Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
•added 2022/03/26 12:58 p.m.•18 views

Open Redirection

Description Open redirect security flaw an attacker to redirect the victims of the application into malicious sites Proof of Concept Request POST /create-table/ HTTP/1.1 Host: 127.0.0.1:8080 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:78.0 Gecko/20100101 Firefox/78.0 Accept:...

6.9AI score
Exploits0
Huntr
Huntr
•added 2022/03/26 4:29 a.m.•18 views

csrf bug to remove a bookmark

Description CSRF bug to remove bookmark Proof of Concept There is no csrf token check during bookmark remove .\ Let say there is two user 1. user-A -- victim \ 2. user-B -- attacker \ STEP ======== 1. user-A create bookmark and lets bookmark id is 123\ 2. Now user-B attacker send a link...

0.6AI score
Exploits0
Huntr
Huntr
•added 2022/03/22 9:46 a.m.•18 views

Heap Buffer Overflow in iterate_chained_fixups

Description heap buffer overflow in iteratechainedfixups function. ASAN report: ================================================================= ==2540511==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000065710 at pc 0x7f5b64ccb878 bp 0x7ffeab141380 sp 0x7ffeab141370 READ of siz...

2.1CVSS6.1AI score0.00414EPSS
Exploits1References1
Huntr
Huntr
•added 2022/03/14 4:3 p.m.•18 views

No Rate Limit on Copoun Code Functionality

Description The attacker has the ability to send any number of requests to the endpoint due to the absence of rate-limiting. Steps to reproduce - Simply capture the adding coupon request and send it to burp. - Send it to the repeater tab and you will be able to send many requests without blocking...

0.9AI score
Exploits0
Huntr
Huntr
•added 2022/03/11 9:54 p.m.•18 views

Stored XSS in organisation name field

Description Upon a user creates a new organisation and invites members, by opening the invitation, the XSS payload is being executed. Proof of Concept Just simply create an organisation with the following name: XSSalert1. After saving the organisation, the XSS payload is being executed. Impact In...

1.6AI score
Exploits0
Huntr
Huntr
•added 2022/03/08 5:49 a.m.•18 views

Untrusted Pointer Dereference

Description Null Pointer Dereference in gpac Proof of Concept Version: /fuzzing/gpac/gpac/bin/gcc/MP4Box -version MP4Box - GPAC version 2.1-DEV-rev15-g6c0f4ff03-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters:...

0.1AI score
Exploits0
Huntr
Huntr
•added 2022/03/07 1:21 p.m.•18 views

Improper Authorization

Description Pacemakers daemon pcsd allows authentication via PAMs pamauthenticate. Unfortunately the authorization via pamacctmgmt has been omitted. Therefore unprivileged expired accounts that have been denied access can still login. Proof of Concept You can expire an account with chage -E0 Impa...

6.5CVSS3.3AI score0.01825EPSS
Exploits1References1
Huntr
Huntr
•added 2022/03/02 11:30 p.m.•18 views

Server-Side Request Forgery (SSRF)

Description youtube-downloader takes an URL from the url query parameter, passes it directly to curl and streams the response to the browser. This makes it vulnerable to an SSRF attack if someone passes an URL containing an internal hostname, as it will stream internal resources to the browser...

1AI score
Exploits0
Huntr
Huntr
•added 2022/02/27 3:39 p.m.•18 views

Improper Preservation of Permissions

Git repository found Description: Git metadata directory .git was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that version control tool Git creates. The metadata directories are used for development purposes to keep track of...

Exploits0References1
Huntr
Huntr
•added 2022/02/21 10:38 a.m.•18 views

Out-of-bounds Read

Description OOB read occurs in mrbarypush. commit : 5d9239c2c4644fa8a59d9f5159b4950569dd5e0e Proof of Concept poc $ echo -ne "WzpfXVswLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDBdPTpO" | base64 -d poc ASAN $ ./bin/mruby poc AddressSanitizer:DEADLYSIGNAL...

6.4CVSS1.2AI score0.00906EPSS
Exploits1
Huntr
Huntr
•added 2022/02/20 5:33 p.m.•18 views

Cross-site Scripting (XSS) - Stored

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. Proof of Concept Steps to Reproduce:- = Install the WebApp and Setup it =...

