Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/10/26 2:30 p.m.19 views

Stored Cross Site Scripting (Network Maps Editor functionality)

Description Hello Team, Hope you are doing well. I have found a stored cross-site scripting vulnerability in the network maps edit functionality. What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry...

5.2AI score
Exploits0
Huntr
Huntr
added 2022/09/29 7:32 p.m.19 views

No limit in length of "Fullname" parameter results in DOS attack /memory corruption

Proof of Concept 1Go to https://rdiffweb-dev.ikus-soft.com/prefs/general endpoint . 2You will see a field called "Fullname" 3Here you will see that there is no limit for the "Fullname" parameter that allows a user to to set a very long string as long as 1 million characters . 4This may possibly...

5CVSS1.9AI score0.00971EPSS
Exploits1
Huntr
Huntr
added 2022/09/16 2:49 p.m.19 views

CSRF leads to disabling notifications in users profile

Description Periodic updates of repositories were sent as notifications to the user's email and here GET request sent to the server for modifying repository notifications settings is accepted by the server, which can lead to disabling notifications through a CSRF attack. Proof of Concept Replace...

4.3CVSS0.9AI score0.00316EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/15 11:27 p.m.19 views

Full Account Takeover via Improper Authorization

Description Immich does not check for admin privileges when setting account passwords. This allows any user to set the password for any account, thus allowing privilege escalation by admin account takeover. Proof of Concept Steps to reproduce: 1. Login to a non admin account 2. Obtain all user...

1.9AI score
Exploits0References1
Huntr
Huntr
added 2022/09/06 10:8 p.m.19 views

Password Reset Poisoning

Description Humhub uses the HTTP Host-Header in a password reset request to generate the password reset link that is sent to the user in an email without any filters or checks. This allows an attacker to craft a password reset request using a manipulated host header, resulting in reset-token...

7AI score
Exploits0References1
Huntr
Huntr
added 2022/08/29 4:39 a.m.19 views

BufferOverflow

Description Buffer Overflow is most commonly found in languages ​​such as C and C ++, where there is the need for prior definition of the memory size of the buffer to be used. The program calls a gets function, which does not checks against overflowing the size assigned to buffer. As a result, it...

1.8AI score
Exploits0References2
Huntr
Huntr
added 2022/08/21 3:29 p.m.19 views

Clickjacking Leads To User Deletion

Hello team, on notrinoserp there is no clickjacking protection implemented x-frame-options, so an attacker can perform clickjacking attack, and in this case im able to delete user account via this vulnerability from the admin account, here is the POC: Exploit Script: iframe position:relative;...

4.3CVSS1.8AI score0.00615EPSS
Exploits1
Huntr
Huntr
added 2022/08/15 8:9 p.m.19 views

Unrestricted File Upload Allowed due to Flawed Move File Functionality

Description Hello Team, Hope you are doing good. Due to misconfiguration in move file functionality an attacker could easily change the file extension of the uploaded malicious file disguised as .gcode file. Steps: 1 . Upload a .gcode file & intercept the request as shown in the screenshots. 2...

4.9CVSS0.2AI score0.00545EPSS
Exploits1
Huntr
Huntr
added 2022/08/06 6:45 a.m.19 views

Account Takeover [namelessmc.com]

Description: 1. Hello team, while i was testing on https://namelessmc.com/login/ i noticed that there is no ratelimit protection on POST login form, so an attacker can takeover the account by brute forcing the password field Steps to reproduce: 1. 1- go to https://namelessmc.com/login/ 2. 2- Ente...

5CVSS7.8AI score0.01118EPSS
Exploits1
Huntr
Huntr
added 2022/07/30 8:8 a.m.19 views

Segmentation Fault in SFS_Expression

It can cause Denial-of-service attack. Version root@ubuntu:/gpac/.git cat refs/heads/master 0102c5d4db7fdbf08b5b591b2a6264de33867a07 system stack size default root@ubuntu:/gpac/bin/gcc ulimit -s 8192 POC Download POC Execute root@ubuntu:/gpac/bin/gcc ./MP4Box -info -disox -dump-chap-ogg -dump-cov...

