Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/09/19 7:26 p.m.20 views

Inefficient Regular Expression Complexity in nltk/nltk

✍️ Description The nltk package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide as an input to the readcomparisonblock function in the file "nltk/corpus/reader/comparativesents.py" may cause an application to consume an excessive amount of CPU. Belo...

5CVSS0.7AI score0.01649EPSS
Exploits1
Huntr
Huntr
added 2021/08/24 9:25 p.m.20 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

✍️ Description csrf bug to create a group chatlist 🕵️‍♂️ Proof of Concept There is no csrf token checking during creating a group-chatlist.\ Bellow request is vulnerable to csrf attack document.getElementById"myForm".submit 💥 Impact csrf bug to create a group chatlist...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/08/10 8:32 a.m.20 views

Server-Side Request Forgery (SSRF) in erudika/scoold

✍️ Description Affected URL is vulnerable to Server-Side Request Forgery SSRF. An attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. 🕵️‍♂️ Proof of Concept @GetMapping"", "/id/" public String get@PathVariablerequired = false...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/08/05 12:55 p.m.20 views

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Attacker able to change any task state from changes/tickets/problems with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/08/02 5:13 p.m.20 views

in star7th/showdoc

✍️ Description The referenced code contains a hard-coded salt that is used for all passwords, ideally - a unique salt should be generated for each password and then would be stored alongside it as oppose to the constant one that is used for all passwords in the showdoc repository. 🕵️‍♂️ Proof of...

4CVSS0.2AI score0.0046EPSS
Exploits1
Huntr
Huntr
added 2021/08/02 4:58 p.m.20 views

in star7th/showdoc

✍️ Description The referenced code block computes a MD5 hash based on a string "rgrsfsrfsrf", the current time, and a random number. The string used is static and does not appear to change, therefore I'm not sure why it is there in the first place as it does not provide any additional security...

4.3CVSS0.6AI score0.01064EPSS
Exploits0
Huntr
Huntr
added 2021/07/31 9:51 p.m.20 views

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to delete any Personal Data if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that Personal data with idrecord value equal to 2 have been deleted. // PoC.html history.pushState'', '', '/'...

2.9AI score
Exploits0
Huntr
Huntr
added 2021/07/31 2:5 p.m.20 views

in amirsanni/mini-inventory-and-sales-management-system

💥 BUG unprivileged user can update stoke 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ 2. Now goto user-B account and here user-B cant see any item.\ Now user-B execute...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/07/05 8:9 a.m.20 views

Server-Side Request Forgery (SSRF) in chatwoot/chatwoot

✍️ Description SSRF via SVG file upload 🕵️‍♂️ Proof of Concept create a new inbox, change its avatar to an SVG file with SSRF payload in it. and open the image in a new tab. 💥 Impact Host redirect...

1.1AI score0.00367EPSS
Exploits0
Huntr
Huntr
added 2021/06/11 5:29 p.m.20 views

in hascheksolutions/opentrashmail

✍️ Description Hi, there is a local file inclusion vulnerability in opentrashmail. In https://github.com/HaschekSolutions/opentrashmail/blob/master/web/api.phpL23 : php ?php define'DS', DIRECTORYSEPARATOR; define'ROOT', dirnameFILE; // $action = strtolower$REQUEST'a'; $email =...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/05/25 10:34 p.m.20 views

in thisistherk/fast_obj

✍️ Description Whilst experimenting with the test code built from commit d97389 with Clang 11 +UBSan on Ubuntu 20.04.2 LTS, we discovered an OBJ file which produces a signed integer overflow and a pointer overflow followed by a SIGSEGV 🕵️‍♂️ Proof of Concept echo...

2.8AI score
Exploits0
Huntr
Huntr
added 2021/05/13 2:22 a.m.20 views

Heap-based Buffer Overflow in strukturag/libde265

✍️ Description heap-buffer-overflow of decctx.cc in function readspsNAL 🕵️‍♂️ Proof of Concept Verification steps: 1.Get the source code of Bento4 2.Compile the Bento4 bash $ ./autogen.sh $ export CFLAGS="-g -lpthread -fsanitize=address" $ export CXXFLAGS="-g -lpthread -fsanitize=address" $...