3.5CVSS5.2AI score0.03506EPSS
Exploits4References2
Huntr
Huntr
•added 2022/02/16 8:6 a.m.•18 views

in mruby/mruby

Description commit ecb28f4bf463483cf914c799d086b0cfff997aee Proof of Concept sh ⚔ root@pocas ī‚° /fuzz/mruby2 ī‚° ī‚  master ± ī‚° echo "P2MKWyoqMCwqKjgsbTowXQSAPRpbAAB7" | base64 -d poc1 ⚔ root@pocas ī‚° /fuzz/mruby2 ī‚° ī‚  master ± ī‚° ./bin/mruby poc1 AddressSanitizer:DEADLYSIGNAL...

5.8CVSS1.4AI score0.00992EPSS
Exploits1
Huntr
Huntr
•added 2022/02/13 12:50 a.m.•18 views

Exposure of Sensitive Information to an Unauthorized Actor in librenms/librenms

LibreNMS v22.1.0 allows users with the normal role/level to view/access the alert transport details. The alert transport may expose sensitive information to an actor that is not explicitly authorized to have access to that information which are supposedly accessible by the Administrator only. Pro...

4CVSS0.5AI score0.01071EPSS
Exploits1
Huntr
Huntr
•added 2022/02/11 7:58 a.m.•18 views

Cross-site Scripting (XSS) - Reflected in cortezaproject/corteza-server

Description The logout function doesn't clean/filter value of "back" parameter before reflecting into html code leading to Reflected XSS vulnerability. Proof of Concept Visit URL: https://latest.cortezaproject.org/auth/logout?back=%22%3E%3Cscript%3Ealertorigin%3C/script%3E%3C%22 Poc:...

0.5AI score
Exploits0
Huntr
Huntr
•added 2022/02/02 5:18 p.m.•18 views

Cross-site Scripting (XSS) - Stored in s-cart/s-cart

Description Stored XSS in S-Cart Version 6.8.3 affecting Product and Category module. Proof of Concept Product version: S-Cart Version 6.8.3 core 6.8.10 , https://github.com/s-cart/s-cart/releases/tag/v6.8.3 Vulnerability 1: Stored XSS In Product module 1 Endpoint: POST...

0.2AI score
Exploits0
Huntr
Huntr
•added 2022/01/27 3:42 p.m.•18 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Livehelperchat is vulnerable to stored cross site scripting. Proof of Concept 1 . Login to the demo account 2 . Go to settings -- Live help configuration --Visual settings for the visitor -- widget theme --new -- name field 3 . Add payload in name field and click save 4 . Go to settin...

3.5CVSS0.1AI score0.00547EPSS
Exploits1
Huntr
Huntr
•added 2022/01/25 5:18 a.m.•18 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS is found in SettingsLive help configurationPersonal Themestatic content. Under the NAME field put a payload constructor.constructor'alert1' while creating content, and you will see that the input gets stored, and every time the user visits, the payload gets executed. Proof ...

3.5CVSS1AI score0.00766EPSS
Exploits1
Huntr
Huntr
•added 2022/01/22 3:18 p.m.•18 views

None in radareorg/radare2

Description This vulnerability is of type use-after-free. And after quick investigation I think it is very likely to be successfully exploited to remote code execution. The bug exists in latest stable release radare2-5.5.4 and lastest master branch ed2030b79e68986bf04f3a6279463ab989fe400f, update...

6.8CVSS8AI score0.01097EPSS
Exploits1References1
Huntr
Huntr
•added 2022/01/22 8:55 a.m.•18 views

Improper Privilege Management in liukuo362573/yishaadmin

Description Hi there yishaadmin maintainer team, I would like to report an improper privilege management in yishaadmin source code. The link /admin/ToolManage/Server/GetServerJson requires no authentication and accessible for everyone, which returns server info like RAM, CPU usage. Proof of Conce...

0.9AI score
Exploits0
Huntr
Huntr
•added 2022/01/09 7:39 p.m.•18 views

Improper Access Control in snipe/snipe-it

Description A user with no rights for API tokens can view the page where API tokens can be generated and can generate API tokens. Proof of Concept - Create a user with no permission for anything i.e. everything on deny. - Log in with this user to the web application. - Visit...

5.5CVSS0.2AI score0.00664EPSS
Exploits1
Huntr
Huntr
•added 2021/12/22 6:17 p.m.•18 views

Inefficient Regular Expression Complexity in idank/explainshell

Description In the latest version of explainshell ebc5e9f2 I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service Proof of Concept PoC based on code in explainshell/options.py Python import logging import re if name == "main":...