1.9CVSS2.5AI score0.00628EPSS
Exploits1
Huntr
Huntr
added 2022/07/27 8:56 a.m.19 views

Cross-site scripting - Stored via upload ".xml" file

Description In file upload function, the server allow upload .xml file with contain some javascript code lead to XSS. Proof of Concept REQUEST POST /?PageTitre/ajaxupload&qqfile=index.xml HTTP/1.1 Host: localhost:8081 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:104.0 Gecko/20100101...

7.3AI score
Exploits0References1
Huntr
Huntr
added 2022/07/12 7:56 a.m.19 views

Email enumeration via Resend link page

Description Through the Resend link page, an attacker can know that if an email exists or not; just by observing the notification in the response page. So, once the attacker knows that an email exists, he can launch a brute force attack against it. If an email exists: There is no notification and...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/07/11 3:51 a.m.19 views

Weak policy at Change password function

Description BookWyrm uses weak password policy when allows user to change password with just 1 character through the change password function. Steps to reproduce 1.Login then go to the Change password page https://book.dansmonorage.blue/preferences/password 2.Enter a character for example: 1 in t...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/07/09 3:40 p.m.19 views

Stored XSS in

Description Hello, I have found that an XSS payload has been executed in the name of note field, and I wanted to make a report about it, just please note that in the Occurrences I left it empty because I don't know anything about it, and please see the video attached in POC to know more about it...

3.5CVSS4.6AI score0.00427EPSS
Exploits1
Huntr
Huntr
added 2022/07/07 5:34 p.m.19 views

Application allows large characters to insert in the input field "Add new table" on the create field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in

Proof of Concept Go to http://localhost:8080/dashboard//projects Select any created project and go to the project section. Click on the "ADD/IMPORT" section and click on "add new table" Create Fill the "table name" field with huge characters, more than 1 lakh Copy the below payload and put it in...

4.3CVSS6.8AI score0.04498EPSS
Exploits1References1
Huntr
Huntr
added 2022/06/29 6:46 a.m.19 views

Heap-based Buffer Overflow in function utfc_ptr2len

Description Heap-based Buffer Overflow in function utfcptr2len at mbyte.c:2113 vim version git log commit 75417d960bd17a5b701cfb625b8864dacaf0cc39 HEAD - master, tag: v9.0.0001, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochbor3s.dat -c :qa!...

6.8CVSS7.8AI score0.01363EPSS
Exploits1
Huntr
Huntr
added 2022/06/28 8:20 p.m.19 views

Global overflow in pppdump leads to RCE

Global overflow vulnerability in pppdump A global overflow vulnerability is present in the pppdump utility of the ppp repo which may lead to code execution. Specifically when the -p flag is given for enabling the pppmodeon the pppdump command, a malicious crafted pppdump file can trigger a global...

1AI score
Exploits0
Huntr
Huntr
added 2022/06/26 8:58 a.m.19 views

CSRF attack while uploading files on [/plupload] via GET request

Description The application is applying a technique to protect itself from CSRF attacks by sending the CSRF token on the cookies and checking the value on the backend and also check the referer header, the CSRF token is deleted from the cookies if the request comes from another origin and just...

Exploits0
Huntr
Huntr
added 2022/06/14 10:29 a.m.19 views

Forward credential header to attacker host

Description Some Admins set the "Authorization" header with the help of a reverse proxy to restrict initial access to the Drawio application server. In this kind of setup, the "Authorization" header should always be sent to the reverse proxy, and the reverse proxy will forward it to Drawio But Th...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/06/13 1:58 a.m.19 views

Weak policy at Change password function

Description We can register an normal account with = 8 characters password. But we ccan change password with just 1 character when we use change password function Proof of Concept https://drive.google.com/file/d/1D-IDqrMiaBGLnZaZY9L3u-S4u-MoGxPc/view?usp=sharing...