7.5CVSS2.5AI score0.0202EPSS
Exploits1References1
Huntr
Huntr
added 2021/05/03 3:53 a.m.20 views

OS Command Injection in sztheory/exifcleaner

✍️ Description Command Injection using XSS via EXIF Data. The application displays the image metadata in HTML format without removing malicious tags, therefore an XSS attack can be performed. bash exiftool -Comment='OverJT' MYIMAGE.png Being an application made in electron, it allows to easily...

1.1AI score0.0434EPSS
Exploits1References2
Huntr
Huntr
added 2021/02/14 12:0 a.m.20 views

Prototype Pollution in trenskow/keyd

Description keyd is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Sensitive Information Disclosure/Denial of ServiceDoS/Remote Code Execution. Proof of...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/02/13 12:0 a.m.20 views

Prototype Pollution in elcharitas/js-dot

Description Prototype Pollution in js-dot Proof of Concept 1. Create the following PoC file: // poc.js var jsDot = require"js-dot" var obj = console.log"Before : " + .polluted; jsDot.setobj,"proto.polluted","Yes! Its Polluted"; console.log"After : " + .polluted; 2. Execute the following commands ...

2.1AI score
Exploits0
Huntr
Huntr
added 2020/11/24 12:0 a.m.20 views

Business Logic Errors in braitsch/node-login

Description node-login is a template for quickly building login systems on top of Node.js & MongoDB. The business logic which updates account details fails to verify if the provied email is associated with another account. Proof of Concept 1. Navigate to /signup and Create two accounts with data...

1.5AI score
Exploits0
Huntr
Huntr
added 2020/11/19 12:0 a.m.20 views

Code Injection in jadonk/bonescript

Overview BoneScript is a node.js library for physical computing on embedded Linux, starting with support for BeagleBone. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in the setDate function. Proof of...

1.9AI score
Exploits0
Huntr
Huntr
added 2020/07/28 12:0 a.m.20 views

Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr

Overview dolibarr is a modern and easy to use web software to manage your business. This package is vulnerable to Cross-site Scripting XSS. The module renders user-uploaded html files in the browser when the attachment parameter is removed from the direct download URL...

3.5CVSS2.4AI score0.00928EPSS
Exploits1References2
Huntr
Huntr
added 2020/06/24 12:0 a.m.20 views

Denial of Service in nescalante/urlregex

Overview urlregex No-dependency URL validation for Node and the browser. This package is vulnerable to Regular Expression Denial of Service ReDoS. An attacker providing a long string in String.test can cause a Denial of Service attack. PoC node const urlRegex = require"urlregex"; const isValid =...

2.1AI score
Exploits0References1
Huntr
Huntr
added 2020/05/23 12:0 a.m.20 views

Code Injection in domharrington/node-gitlog

Description The gitlogplus module is vulnerable against an arbitrary command injection issue which is made possible since some user-inputs are executed inside a command which doesn't have validations of any kind. POC 1. Create the following PoC file: js // poc.js var git = require'gitlogplus';...

1.9AI score
Exploits0
Huntr
Huntr
added 2020/05/02 12:0 a.m.20 views

Code Injection in easy-team/node-tool-utils

Description The node-tool-utils module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js const tool = require'node-tool-utils'; tool.checkPortUsed"test; touc...

2.5AI score
Exploits0
Huntr
Huntr
added 2020/04/19 12:0 a.m.20 views

Code Injection in rapidfacture/pdf-toolz

Description The pdf-toolz module is vulnerable against arbitrary command injection due to the fact some inputs given by the user are unsafely processed and executed. POC 1. Create the following PoC file: js // poc.js var pdf = require'pdf-toolz/PDF2Image'; pdf.pdfToImage"a", "test; touch HACKED; ...

