Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/09/15 5:31 p.m.18 views

STORED XSS in Journal-> Sections

Description Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XS...

5.8AI score0.00449EPSS
Exploits1References1
Huntr
Huntr
added 2023/09/13 9:58 p.m.18 views

Improper input validation leads to arbitrary file deletion

Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...

6.8AI score0.0073EPSS
Exploits1
Huntr
Huntr
added 2023/09/12 11:22 a.m.18 views

XSS Vulnerabilities in Search Functionality and Course Tags

Description 1. XSS via Image Error in Search Box: - This vulnerability allows an attacker to execute a Cross-Site Scripting XSS attack through the search functionality of the web application. When a user performs a search, the application attempts to display an image related to the search query...

5.8CVSS6.1AI score0.00442EPSS
Exploits1References1
Huntr
Huntr
added 2023/09/12 7:39 a.m.18 views

Store DOM XSS in FAQ

Description I noticed, your website is very secure. But you overlooked a flaw XSS Proof of Concept 1 .Login vs admin demo account and access admin page. 2 .Create a category, Question with payload: haidoalertdocument.domain 3 .Select FAQ status published and Sticky 4 .Back to the homepage, detect...

7AI score0.00532EPSS
Exploits1
Huntr
Huntr
added 2023/09/08 2:10 p.m.18 views

Cookie without Secure flag

Description Access and login to the website. Press F12 on your keyboard or right-click on the website to open dev-tool. At Application tab, choose Cookies and there are some sensitive cookies without Secure flag. Proof of Concept...

7.1AI score0.00287EPSS
Exploits1References1
Huntr
Huntr
added 2023/08/05 10:31 p.m.18 views

CSRF Logout

Description Bad actor can send to victims link ie. obfuscated with payload /signout and when victims will use it - can change the state of user logged in/logged out. Proof of Concept Payload: https://eu.aptabase.com/api/auth/signout Repro steps: As logged in user https://eu.aptabase.com/ open new...

6.8AI score
Exploits0References2
Huntr
Huntr
added 2023/08/03 11:21 a.m.18 views

Stored HTML injection

Description Stored HTML Injection: A Hidden Web Threat. Learn how attackers exploit input fields to inject malicious code into web applications, jeopardizing user data and site integrity. Discover crucial prevention measures to safeguard against this insidious vulnerability. Step to reproduce 1...

4.9CVSS7AI score0.00381EPSS
Exploits1
Huntr
Huntr
added 2023/08/02 5:8 p.m.18 views

Cross-site Scripting (Stored XSS)

Description For any role that has permission to execute function assets, i can add a new asset. Even though the site only allows uploading images and gifs, I can still upload an html file by modifying the magic number and that leads to XSS. Proof of Concept 1. Link PoC:...

4.9CVSS7.2AI score0.00402EPSS
Exploits1
Huntr
Huntr
added 2023/08/01 5:2 a.m.18 views

Pre-Auth SQLi leading to RCE in Social Media Skeleton v1.0

Summary A SQL Injection vulnerability exists in Social Media Skeleton v1.0 via the username and password parameters in admin/login.php. Not to be confused with login.php, which properly escapes special characters. Issue Description SQL injection SQLi is a code injection technique used to attack...

8.2AI score
Exploits0References5
Huntr
Huntr
added 2023/06/14 8:40 p.m.18 views

Session Fixation Vulnerability

Description The application does not generate a new PHPSESSID cookie after the user authenticates successfully. A malicious user is able to create a new session cookie value and injects it to a victim pre-authenticaiton. After the victim logs in, the injected cookie becomes valid, giving the...

5.8CVSS6.7AI score0.00506EPSS
Exploits1
Huntr
Huntr
added 2023/06/12 6:25 a.m.18 views

URL Restriction Bypass

Description In attempting to fix a previous issue, the PATTERNUSERINFO regular expression was changed. This change introduced another way to bypass the URL allowlist by introducing non-alphanumeric characters into the user information part of the URL. Proof of Concept Run PlantUML with...