5CVSS1.3AI score0.00994EPSS
Exploits1
Huntr
Huntr
added 2022/06/11 5:36 p.m.19 views

Stored Cross-Site Scripting

Description A stored cross-site scripting vulnerability exists within the Gallery View comments functionality. Replication Steps and PoC Preconditions PC1. A project exists. PC2. A table with a sheet containing data exists in the project. PC3. A gallery view exists. PC4. A user with the editor ro...

3.5CVSS1.2AI score0.00678EPSS
Exploits1References1
Huntr
Huntr
added 2022/06/09 9:38 a.m.19 views

Idor Lead to Archive Users

Description In this case a attacker can be able to archive any user of any targeted organization Proof of Concept 1. Attacker create new organization OrgA 2. Attacker add any user to his organization OrgA And archive the user 3. Capture this request in burp suite 4. victim is user of organization...

6.5CVSS1.5AI score0.0094EPSS
Exploits1
Huntr
Huntr
added 2022/05/22 8:23 p.m.19 views

Weak Password Policy

Description I would like to let you know about the password management issue. Proof of Concept 1- Go to your Profile or https://demo-publify.herokuapp.com 2- Give a password as simple as 12345678. You can see you will be password has been changed and there is no strong enforcement...

4CVSS6.4AI score0.007EPSS
Exploits0References1
Huntr
Huntr
added 2022/05/07 8:49 a.m.19 views

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File

Description Formula Injection/CSV Injection in "For what?" , "For whom?" & "How much?" due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept 1.Visit https://ihatemoney.org/ and start your demo application then click on add new bill at the top right. In the field of "wha...

7.4AI score0.0121EPSS
Exploits1References2
Huntr
Huntr
added 2022/05/03 3:14 p.m.19 views

A heap-buffer-overflow in mobi_decode_infl in index.c

Description A heap-buffer-overflow in mobidecodeinfl in index.c Env Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal mobitool build: May 3 2022 20:46:07 clang Ubuntu Clang 11.1.0 libmobi: 0.10 Build export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasa...

5.8CVSS5.6AI score0.00782EPSS
Exploits1
Huntr
Huntr
added 2022/04/29 7:38 a.m.19 views

Buffer Over-read

Description Buffer Over-read in hpjansson/chafa at xwd-loader.c:185 Build export CFLAGS="-g -O0 -lpthread -fsanitize=address" export CXXFLAGS="-g -O0 -lpthread -fsanitize=address" export LDFLAGS="-fsanitize=address" ./autogen.sh ./configure --disable-shared make POC ./tools/chafa/chafa ./poc.png...

4.3CVSS5.3AI score0.00616EPSS
Exploits1
Huntr
Huntr
added 2022/03/19 12:17 p.m.19 views

ReDoS in is-it-check

✍️ Description It allows causing a denial of service when checking crafted invalid emails. 🕵️‍♂️ Proof of Concept // PoC.js var isItCheck = require"is-it-check" isItCheck.email'@A.'+ '0.0.'.repeat40+'A'...

2.8AI score
Exploits0
Huntr
Huntr
added 2022/03/19 5:43 a.m.19 views

The microweber application allows large characters to insert in the input field "Coupons" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Proof of Concept 1.Go to "Settings" click on "Coupons" and Add a new Coupons 2.Go to this drive link:- https://drive.google.com/file/d/1CcVCHWbvMk07IZ5v4dojrdJbC43ufhh/view?usp=sharing copy the payload and paste it on the "Code" input field 3.You will see the application accepts large characters...

3AI score0.04498EPSS
Exploits1References2
Huntr
Huntr
added 2022/03/18 10:55 a.m.19 views

stored xss in uploaded photo checkbox

Description xss code injection possible in endpoint "/api/savemedia " it accepts parameter "src" so if appended "%22onclick=%22alert'helo js executed';" and send request then xss alert will execute when clicking on checkbox of uploaded blank photo Proof of Concept 1. login as admin 2. open websit...

7.6AI score
Exploits0
Huntr
Huntr
added 2022/03/13 6:54 a.m.19 views

Stored XSS via file upload

Description Hello Team, \ This is a bypass to the report in https://huntr.dev/bounties/6127739d-f4f2-44cd-ae3d-e3ccb7f0d7b5/. \ The upload feature allows the files with the extension .xxhtml which leads to Stored XSS. Proof of Concept filename="poc.xxhtml" alert1 Steps to Reproduce 1.Login into...