2AI score
Exploits0
Huntr
Huntr
added 2026/01/28 12:48 p.m.19 views

Infinite Loop Denial of Service via Circular Dependencies in Functional Model Deserialization

Description A vulnerability in keras.src.models.functional.functionalfromconfig allows a Denial of Service DoS attack via an infinite loop. When reconstructing a Functional model from a configuration e.g., via keras.models.loadmodel, the deserialization logic fails to detect or break out of...

5.8AI score
Exploits0
Huntr
Huntr
added 2023/10/15 12:9 p.m.19 views

leaked all users names from a user without known permissions

Description - From any user account without authority go to /admin/users page to view employee information but can leak all employee names that exist on the platform. - The vulnerabilities occurred in the 3 features : delete, set active state, assign role in page /admin/users and...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/10/13 6:44 a.m.19 views

stack-buffer-overflow in gf_text_get_utf8_line

Description stack-buffer-overflow in gftextgetutf8line at filters/loadtext.c:381. Version git log commit 7edc40feef23efd8c9948292d269eae76fa475af HEAD - master, origin/master, origin/HEAD Author: jeanlf Date: Thu Oct 12 16:58:53 2023 +0200 ./bin/gcc/MP4Box -version MP4Box - GPAC version...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/10/10 7:49 p.m.19 views

privilege escalation bug to edit survey

BUG ======== normal user can edit any survey AFFTED VERSION ============ 6.2.10 SUMMRUY ========== normal user has view permiision in survey . But still that user can edit the survey by adding that survey to his own group . STEP TO REPRODUCE ================= 1. There is already a superadminuser-...

7.1AI score
Exploits0
Huntr
Huntr
added 2023/10/09 6:37 p.m.19 views

post body leaked to third party site when 303 redirect happen

BUG ======= post body leaked to third party site when 303 redirect happen SUMMURY ============ as per specification provided https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections during redirection of 303 POST request, body should be lost and request method should be GET .\ \ check the...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/10/09 5:53 a.m.19 views

Cross-Site Request Forgery (CSRF) in

Description CSRF led to change permissions of participant in Edit Assignment sessions. Proof of Concept Payload: https://drive.google.com/file/d/1dHY9CS6R4mKM4F0im5n1aUxFamMEjbAa/view?usp=sharing Video PoC: https://drive.google.com/file/d/1AdDFE-qOF-EvVEJzzXKguMfr6ZkXXEx/view?usp=drivelink...

7.2AI score0.00255EPSS
Exploits1
Huntr
Huntr
added 2023/09/30 3:18 p.m.19 views

CSRF on marking an admin task as complete

Description A data altering method is done through a get request in AdminTaskToggleDoneView, making it vulnerable to csrf attack. In django, get request is considered as a safe method and is not protected against csrf. Proof of Concept python class AdminTaskToggleDoneViewLoginRequiredMixin,...

4.3CVSS6.9AI score0.00238EPSS
Exploits1References1
Huntr
Huntr
added 2023/09/28 6:51 p.m.19 views

CSRF Edit Locale files

Description CSRF edit Locale files Proof of Concept 1 .Attack sends fake requests to users history.pushState'', '', '/'; document.forms0.submit; 2 .User click, edited unwanted Locale files Payload Poc https://drive.google.com/file/d/1wpgmDoK0fGsiPSKfThVoEWq50pj7sBz5/view?usp=sharing Video Poc...

7.1AI score0.00216EPSS
Exploits1
Huntr
Huntr
added 2023/09/14 11:39 a.m.19 views

Stored XSS at LOGO+USER menu

Description Please enter a description of the vulnerability. Proof of Concept login with admin account visit https://demo.instantcms.io/admin/widgets?templatename=modern&scrollto=row-14 navigate to logo+user menu tab insert payload 1" onmouseover = "alert'hackedbytisha' at Parent row Tag CSS clas...

6.5AI score
Exploits0References1
Huntr
Huntr
added 2023/09/13 9:58 p.m.19 views

Improper input validation leads to arbitrary file deletion

Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...

