Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
•added 2022/03/08 5:49 a.m.•18 views

Untrusted Pointer Dereference

Description Null Pointer Dereference in gpac Proof of Concept Version: /fuzzing/gpac/gpac/bin/gcc/MP4Box -version MP4Box - GPAC version 2.1-DEV-rev15-g6c0f4ff03-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters:...

0.1AI score
Exploits0
Huntr
Huntr
•added 2022/02/27 3:39 p.m.•18 views

Improper Preservation of Permissions

Git repository found Description: Git metadata directory .git was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that version control tool Git creates. The metadata directories are used for development purposes to keep track of...

Exploits0References1
Huntr
Huntr
•added 2022/02/21 10:38 a.m.•18 views

Out-of-bounds Read

Description OOB read occurs in mrbarypush. commit : 5d9239c2c4644fa8a59d9f5159b4950569dd5e0e Proof of Concept poc $ echo -ne "WzpfXVswLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDBdPTpO" | base64 -d poc ASAN $ ./bin/mruby poc AddressSanitizer:DEADLYSIGNAL...

6.4CVSS1.2AI score0.00906EPSS
Exploits1
Huntr
Huntr
•added 2022/02/20 5:33 p.m.•18 views

Cross-site Scripting (XSS) - Stored

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. Proof of Concept Steps to Reproduce:- = Install the WebApp and Setup it =...

3.5CVSS5.2AI score0.03506EPSS
Exploits4References2
Huntr
Huntr
•added 2022/02/16 8:6 a.m.•18 views

in mruby/mruby

Description commit ecb28f4bf463483cf914c799d086b0cfff997aee Proof of Concept sh ⚔ root@pocas ī‚° /fuzz/mruby2 ī‚° ī‚  master ± ī‚° echo "P2MKWyoqMCwqKjgsbTowXQSAPRpbAAB7" | base64 -d poc1 ⚔ root@pocas ī‚° /fuzz/mruby2 ī‚° ī‚  master ± ī‚° ./bin/mruby poc1 AddressSanitizer:DEADLYSIGNAL...

5.8CVSS1.4AI score0.00992EPSS
Exploits1
Huntr
Huntr
•added 2022/02/13 12:50 a.m.•18 views

Exposure of Sensitive Information to an Unauthorized Actor in librenms/librenms

LibreNMS v22.1.0 allows users with the normal role/level to view/access the alert transport details. The alert transport may expose sensitive information to an actor that is not explicitly authorized to have access to that information which are supposedly accessible by the Administrator only. Pro...

4CVSS0.5AI score0.01071EPSS
Exploits1
Huntr
Huntr
•added 2022/02/11 7:58 a.m.•18 views

Cross-site Scripting (XSS) - Reflected in cortezaproject/corteza-server

Description The logout function doesn't clean/filter value of "back" parameter before reflecting into html code leading to Reflected XSS vulnerability. Proof of Concept Visit URL: https://latest.cortezaproject.org/auth/logout?back=%22%3E%3Cscript%3Ealertorigin%3C/script%3E%3C%22 Poc:...

0.5AI score
Exploits0
Huntr
Huntr
•added 2022/02/02 5:18 p.m.•18 views

Cross-site Scripting (XSS) - Stored in s-cart/s-cart

Description Stored XSS in S-Cart Version 6.8.3 affecting Product and Category module. Proof of Concept Product version: S-Cart Version 6.8.3 core 6.8.10 , https://github.com/s-cart/s-cart/releases/tag/v6.8.3 Vulnerability 1: Stored XSS In Product module 1 Endpoint: POST...

0.2AI score
Exploits0
Huntr
Huntr
•added 2022/01/27 3:42 p.m.•18 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Livehelperchat is vulnerable to stored cross site scripting. Proof of Concept 1 . Login to the demo account 2 . Go to settings -- Live help configuration --Visual settings for the visitor -- widget theme --new -- name field 3 . Add payload in name field and click save 4 . Go to settin...

