .Use burp suite to block proxy and inject payload in eventtype: test%22-alertdocument.cookie// 4 .Check,...

4.9CVSS6.7AI score0.00565EPSS
Exploits1
Huntr
Huntr
added 2023/08/18 3:58 p.m.19 views

DOM XSS in https://demo.librenms.org/outages

Description I noticed, your website is very secure. But you overlooked a flaw XSS Detail: 1 .Login with demo account. 2 .Go to the link: https://demo.librenms.org/outages and click Filter 3 .Use burp suite to block proxy and inject payload: "alertdocument.cookie 4 .Check, detect xss Proof of...

4.9CVSS6.7AI score0.00589EPSS
Exploits1
Huntr
Huntr
added 2023/08/16 9:41 a.m.19 views

Insufficient access control in the export functionality for the 'Groups' module exposing user password hashes

Description The web application incorrectly returns sensitive data to authenticated lower privileged users when making requests to export data from the 'Groups' module. This includes information such as the user's email address, password hash and whether two-factor authentication is configured...

4CVSS6.7AI score0.00562EPSS
Exploits1
Huntr
Huntr
added 2023/08/01 5:2 a.m.19 views

Pre-Auth SQLi leading to RCE in Social Media Skeleton v1.0

Summary A SQL Injection vulnerability exists in Social Media Skeleton v1.0 via the username and password parameters in admin/login.php. Not to be confused with login.php, which properly escapes special characters. Issue Description SQL injection SQLi is a code injection technique used to attack...

8.2AI score
Exploits0References5
Huntr
Huntr
added 2023/07/07 8:30 a.m.19 views

Stored Xss in Question field due to lack of sanitization in Link.php

Description Stored XSS Cross-Site Scripting is a type of web application vulnerability that allows an attacker to inject malicious scripts into a website or web application. Unlike reflected XSS, where the malicious script is embedded in a URL and executed immediately, stored XSS involves the...

4.9CVSS5.6AI score0.00426EPSS
Exploits0References1
Huntr
Huntr
added 2023/06/10 5:5 p.m.19 views

Stored XSS via Default session expiration time

Description The Default session expiration time feature when submitted HTML/JS tags executes the code in the login page. Proof of Concept Login to Teampass and go to Settings = Options. http://127.0.0.1/index.php?page=options In theDefault session expiration time input field insert an XSS payload...

4.9CVSS6.4AI score0.00526EPSS
Exploits1References1
Huntr
Huntr
added 2023/05/07 5:31 a.m.19 views

Stored XSS in module name "Search Documents"

Description The search documents function was infected with xss because the title payload was not filtered resulting in xss when searching to /de. Proof of Concept 1.Go to edit page title /de 2.Enter this xss code 3.Go to "Search Documents" and type in "77" search box to find /de -- xss will be...

4.9CVSS6.9AI score0.00493EPSS
Exploits1
Huntr
Huntr
added 2023/05/04 10:32 a.m.19 views

Stored xss in module FAQ News

Description When admins create a FAQ News they can pass xss to the "text of the record" section Proof of Concept 1.Login to admin account 2.In the CONTENT section, click on FAQ News 3.Add any type of source code and notice select Faq status as published 4.Turn on intercept with burp and click sav...

5.8CVSS7.1AI score0.00521EPSS
Exploits0References1
Huntr
Huntr
added 2023/04/27 10:35 a.m.19 views

XSS in choose time value Classes Data Objects

Description XSS in choose time value Classes Data Object Proof of Concept Login in URL : https://demo.pimcore.fun/admin Go to Settings- Data Objects - Classes - News NE - Dates & Images in tab Dates & Images , inject payload to value time at Specific Settings // PoC payload : " video PoC:...

4.9CVSS6.9AI score0.00503EPSS
Exploits1
Huntr
Huntr
added 2023/04/25 9:59 p.m.19 views

File Upload Path Validation Error

Description An administrator user can use the easyUpload function to create files in any path of the system where the application has write permissions. This vulnerability arises because the application is using user input to build the file path and does not properly validate this input. Proof of...