6.8AI score0.0073EPSS
Exploits1
Huntr
Huntr
added 2023/09/11 9:50 a.m.19 views

Stored xss using journal-name in journal-tab

BUG ======== Stored xss using journal-name in journal-tab ACCOUNT ========== 1. user-A -- superadmin -- Victim -- Firefox browser Normal mode\ 2. user-B -- journal manager -- Attacker -- Firefox browser Container-1\ STEP TO RERPODUCE ====================== 1. From user-A account create a journal...

7.5AI score0.00449EPSS
Exploits1
Huntr
Huntr
added 2023/09/07 12:33 p.m.19 views

Reflected Cross-Site Scripting (XSS) vulnerability in the dynamic 404 page

Description When running a Cecil site by cecil serve without a 404.html, Reflected Cross-Site Scripting XSS is possible via the URI path. Proof of Concept Run the following commands: mkdir cecil-404-xss-poc cd cecil-404-xss-poc curl -L https://cecil.app/cecil.phar -o cecil chmod +x cecil ./cecil...

5.8CVSS5.9AI score0.00446EPSS
Exploits1
Huntr
Huntr
added 2023/08/25 5:5 p.m.19 views

Unverified password change : old password can be used as new password

Description Pimcore Platform v 11.0.7 is not enforcing strict password policy which allow attacker to set old password as new password Proof of Concept 1- go to https://demo.pimcore.com/admin/login 2- login with demo user credentials Username: superuser Password: enterprisedemo 3- Now login and...

7.3AI score0.00553EPSS
Exploits1
Huntr
Huntr
added 2023/08/24 11:27 p.m.19 views

Theft of Arbitrary Files due to lack of intent validation and insecure usage of provider paths in TTFViewerActivity.kt

Description Through the use of Oversecured, leading vulnerability scanner for Android and iOS applications, we were able to detect an Theft of Arbitrary Files vulnerability within TTFViewerActivity.kt. Check full issue definition in the image below: Root Cause Analysis The TTFViewerActivity faile...

5CVSS6.7AI score0.00356EPSS
Exploits0References1
Huntr
Huntr
added 2023/08/24 8:31 a.m.19 views

Input Validation Vulnerability Leading to Denial of Service in LimeSurvey v5.6.34

Vulnerability Summary: LimeSurvey is a widely used open-source online survey system. In version 5.6.34, an input validation vulnerability has been identified, allowing attackers to exploit a vulnerability in surveys containing "file upload" options. This can lead to a denial of service by...

7.3AI score
Exploits0
Huntr
Huntr
added 2023/08/19 11:30 a.m.19 views

DOM XSS in https://demo.librenms.org/eventlog

Description I noticed, your website is very secure. But you overlooked a flaw XSS Detail: 1 .Login with demo account. 2 .Go to the link: https://demo.librenms.org/eventlog and click Filter 3 .Use burp suite to block proxy and inject payload in eventtype: test%22-alertdocument.cookie// 4 .Check,...

4.9CVSS6.7AI score0.00565EPSS
Exploits1
Huntr
Huntr
added 2023/08/18 3:58 p.m.19 views

DOM XSS in https://demo.librenms.org/outages

Description I noticed, your website is very secure. But you overlooked a flaw XSS Detail: 1 .Login with demo account. 2 .Go to the link: https://demo.librenms.org/outages and click Filter 3 .Use burp suite to block proxy and inject payload: "alertdocument.cookie 4 .Check, detect xss Proof of...

4.9CVSS6.7AI score0.00589EPSS
Exploits1
Huntr
Huntr
added 2023/08/16 9:41 a.m.19 views

Insufficient access control in the export functionality for the 'Groups' module exposing user password hashes

Description The web application incorrectly returns sensitive data to authenticated lower privileged users when making requests to export data from the 'Groups' module. This includes information such as the user's email address, password hash and whether two-factor authentication is configured...