3.5CVSS0.1AI score0.00547EPSS
Exploits1
Huntr
Huntr
•added 2022/01/25 5:18 a.m.•18 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS is found in SettingsLive help configurationPersonal Themestatic content. Under the NAME field put a payload constructor.constructor'alert1' while creating content, and you will see that the input gets stored, and every time the user visits, the payload gets executed. Proof ...

3.5CVSS1AI score0.00766EPSS
Exploits1
Huntr
Huntr
•added 2022/01/22 3:18 p.m.•18 views

None in radareorg/radare2

Description This vulnerability is of type use-after-free. And after quick investigation I think it is very likely to be successfully exploited to remote code execution. The bug exists in latest stable release radare2-5.5.4 and lastest master branch ed2030b79e68986bf04f3a6279463ab989fe400f, update...

6.8CVSS8AI score0.01097EPSS
Exploits1References1
Huntr
Huntr
•added 2022/01/22 8:55 a.m.•18 views

Improper Privilege Management in liukuo362573/yishaadmin

Description Hi there yishaadmin maintainer team, I would like to report an improper privilege management in yishaadmin source code. The link /admin/ToolManage/Server/GetServerJson requires no authentication and accessible for everyone, which returns server info like RAM, CPU usage. Proof of Conce...

0.9AI score
Exploits0
Huntr
Huntr
•added 2022/01/09 7:39 p.m.•18 views

Improper Access Control in snipe/snipe-it

Description A user with no rights for API tokens can view the page where API tokens can be generated and can generate API tokens. Proof of Concept - Create a user with no permission for anything i.e. everything on deny. - Log in with this user to the web application. - Visit...

5.5CVSS0.2AI score0.00664EPSS
Exploits1
Huntr
Huntr
•added 2021/12/22 6:17 p.m.•18 views

Inefficient Regular Expression Complexity in idank/explainshell

Description In the latest version of explainshell ebc5e9f2 I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service Proof of Concept PoC based on code in explainshell/options.py Python import logging import re if name == "main":...

0.7AI score
Exploits0References1
Huntr
Huntr
•added 2021/12/16 10:26 a.m.•18 views

Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki

Description Auditing the AJAX endpoints revealed that some endpoints which perform state-changes do not have CSRF protection. Proof of Concept POST /lib/exe/ajax.php?call=draftdel&id=start Impact This vulnerability is capable of tricking users to delete their own drafts...

2.9AI score
Exploits0
Huntr
Huntr
•added 2021/12/14 3:2 p.m.•18 views

Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.3CVSS0.00764EPSS
Exploits1
Huntr
Huntr
•added 2021/12/14 8:57 a.m.•18 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description CSRF in switching between enable and disable of the following: - Dark/bright - Auto uppercase sentences - Do not scroll to the bottom on chat open - Auto preload previous visitor chat messages - Load previous message on scroll - New messages - New chats - Online - Based on activity -...

4.3CVSS0.3AI score0.00489EPSS
Exploits1
Huntr
Huntr
•added 2021/12/11 3:45 p.m.•18 views

Improper Access Control in bookstackapp/bookstack

Description A logged-in user with no privileges OR guest user if public access enabled can access the /search/users/select AJAX endpoint meant for admins to manage audit logs, to dump all usernames existing in the Bookstack database. This can also be used to harvest email belonging to a user...

7.5CVSS7.6AI score0.26893EPSS
Exploits1
Huntr
Huntr
•added 2021/12/10 7:1 a.m.•18 views

Cross-site Scripting (XSS) - Stored in vanessa219/vditor

Description the editor has XSS vulnerability Proof of Concept payload: Open the editorhttps://ld246.com/guide/markdown, enter the payload, and trigger the XSS vulnerability demo pic : https://drive.google.com/file/d/1fl07CUXSS0DyvjtuftslMnyr2uGZ8F7/view?usp=sharing Impact This vulnerability has t...

3.5CVSS0.8AI score0.00664EPSS
Exploits1
Huntr
Huntr
•added 2021/12/05 9:22 a.m.•18 views

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Using javascript: throws an error in parsing the url. But I bypassed it using javascript://%0A. Proof of Concept txt 1. Open the...