6.4CVSS6.6AI score0.0087EPSS
Exploits1
Huntr
Huntr
added 2023/06/09 8:32 a.m.18 views

we still can order the product even it is disabled

Description I am writing to report a potential security vulnerability that was uncovered in your platform. Specifically, we discovered that your product purchase functionality can still be accessed via API even after the product has been disabled and is no longer available for sale. Proof of...

4CVSS6.8AI score0.00509EPSS
Exploits1
Huntr
Huntr
added 2023/06/04 1:20 p.m.18 views

Create multiple user with the same username (Race Condition)

Description Administrator users can create multiple users with the same username which breaks the logic of the web application. Proof of Concept Step 1: At AdministrationUser ManagementManager User Screen, click on "New Local User" button Step 2: Fill in all the required fields, notice that the...

1.7CVSS6.9AI score0.00475EPSS
Exploits1
Huntr
Huntr
added 2023/05/11 4:41 p.m.18 views

Reflected Cross-Site Scripting when restoring a backup

Description A XSS vulnerability has been identified when an administrator restores a backup from a file. When using a specially crafted file, it's possible to trigger an error that will be displayed on the web page. Since the error message contains the invalid part of the file, any JavaScript cod...

4.3CVSS6.4AI score0.00576EPSS
Exploits1References1
Huntr
Huntr
added 2023/05/07 6:31 p.m.18 views

Stored XSS on items in Folder in nilsteampassnet/teampass lead to ATO

Description Stored XSS on items in Folder in nilsteampassnet/teampass lead to ATO Proof of Concept POC on my Drive video: https://drive.google.com/file/d/1OsksHJxcaNNABIoabLAwAKCu37S2VyT/view?usp=sharing...

6CVSS6.3AI score0.00909EPSS
Exploits1
Huntr
Huntr
added 2023/04/24 7:26 p.m.18 views

Stored XSS

Description I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible. Proof of Concept link video PoC https://drive.google.com/file/d/186jNX2EJWaIaknmOmwBhQ663SSzv289/view?usp=sharing Step 1.Go to my preferences and...

4.9CVSS6.4AI score0.00569EPSS
Exploits1
Huntr
Huntr
added 2023/04/23 12:26 a.m.18 views

OS Command Injection via Type Confusion in Scan and Preview Parameters

Description Scanservjs has a RESTful API that provides endpoints for interacting with scanners using the SANE library. There are two APIs for scanning an image and generating a preview image that call out to Process.spawn, invoking a scanimage command as a subprocess of the server, and passing...

7.5CVSS8.7AI score0.40516EPSS
Exploits1
Huntr
Huntr
added 2023/04/20 8:2 a.m.18 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description There is a taint path can store payload into the database. visit http://127.0.0.1/corebos-master/index.php?action=PickList&module=PickList and click Add Item, the Add new entries here: can be tainted. Although there has a front limitation, but we can bypass it by modifying the request...

4.9CVSS7AI score0.00517EPSS
Exploits1
Huntr
Huntr
added 2023/04/02 9:39 p.m.18 views

Reflected XSS on Sidekiq through multiples endpoints via GET parameter "period"

Description Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim's browser. Proof of Concept There must have been a metrics during the default value of the period parameter. You simply have to set the payloa...

6.8CVSS8.5AI score0.02742EPSS
Exploits1
Huntr
Huntr
added 2023/03/28 7:14 p.m.18 views

Input validation and money transfer vulnerability with negative number

Description I transfer money from account1 to account2. According to the scenario, account 1 will be deducted, and account 2 will add money. But account1 was add, account was sub. If I use a negative number and its value exceeds the account balance, the money will still be added to the transfer...

6.8AI score
Exploits0References1
Huntr
Huntr
added 2023/03/20 6:21 p.m.18 views

Stored XSS in name parameter of "Static Routes"

Description During testing, I observed that the name parameter of the "Static Routes" functionality is vulnerable to stored XSS. Proof of Concept 1.Login to https://demo.pimcore.fun/admin/. 2.Now go to Settings - Static Routes - Add and Enter the payload: " inside the name input field. 3.Then cli...