5.8CVSS7.1AI score0.29134EPSS
Exploits1
Huntr
Huntr
added 2023/04/23 10:21 p.m.19 views

Stored XSS on items in Folder

Description first create two user accounts and grant them permission to access a same folder. In one of the accounts, generate a new item within the folder. Paste the payload XSS into this field, then save the item. Once saved, click on the item to activate an XSS alert. To confirm the success of...

4.9CVSS6.2AI score0.00612EPSS
Exploits1
Huntr
Huntr
added 2023/04/18 8:29 a.m.19 views

(Almost) Arbitary File Read on Development Server

Description I previously disclosed an arbitrary file read due to Vite misconfiguration. This is a similar vulnerability with less impact. Proof of Concept Start any nuxt app in dev. Browse to: + http://localhost:3000/\nuxtvitenode\/module/C:/Windows/System32/calc.exe +...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/04/15 2:1 p.m.19 views

ReDoS vulnerability in `strip` function

Description The reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. Proof of Concept import as emoji from "https://deno.land/x/[email protected]/mod.ts"; const input = '\x00' + '\t'.repeat154773 + '\t\x00'; const start = performance.now;...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2023/04/05 10:55 a.m.19 views

Attached files under salaries module can be harvested by unauthenticated users

Description File attachment under salaries module can be downloaded and viewed by anyone without authentication by just knowing the full path /assets/FileUploads/2022/staff2/ and the predictable filename contains date YYYY-MM-DD and a random 6 digit number which can be easily enumerated by...

5CVSS6.4AI score0.00613EPSS
Exploits0
Huntr
Huntr
added 2023/04/05 8:7 a.m.19 views

Browser back attack vulnerability

Description rosariosis has a vulnerability that allows user to return to a page containing personally identifiable information PII and sensitive information even after logging out of the application by using the browser's back button. This issue poses a significant risk to the confidentiality of...

4CVSS6.1AI score0.00538EPSS
Exploits0
Huntr
Huntr
added 2023/04/03 12:35 p.m.19 views

Users who joined later can see the data of deleted users

Proof of Concept 1 admin create a user, named as user1 2 user1 login and create Inlong Group 3 admin delete user1 4 admin create aonther user, whose name is also user1 5 user1 login and can see the Inlong Group created by old user1...

4CVSS6.9AI score0.0111EPSS
Exploits0
Huntr
Huntr
added 2023/03/22 9:21 p.m.19 views

Embeding untrusted input inside CSV files leads to Formula Injection/CSV Injection

Description The pimcore application is vulnerable to Formula Injection/CSV Injection via the Firstname, Lastname, Street, Zip & City input fields. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via a crafted excel file. Proof of Concepta 1.Go to...

4.4CVSS7.6AI score0.01679EPSS
Exploits4References2
Huntr
Huntr
added 2023/03/08 4:55 p.m.19 views

XSS in Schedule tab of Documents

Description pimcore is vulnerable to XSS at Time field in Schedule tab of Document. Payload " Proof of Concept 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In Documents, go to home - click on Schedule icon to go to this tab. 3.In the Schedule tab, input the payload " into the Time field a...

4.3CVSS5.1AI score0.00402EPSS
Exploits1
Huntr
Huntr
added 2023/03/01 12:5 a.m.19 views

Access Control Vulnerability in Admin Address Book

Description An Access Control Vulnerability allows a low level user in the web application to view and edit information for all other users in the Admin Address Book. Proof of Concept Step 1. Login to the openemr web application as a low level user Ex: Receptionist in openemr demo \ Step 2. Trave...

5.5CVSS6.6AI score0.00447EPSS
Exploits1
Huntr
Huntr
added 2023/02/22 6:51 a.m.19 views

Stored XSS in Customer Support

Description Attacker can send xss payload in Customer Support Proof of Concept Request Payload: POST /xhr/?module=customer-support&page=addCaseReply HTTP/1.1 Host: demo.bumsys.org Cookie: 80e72166c3164cd4e1f55b5348364ee4f8bc0d12=655mqrm2v9uhktlqpke0h026d4; eid=1; currencySymbol=%E0%A7%B3;...

4.9CVSS5.8AI score0.00479EPSS
Exploits1
Total number of security vulnerabilities4072