3.5CVSS5.6AI score0.00631EPSS
Exploits1
Huntr
Huntr
added 2022/03/03 7:29 a.m.19 views

Use After Free in r_reg_get_name_idx

Description heap use after free in rreggetnameidx. ASAN report: ================================================================= ==1710816==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020001dff50 at pc 0x7fa7c085d87c bp 0x7ffc21731ac0 sp 0x7ffc21731ab0 READ of size 1 at...

4.3CVSS0.3AI score0.0065EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/02 8:56 p.m.19 views

Code Injection

Description The attacker can execute commands on the target OS running the operating system by setting the PLTRAINERGPUS when using the Trainer module. Proof of Concept bash $ pip3 install pytorch-lightning python import os from pytorchlightning import Trainer from...

10CVSS1AI score0.00965EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/25 5:2 a.m.19 views

Server-Side Request Forgery (SSRF)

Description The SSRF Protection is incomplete and can be bypassed via an HTTP redirect, the python-requests library will follow redirections by default can be disabled byallowredirects=False. An attacker can set up their HTTP server to respond with a 302 redirect to redirect the request to...

7.5CVSS0.4AI score0.00962EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/19 5:12 p.m.19 views

Cross-Site Request Forgery (CSRF) to User Privilege Escalation

Description Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation User operation resulting in elevation of privilege to Administrator group. Detail Version: Pandora FMS v7.0NG.759 - OUM 759 - MR 51 Affected components: Console Proof of Concept Affected Endpoint: POST...

6.8CVSS1.7AI score0.00245EPSS
Exploits0References1
Huntr
Huntr
added 2022/02/17 10:14 p.m.19 views

Heap-based Buffer Overflow

Description There is a heap corruption when r2 processes a crafted dyldcache file. Confirmed on the latest release 5.6.2 and the master branch. Proof of Concept bash printf "%s"...

6.8CVSS8AI score0.0116EPSS
Exploits1
Huntr
Huntr
added 2022/02/16 7:59 a.m.19 views

Open Redirect in archivy/archivy

Description The application doesn't check the target website before redirecting leads to Open Redirect vulnerability. Proof of Concept Install local service for testing - Step 1: Go to http://127.0.0.1:5000/login?next=%2F%2fevil.com - Step 2: Enter valid credential, you will be redirect to evil.c...

5.8CVSS0.8AI score0.00618EPSS
Exploits1
Huntr
Huntr
added 2022/02/11 11:41 p.m.19 views

Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it

Description An attacker can enumerate users through the response message in the password reset page. When you visit the password reset page, you will be provided with the option to enter your email address. Let's use two different emails, one will be a valid address, and another will be an invali...

4.3CVSS4.5AI score0.01041EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/22 9:17 a.m.19 views

Improper Authentication in liukuo362573/yishaadmin

Description Hi there yishaadmin maintainer, I would like to report an improper authentication vulnerability in yishaadmin source code. The link /admin/OrganizationManage/User/GetFormJson?id=user-id does not require any authentication and return sensitive user data for anyone like username, gender...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/01/21 4:4 p.m.19 views

in jsdecena/laracom

Description Hi there, I would like to report a vulnerability that allows a hacker to upload dangerous file type in jsdecena/laracom. Attacker must have an account with permission to Edit Product E.g. Clerk role. Then, he can upload malcious file with extensions such as html, svg,... which leads t...

3.5CVSS5.8AI score0.00792EPSS
Exploits1
Huntr
Huntr
added 2022/01/16 11:58 p.m.19 views

Cross-site Scripting (XSS) - Stored in crater-invoice/crater

Description There is a vulnerability in the upload avatar functionality of crater invoice which would allow an attacker to upload malicious .SVG files in order to execute Javascript. All that is required is that the victim browse to the link location of the .SVG file Proof of Concept xss.svg:...