4.9CVSS6.2AI score0.00497EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/01 11:9 p.m.18 views

Full CSRF Bypass

Description The intended way to reach functionality in $module/ajax.php is through the /xhr endpoint. Looking at the following code: https://github.com/unilogies/bumsys/blob/83bd788c21ce390f62e34ab6755a3e61c106418c/core/route.phpL43-L48 php if $pageSlug === "xhr" or $pageSlug === "info" and...

6.8CVSS6.8AI score0.0043EPSS
Exploits1
Huntr
Huntr
added 2023/02/26 2:52 p.m.18 views

CSRF leading to edit admin accounts

Description GET /admin/accounts/id/edit/?activetab=default page is vulnerable to a CSRF attack. Proof of Concept Login as admin. try to edit admin accounts example id=4 Open the following file in the browser. history.pushState'', '', '/'; document.forms0.submit;...

5.4CVSS6.4AI score0.00378EPSS
Exploits1
Huntr
Huntr
added 2023/02/19 8:39 p.m.18 views

SQL Injection at /front/report.dynamic.php

Description A SQL Injection vulnerability allow to guest user with reports view like "Technician" to extract all data from database and some cases write a webshell on the server. This vulnerability occurs because an insecure concatenation is taking place on this function:...

7.6AI score
Exploits0References1
Huntr
Huntr
added 2023/02/14 7:53 p.m.18 views

XSS Stored in the email address

Description Hello, I have located an xss stored by performing the following step: 1 - Go to tools 2 - GDPR Data Extractor 3 - Insert the payload into the email address 4 - click in send emails Proof of Concept...

4.9CVSS5.5AI score0.00403EPSS
Exploits1
Huntr
Huntr
added 2023/02/02 6:24 p.m.18 views

Stored Cross Site Scripting in the username

Description Stored XSS occurs when an attacker injects malicious code into a website, which is then stored on the server. In this case, the malicious code is being stored as the user's username. When someone accesses the shared page, the website retrieves the user's username from the server and...

4.9CVSS5.3AI score0.00443EPSS
Exploits1
Huntr
Huntr
added 2023/01/22 12:16 a.m.18 views

No Password Policy at all during Registration and and Password Change allows Account Takeover Exploitation

Dear Ladies and Gentlemen, First of all thank you for your time and effort reading my Report. While doing the Penetration Test i was able to weak Password Policy while Registration and Passwort changing allowing an attacker to easily exploit an account Takeover Vulnerability. This is due no...

6.5CVSS8.4AI score0.00707EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/20 7:36 p.m.18 views

Stored/Reflected XSS when add new domain

Description there is an XSS vulnerability that malicious script is injected directly in list of domain Proof of Concept 1//go to admin/domains/ 2/ click add to add a new domain 3/ in name section add this payload " and you can see payload executed POC...

4.9CVSS5.1AI score0.00613EPSS
Exploits1
Huntr
Huntr
added 2023/01/05 9:8 a.m.18 views

Improper String/Integer Input Validation Leads to the Crashing of Site

Description If you give the string input in the Start/End time field, then the application will stop working. Proof of Concept 1. Go to "Settings-General-Reconnection" 2. Change activated to "on" 3. On every input fields place any string for example put: "test" 4. Click on save and refresh 5. The...

5CVSS7.3AI score0.00816EPSS
Exploits1
Huntr
Huntr
added 2022/12/25 7:40 p.m.18 views

Stored HTML injection in Patient chat functionality

Description I've found out that it is possible to inject HTML code in Patient Chat functionality, which allows malicious code to be stored there and potentially affect the other chat users Proof of Concept - Login from the patient portal. I've used the demo instance here:...

6.5CVSS6.8AI score0.0062EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/24 3:28 p.m.18 views

Stored XSS in the module named "Website settings"

Description Our engineer found security problems when testing our website. And I have tested the demo website you provided. I found that there is indeed an xss vulnerability. I hope you can check and provide a fix as soon as possible.Thanks. \\ The reason for the vulnerability is that you have...