4.3CVSS1.4AI score0.05784EPSS
Exploits0
Huntr
Huntr
•added 2021/11/21 1:18 p.m.•18 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

Description You set the strict flag only for one of your cookies named cookietoken but in Team management attacker still can delete or add teams with CSRF vulnerability as the cookie with name PHPSESSID don't have strict flag. Proof of Concept 1.replace 38046 with the team id 2.open poc.html and...

4.3CVSS1.3AI score0.00505EPSS
Exploits1
Huntr
Huntr
•added 2021/11/18 3:49 p.m.•18 views

in star7th/showdoc

Description Logged in by LDAP will lead to a weak-password initialization, php isExist$username ; if!$userInfo D"User"-register$ldapuser,$ldapuser.time; //怐register with a weak password, such as : tom/tom1637248826怑 $rs2=ldapbind$ldapconn, $dn , $password;//怐when the LDAP password is WRONG,no...

4.3CVSS0.3AI score0.00863EPSS
Exploits1References2
Huntr
Huntr
•added 2021/11/04 2:1 p.m.•18 views

Cross-Site Request Forgery (CSRF) in snipe/snipe-it

Description CSRF in custom field settings Proof of Concept /fields/1/fieldset/1/disassociate" /fields/required/3/3" /fields/optional/3/3" Impact This vulnerability is capable of trick admin user to modify custom forms...

4.3CVSS0.4AI score0.00429EPSS
Exploits1References1
Huntr
Huntr
•added 2021/10/29 12:6 p.m.•18 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept 1-- Go Asset Metadata Class Definitions - Create another one or just edit aprevious one . 2 -- In the Name input Inject any XS...

0.3AI score
Exploits0
Huntr
Huntr
•added 2021/10/11 9:30 p.m.•18 views

Cross-Site Request Forgery (CSRF) in pimcore/demo

Description Pimcore is vulnerable to Cross-site request forgery. It is possible to add arbitrary products to the victim's cart. Proof of Concept 1: Open https://demo.pimcore.fun/en/cart/add-to-cart?id=12 on a browser. 2: Check out the cart with Jaguar E-Type product. Impact Attackers might fool...

2.3AI score
Exploits0References1
Huntr
Huntr
•added 2021/10/04 8:3 p.m.•18 views

Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Description You have not set any CSRF protection for receivings/deleteitem/itemid endpoint. Proof of Concept //PoC.html history.pushState'', '', '/'...

1.7AI score
Exploits0
Huntr
Huntr
•added 2021/10/02 3:16 a.m.•18 views

in pheditor/pheditor

Description With your new fix in https://github.com/pheditor/pheditor/commit/69a79e3ba7f4a9f844cf5919c14a953e4a0d1867, it is basically impossible to change the password now because you forgot to add in the CSRF token in the reset password functionality, hence the password cannot be changed from...

1.4AI score
Exploits0
Huntr
Huntr
•added 2021/09/25 6:37 p.m.•18 views

Code Injection in collectiveaccess/providence

Description client side injection Proof of Concept open the https://demo.collectiveaccess.org/find/QuickSearch/Index click on search input the code in search bar clickme https://i.ibb.co/tmB0K64/client.png Impact This vulnerability is injecting malicious code into application...

0.4AI score
Exploits0References1
Huntr
Huntr
•added 2021/09/25 5:7 p.m.•18 views

Cross-Site Request Forgery (CSRF) in collectiveaccess/providence

Description No CSRF token and GET requests allowed in Data and Metadata imports Proof of Concept 1. Login as administrator 2. Create a directory called test in /import directory and put a CSV file inside 3. On the browser with administrator cookies, visit...

0.8AI score
Exploits0
Huntr
Huntr
•added 2021/09/08 11:41 p.m.•18 views

in weseek/growi

āœļø Description In following endpoint don't check the authorization of users and any user can delete other users comments /api/comments.remove the body of request is like this : "commentid" : "61393bb36970d0000c62b3cf" , "csrf" : any user receive all commentid and can easily replace other users...