3.5CVSS0.00613EPSS
Exploits1
Huntr
Huntr
added 2022/01/14 5:59 a.m.19 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description A CSRF issue is found in the SettingsLive help configurationFile Configuration. It was found that no CSRF token validation is getting done as no CSRF token is getting passed with the request. Proof of Concept Actual Request POST /siteadmin/file/configuration HTTP/1.1 Host:...

4.3CVSS5.8AI score0.00512EPSS
Exploits1
Huntr
Huntr
added 2022/01/12 6:58 a.m.19 views

Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore

Description The Stored XSS vulnerability occurs because the menu editing function can insert a JavaScript Scheme as the value of the menu's HREF. Proof of Concept txt 1. Go to Content - Menu - Edit 2. Enter javascript:alertdocument.domain as the URL value using the Add or Edit menu function. 3...

3.5CVSS0.3AI score0.00573EPSS
Exploits1
Huntr
Huntr
added 2022/01/12 6:30 a.m.19 views

Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite

Description Hi there, I would like to report another CSRF in phoronix Proof of Concept 1. Install a local instance of phoronix 2. Create a benchmark and note down benchmark id 3. Access the link /?benchmark//&repeat, /?benchmark//&disable and /?benchmark//&remove and see that the benchmark is...

4.3CVSS1.1AI score0.00783EPSS
Exploits1
Huntr
Huntr
added 2022/01/11 5:14 a.m.19 views

in stanfordnlp/corenlp

Description The TransformXML function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

5.8CVSS1AI score0.00739EPSS
Exploits1
Huntr
Huntr
added 2022/01/09 1:12 p.m.19 views

Cross-site Scripting (XSS) - DOM in mrdoob/three.js

Description DOM-based XSS is a vulnerability in which the attacker can inject arbitrary javascript code in any DOM sink that supports dynamic code execution. In our case, source is window.location.hash and sink is iframe.src Proof of Concept 1 Visit...

1AI score
Exploits0
Huntr
Huntr
added 2022/01/04 1:0 a.m.19 views

Cross-site Scripting (XSS) - Stored in phoronix-test-suite/phoronix-test-suite

Description Hi there phoronix test suite maintainer team. There is a stored XSS in phoronix-test-suite source code. This is in group name. Proof of Concept 1. Install a local instance of phoronix test suite 2. Create an account and log in, then create a group with name . Note that you cannot crea...

3.5CVSS6.5AI score0.01081EPSS
Exploits1
Huntr
Huntr
added 2022/01/02 8:29 p.m.19 views

Exposure of Sensitive Information to an Unauthorized Actor in microweber/microweber

Description Any unauthorized/unauthenticated actor can find the PII data of all the users registered in the application. PII - Personally Identifiable Information leaked by this application is first name, last name, email id, picture, username, isadmin status Proof of Concept 1 Visit...

5CVSS1.3AI score0.1201EPSS
Exploits1
Huntr
Huntr
added 2021/12/31 5:9 a.m.19 views

Exposure of Sensitive Information to an Unauthorized Actor in polonel/trudesk

Description When you delete a conversation, the server responds with sensitive data including user IDs and emails among other data. The endpoint that's contacted in order to delete a conversation is /api/v1/messages/conversation/. A user with low level privileges such as a customer account could...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/12/27 4:50 a.m.19 views

Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat

Description The application does not escape special characters, and the $msgPArent or $Result'additionalpostmessage' variables can lead to reflected XSS Proof of Concept https://demo.livehelperchat.com/chat/chatwidgetchat/444/123/theme/1/cstarted/123";;alert'xss';" Impact XSS can have huge...

4.3CVSS1.3AI score0.00785EPSS
Exploits1
Huntr
Huntr
added 2021/12/26 1:9 p.m.19 views

Data Source Name Injection

Description TiDB Importer uses Go MySQL Driver for connecting to MySQL servers. This driver utilizes Data Source Name DSN strings for describing database connections with the following format: username:password@protocoladdress/dbname?param=value The driver has a built-in protection against LOCAL...

7.5CVSS0.00562EPSS
Exploits0References1
Total number of security vulnerabilities4072