4.3CVSS5.4AI score0.00434EPSS
Exploits0
Huntr
Huntr
added 2022/12/24 7:18 a.m.18 views

Archive any post (public / private) using IDOR

Description It was observed that we can archive any users post using archive option by changing the post id. 1 Created user with lolwa username. 2 Posted a post and identified it's post id 1007. 3 Now get the post id from demo user i.e 1006. 4 Now click on archive for post id 1007 from user lolwa...

5CVSS0.00681EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/19 4:3 p.m.18 views

Stored XSS in admin panel (users page)

Description Stored XSS in admin panel in users page via inject XSS payload in Name input field by any user to affect the admin panel Proof of Concept https://drive.google.com/file/d/1EsYq3R6GRAdEbpZxp2RwQwGr4G8fJGB7/view?usp=sharing...

4.9CVSS5.2AI score0.00487EPSS
Exploits0
Huntr
Huntr
added 2022/11/15 10:54 a.m.18 views

Path Traversal that leads to Remote Code Execution via PHP file upload

📜 Description A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2022/10/19 1:46 p.m.18 views

Stored XSS

Description webcalendar has a feature to add event and display the location of it. This feature lead to stored xss everytime a user open the calendar or the event detail page. Proof of Concept 1. 1- login as user 2. 2- create an event 3. 3- insert the payload on "location" field 4. 4- Save 5. 5- ...

4.9CVSS5.6AI score0.00526EPSS
Exploits1
Huntr
Huntr
added 2022/10/04 1:47 p.m.18 views

Password Reset Poisoning

Description Elgg uses the HTTP Host-Header in a password reset request to generate the password reset link that is sent to the user in an email without any filters or checks. This allows an attacker to craft a password reset request using a manipulated host header, resulting in reset-token leakag...

7.2AI score
Exploits0References1
Huntr
Huntr
added 2022/09/21 7:28 p.m.18 views

Mass Assignment leads to Stored XSS

Description The application is vulnerable to mass assignment in the User object. A user is able to enable their own account and change their username. The username is not properly sanitized in the admin user overview, leading to a stored XSS attack. Proof of Concept Steps to reproduce: 1. Log in...

4.9CVSS5.5AI score0.33968EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/15 3:29 p.m.18 views

Stored Cross-Site Scripting (XSS) on Schedule Maintenance "Title" parameter

Description Stored Cross-Site Scripting XSS vulnerability in LibreNMS v22.8.0 allows attackers to execute arbitrary javascript code in the browser affected from function of "Schedule Maintenance" in "Title" parameter. Proof of Concept 1 - Click "Alerts" Click "Schedule Maintenance" from the...

4.9CVSS5.2AI score0.00551EPSS
Exploits2
Huntr
Huntr
added 2022/09/13 9:56 a.m.19 views

Password Can be set to very weak

Description For testing the issue, I have used the demo website. In edit user profile section we can set New Password to 1 Or any character. There is no policy for password or no password checking. Moreover, it also allows us to change password and the new password also can be set with weak...

7.5CVSS0.2AI score0.01032EPSS
Exploits1
Huntr
Huntr
added 2022/08/06 3:31 p.m.18 views

Unauthenticated Path Traversal

Description A unauthenticated user can read and download files of the application system by abusing the filename parameter, of the /api/image/cover-uploadendpoint, that is not properly sanitized. Proof of Concept 1 - Send the following request, where the filename has the relative path of the targ...

1.7AI score
Exploits0
Huntr
Huntr
added 2022/06/27 7:56 a.m.18 views

Out-of-bound write in function parse_command_modifiers

Description Out-of-bounds write in function parsecommandmodifiers at exdocmd.c:3123 Version commit c101abff4c6756db4f5e740fde289decb9452efa HEAD - master, tag: v8.2.5164 Proof of Concept guest@elk:/trung$ ./vim3/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc4min -c :qa!...