4CVSS6.7AI score0.00562EPSS
Exploits1
Huntr
Huntr
added 2023/07/07 8:30 a.m.19 views

Stored Xss in Question field due to lack of sanitization in Link.php

Description Stored XSS Cross-Site Scripting is a type of web application vulnerability that allows an attacker to inject malicious scripts into a website or web application. Unlike reflected XSS, where the malicious script is embedded in a URL and executed immediately, stored XSS involves the...

4.9CVSS5.6AI score0.00426EPSS
Exploits0References1
Huntr
Huntr
added 2023/06/10 5:5 p.m.19 views

Stored XSS via Default session expiration time

Description The Default session expiration time feature when submitted HTML/JS tags executes the code in the login page. Proof of Concept Login to Teampass and go to Settings = Options. http://127.0.0.1/index.php?page=options In theDefault session expiration time input field insert an XSS payload...

4.9CVSS6.4AI score0.00625EPSS
Exploits1References1
Huntr
Huntr
added 2023/05/07 5:31 a.m.19 views

Stored XSS in module name "Search Documents"

Description The search documents function was infected with xss because the title payload was not filtered resulting in xss when searching to /de. Proof of Concept 1.Go to edit page title /de 2.Enter this xss code 3.Go to "Search Documents" and type in "77" search box to find /de -- xss will be...

4.9CVSS6.9AI score0.00493EPSS
Exploits1
Huntr
Huntr
added 2023/05/04 10:32 a.m.19 views

Stored xss in module FAQ News

Description When admins create a FAQ News they can pass xss to the "text of the record" section Proof of Concept 1.Login to admin account 2.In the CONTENT section, click on FAQ News 3.Add any type of source code and notice select Faq status as published 4.Turn on intercept with burp and click sav...

5.8CVSS7.1AI score0.00521EPSS
Exploits0References1
Huntr
Huntr
added 2023/04/27 10:35 a.m.19 views

XSS in choose time value Classes Data Objects

Description XSS in choose time value Classes Data Object Proof of Concept Login in URL : https://demo.pimcore.fun/admin Go to Settings- Data Objects - Classes - News NE - Dates & Images in tab Dates & Images , inject payload to value time at Specific Settings // PoC payload : " video PoC:...

4.9CVSS6.9AI score0.00503EPSS
Exploits1
Huntr
Huntr
added 2023/04/23 10:21 p.m.19 views

Stored XSS on items in Folder

Description first create two user accounts and grant them permission to access a same folder. In one of the accounts, generate a new item within the folder. Paste the payload XSS into this field, then save the item. Once saved, click on the item to activate an XSS alert. To confirm the success of...

4.9CVSS6.2AI score0.00612EPSS
Exploits1
Huntr
Huntr
added 2023/04/20 8:2 a.m.19 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description There is a taint path can store payload into the database. visit http://127.0.0.1/corebos-master/index.php?action=PickList&module=PickList and click Add Item, the Add new entries here: can be tainted. Although there has a front limitation, but we can bypass it by modifying the request...

4.9CVSS7AI score0.00517EPSS
Exploits1
Huntr
Huntr
added 2023/04/18 8:29 a.m.19 views

(Almost) Arbitary File Read on Development Server

Description I previously disclosed an arbitrary file read due to Vite misconfiguration. This is a similar vulnerability with less impact. Proof of Concept Start any nuxt app in dev. Browse to: + http://localhost:3000/\nuxtvitenode\/module/C:/Windows/System32/calc.exe +...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/04/15 2:1 p.m.19 views

ReDoS vulnerability in `strip` function

Description The reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. Proof of Concept import as emoji from "https://deno.land/x/[email protected]/mod.ts"; const input = '\x00' + '\t'.repeat154773 + '\t\x00'; const start = performance.now;...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2023/04/05 10:55 a.m.19 views

Attached files under salaries module can be harvested by unauthenticated users

Description File attachment under salaries module can be downloaded and viewed by anyone without authentication by just knowing the full path /assets/FileUploads/2022/staff2/ and the predictable filename contains date YYYY-MM-DD and a random 6 digit number which can be easily enumerated by...

5CVSS6.4AI score0.00613EPSS
Exploits0
Total number of security vulnerabilities4072