5CVSS3.3AI score0.00808EPSS
Exploits1
Huntr
Huntr
•added 2021/09/07 10:22 p.m.•18 views

Cross-site Scripting (XSS) - Stored in chocobozzz/peertube

āœļø Description We can upload a SVG image and then send the url of that to other users and when they open the link we can get their complete session keys as the session keys stored in local storage and with Javascript easily can be stolen by attackers. šŸ•µļøā€ā™‚ļø Proof of Concept 1.Go to...

4.3CVSS6.4AI score0.0087EPSS
Exploits1
Huntr
Huntr
•added 2021/09/06 7:19 p.m.•18 views

Improper Privilege Management in chatwoot/chatwoot

āœļø Description A user without collaborator access to an Inbox is able to reveal the messages from it, by guessing the ID of the Inbox. šŸ•µļøā€ā™‚ļø Proof of Concept - 1; With an Administrator user, create an Inbox email type - 2; Only add the Administrator itself to the list of collaborators in the Inbox...

4CVSS0.01086EPSS
Exploits1
Huntr
Huntr
•added 2021/09/06 10:19 a.m.•18 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

āœļø Description With CSRF vulnerability Attacker able to delete any member to of any item if users visit attacker website. We can bypass the CSRF Protection if we put our payload on a iframe or a html file and send them to victim as after that the Origin header will be set to null and we can bypass...

5.8CVSS0.7AI score0.00399EPSS
Exploits1
Huntr
Huntr
•added 2021/09/02 11:49 a.m.•18 views

in leantime/leantime

āœļø Description In the source code of the application, the Secret Hash value and the initialization vector is being hardcoded. šŸ•µļøā€ā™‚ļø Proof of Concept In the following code snippet, we can see the hard-coded secret hash and IV. private $encryptionMethod = 'AES-256-CBC'; private $secrethash =...

0.6AI score
Exploits0
Huntr
Huntr
•added 2021/08/13 1:6 p.m.•18 views

Server-Side Request Forgery (SSRF) in bookstackapp/bookstack

āœļø Description User with "Editor" rights can create a special book page containing tag with "src" property pointing to any external or internal resource. Exporting this page using default domPdf will result in firing request from server side. šŸ•µļøā€ā™‚ļø Proof of Concept Updating page with malicious...

4CVSS0.1AI score0.008EPSS
Exploits1
Huntr
Huntr
•added 2021/08/03 6:6 p.m.•18 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

āœļø Description With CSRF vulnerability Attacker able to add any member to for any item if users visit attacker site. šŸ•µļøā€ā™‚ļø Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that member with email address [email protected] that already should registered befor have access to...

4.3CVSS3AI score0.00397EPSS
Exploits1
Huntr
Huntr
•added 2021/07/21 10:42 a.m.•18 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

āœļø Description CSRF bug to set-paid expense-report šŸ•µļøā€ā™‚ļø Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when set-paid expense report....

1.3AI score
Exploits0
Huntr
Huntr
•added 2021/07/15 7:0 p.m.•18 views

Cross-Site Request Forgery (CSRF) in emoncms/emoncms

āœļø Description In CSRF attack if your users going to attacker website and click the mallicouse link then they able to steal users cookie, submit unwanted date, .... šŸ•µļøā€ā™‚ļø Proof of Concept 1.you login in your account 2.you make a file contain the following html file. 3.open html as victim site...

0.5AI score
Exploits0
Huntr
Huntr
•added 2021/07/10 2:13 p.m.•18 views

Open Redirect in ionicabizau/parse-url

āœļø Description parse-url improperly handles the user input such as https:/\ and interprets it as a relative path. Backslashes after the protocol are accepted by browsers and treated as normal slashes, but parse-url reads them as the relative path, which could lead to SSRF, open redirects, or other...

6.1AI score0.02483EPSS
Exploits2
Huntr
Huntr
•added 2021/07/06 7:53 a.m.•18 views

Open Redirect in unshiftio/url-parse

āœļø Description url-parse mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-parse sees it as a relative path. Similar attacks:...