6.8CVSS7.6AI score0.01346EPSS
Exploits1
Huntr
Huntr
added 2022/06/21 8:9 a.m.18 views

Stored XSS in EditEstadoDocumento

Description In facturascripts/EditEstadoDocumento, the field Icon can be injected an XSS payload into it. Proof of Concept // PoC.js POST /facturascripts/EditEstadoDocumento?code=27&action=save-ok HTTP/1.1 Host: 127.0.0.1 Content-Length: 1224 Cache-Control: max-age=0 sec-ch-ua:...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/06/17 3:51 a.m.19 views

SSRF via Improper Input Validation

Description Hostname is not detected because of improper handling of username and password. Based on real cases Proof of Concept shell ❯ node -e 'const parseUrl = require"parse-url"; console.logparseUrl"http://google:com:@@localhost"' protocols: 'http' , protocol: 'http', port: null, resource:...

7.5CVSS0.4AI score0.01533EPSS
Exploits1
Huntr
Huntr
added 2022/05/23 11:25 a.m.18 views

Improper Restriction of Excessive Authentication Attempts in login feature

Description No rate-limiting leads to bruteforce attack in login feature Steps to reproduce 1.Go to https://www.rosariosis.org/demonstration/ 2.Login with any username and password 3.Using Burp and send login POST request to Intruder 4.Create 30 null payloads and start attack 5.Login with correct...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/05/11 7:56 p.m.18 views

Uncontrolled Resource Consumption in "Category Editor"

Description The Organizr application allows large characters to insert in the input field "Category Editor" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1.Login to the application 2.Go to "Tab Editor" - "Categories" . 3.Click on the +...

2.1AI score
Exploits0References1
Huntr
Huntr
added 2022/05/11 10:22 a.m.18 views

Stored XSS in application name.

Description Hi there, there is a stored XSS in Oauth application name. Proof of Concept 1. Install a local instance of Autolab. 2. Go to /oauth/applications and create a new application with name . 3. Click on Authorize and see that a pop up appears with user's cookies. Link to POC...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/04/30 12:54 p.m.18 views

Heap-buffer-overflow in mobi_search_links_kf7

Description heap-buffer-overflow /home/ubuntu/libmobi-public/src/parserawml.c:110 in mobisearchlinkskf7 Environment Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal mobitool build: Apr 29 2022 20:52:30 gcc 9.3.0 libmobi: 0.10 Build export CC=gcc CXX=g++...

5.8CVSS5.7AI score0.00668EPSS
Exploits1
Huntr
Huntr
added 2022/04/27 3:58 a.m.18 views

NULL Pointer Dereference in function mobi_build_opf_metadata at opf.c:1161

Description NULL Pointer Dereference in function mobibuildopfmetadata at opf.c:1161 allows attackers to cause a denial of service application crash via a crafted input file Build git clone https://github.com/bfabiszewski/libmobi.git cd libmobi export CFLAGS="-g -O0 -lpthread -fsanitize=address"...

4.3CVSS0.5AI score0.00582EPSS
Exploits1
Huntr
Huntr
added 2022/04/08 12:20 p.m.18 views

libde265 1.0.8, was discovered to contain a heap-buffer-overflow in put_epel_16_fallback (fallback-motion.cc)

Description libde265 1.0.8, was discovered to contain a heap-buffer-overflow in putepel16fallback fallback-motion.cc ENV - Version : 1.0.8 - Commit : 45904e5667c5bf59c67fcdc586dfba110832894c - OS : Ubuntu 18.04 - Configure : cmake -DCMAKEBUILDTYPE=Debug -DCMAKECXXCOMPILER=clang++-10...

7.5AI score
Exploits0
Huntr
Huntr
added 2022/04/04 8:2 p.m.18 views

heap-buffer-overflow in mrb_vm_exec in mruby/mruby

Affected commit: 3cf291f72224715942beaf8553e42ba8891ab3c6 Proof of Concept ruby= v10 = 0 v15 = "" v16 = srand1337 v20 = protectedmethods.fill|| v20 = Array.instanceeval|| method method privatemethods.zip rescue GC.start removemethod removemethod privatemethods.sample rescue Float v16.v15.v10 resc...

7.5CVSS7.6AI score0.01109EPSS
Exploits1
Total number of security vulnerabilities4072