5CVSS5.5AI score0.01964EPSS
Exploits2References1
Huntr
Huntr
•added 2021/07/05 7:34 a.m.•18 views

Session Fixation in chatwoot/chatwoot

āœļø Description The application is vulnerable to Session Fixation vulnerability even after a user changes its password the old sessions on other devices persist. šŸ•µļøā€ā™‚ļø Proof of Concept 1. open chatwoot and login to your account on multiple browsers 2. change the password of the account on one of...

2.9AI score0.00197EPSS
Exploits0References1
Huntr
Huntr
•added 2021/07/02 3:33 p.m.•18 views

in projectsend/projectsend

šŸ’„ BUG create client even when self client registration is disabled šŸ’„ IMPACT any user can create create client even when self client registration is disabled šŸ’„ STEP TO REPRODUCE 1. From admin account goto http://localhost/projectsend2/options.php?section=clients and disabled client registration....

0.2AI score
Exploits0
Huntr
Huntr
•added 2021/06/07 5:46 a.m.•18 views

in alovoa/alovoa

āœļø Description It is possible to set a weak password with no compliance with the register form checks that state "Your password needs to be at least 7 characters long and must contain characters and numbers." If a user bypasses the frontend checks, he will be able to register a completely weak...

7AI score
Exploits0
Huntr
Huntr
•added 2021/03/25 7:3 p.m.•18 views

Code Injection in donmccurdy/expression-eval

āœļø Description Althrough we have decleared in the README.MD that do not use this package with user-provided inputs, but after i exam some project with this project, i found that many developers still use in that way, which may lead to some serious security problem. So I think that we still need to...

1.7AI score
Exploits0
Huntr
Huntr
•added 2021/02/23 12:0 a.m.•18 views

Code Injection in sodadata/soda-sql

Description soda-sql Metric collection, data testing and monitoring for SQL accessible data, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install soda-sql Run exploit.py...

2.7AI score
Exploits0
Huntr
Huntr
•added 2021/02/19 12:0 a.m.•18 views

Path Traversal in mucommander/mucommander

:book: Description mucommander A lightweight, cross-platform file manager with a dual-pane interface. This package is vulnerable for zip-slip. https://github.com/mucommander/mucommander https://www.mucommander.com/ :recycle: Steps To Reproduce-: 0 download and run latest release from...

1.2AI score
Exploits0
Huntr
Huntr
•added 2020/07/26 12:0 a.m.•18 views

Code Injection in swooningfish/ffmpeg-web-gui

Description The ffmpeg-web-gui project is a simple video converter written in PHP which uses the ffmpeg command to convert videos in HTML formats. The issue arises at the following line: https://github.com/swooningfish/ffmpeg-web-gui/blob/master/upload-and-convert.phpL176. The arbitrary command...

0.1AI score
Exploits0
Huntr
Huntr
•added 2020/04/03 12:0 a.m.•18 views

Code Injection in keymetrics/vizion

Overview The issue is an RCE triggerable via the module. This is possible because in the https://github.com/keymetrics/vizion/blob/master/lib/git/git.jsL228 line, the git reset --hard command is concatenated with a unsanitized input: js var command = cliCommandargs.folder, "git reset --hard " +...

0.9AI score
Exploits0References1
Huntr
Huntr
•added 2020/03/27 12:0 a.m.•18 views

Command Injection in zamotany/logkitty

Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Check there aren't files called HACKED 2. Execute the following commands in another terminal: bash npm i logkitty Install affected module logkit...

7.5CVSS2.1AI score0.0201EPSS
Exploits1
Huntr
Huntr
•added 2026/02/13 3:49 a.m.•17 views

Authorization Bypass in SearchModelVersions Allows Any Authenticated User to Enumerate All Model Versions Regardless of Permissions

Summary MLflow's SearchModelVersions REST API endpoint GET /api/2.0/mlflow/model-versions/search and GraphQL query mlflowSearchModelVersions lack per-model authorization checks when basic auth is enabled. Any authenticated user can enumerate ALL model versions across ALL registered models,...

6.5CVSS5.8AI score0.00441EPSS
Exploits1
Total number of security vulnerabilities4072