0.7AI score
Exploits0References1
Huntr
Huntr
•added 2021/12/16 10:26 a.m.•18 views

Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki

Description Auditing the AJAX endpoints revealed that some endpoints which perform state-changes do not have CSRF protection. Proof of Concept POST /lib/exe/ajax.php?call=draftdel&id=start Impact This vulnerability is capable of tricking users to delete their own drafts...

2.9AI score
Exploits0
Huntr
Huntr
•added 2021/12/14 3:2 p.m.•18 views

Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.3CVSS0.00764EPSS
Exploits1
Huntr
Huntr
•added 2021/12/14 8:57 a.m.•18 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description CSRF in switching between enable and disable of the following: - Dark/bright - Auto uppercase sentences - Do not scroll to the bottom on chat open - Auto preload previous visitor chat messages - Load previous message on scroll - New messages - New chats - Online - Based on activity -...

4.3CVSS0.3AI score0.00489EPSS
Exploits1
Huntr
Huntr
•added 2021/12/11 3:45 p.m.•18 views

Improper Access Control in bookstackapp/bookstack

Description A logged-in user with no privileges OR guest user if public access enabled can access the /search/users/select AJAX endpoint meant for admins to manage audit logs, to dump all usernames existing in the Bookstack database. This can also be used to harvest email belonging to a user...

7.5CVSS7.6AI score0.26893EPSS
Exploits1
Huntr
Huntr
•added 2021/12/05 9:22 a.m.•18 views

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Using javascript: throws an error in parsing the url. But I bypassed it using javascript://%0A. Proof of Concept txt 1. Open the...

4.3CVSS1.4AI score0.05784EPSS
Exploits0
Huntr
Huntr
•added 2021/11/21 1:18 p.m.•18 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

Description You set the strict flag only for one of your cookies named cookietoken but in Team management attacker still can delete or add teams with CSRF vulnerability as the cookie with name PHPSESSID don't have strict flag. Proof of Concept 1.replace 38046 with the team id 2.open poc.html and...

4.3CVSS1.3AI score0.00505EPSS
Exploits1
Huntr
Huntr
•added 2021/11/18 3:49 p.m.•18 views

in star7th/showdoc

Description Logged in by LDAP will lead to a weak-password initialization, php isExist$username ; if!$userInfo D"User"-register$ldapuser,$ldapuser.time; //怐register with a weak password, such as : tom/tom1637248826怑 $rs2=ldapbind$ldapconn, $dn , $password;//怐when the LDAP password is WRONG,no...

4.3CVSS0.3AI score0.00863EPSS
Exploits1References2
Huntr
Huntr
•added 2021/11/04 2:1 p.m.•18 views

Cross-Site Request Forgery (CSRF) in snipe/snipe-it

Description CSRF in custom field settings Proof of Concept /fields/1/fieldset/1/disassociate" /fields/required/3/3" /fields/optional/3/3" Impact This vulnerability is capable of trick admin user to modify custom forms...

4.3CVSS0.4AI score0.00429EPSS
Exploits1References1
Huntr
Huntr
•added 2021/10/29 12:6 p.m.•18 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept 1-- Go Asset Metadata Class Definitions - Create another one or just edit aprevious one . 2 -- In the Name input Inject any XS...

0.3AI score
Exploits0
Huntr
Huntr
•added 2021/10/11 9:30 p.m.•18 views

Cross-Site Request Forgery (CSRF) in pimcore/demo

Description Pimcore is vulnerable to Cross-site request forgery. It is possible to add arbitrary products to the victim's cart. Proof of Concept 1: Open https://demo.pimcore.fun/en/cart/add-to-cart?id=12 on a browser. 2: Check out the cart with Jaguar E-Type product. Impact Attackers might fool...

2.3AI score
Exploits0References1
Huntr
Huntr
•added 2021/10/04 8:3 p.m.•18 views

Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Description You have not set any CSRF protection for receivings/deleteitem/itemid endpoint. Proof of Concept //PoC.html history.pushState'', '', '/'...

1.7AI score
Exploits0
Huntr
Huntr
•added 2021/10/02 3:16 a.m.•18 views

in pheditor/pheditor

Description With your new fix in https://github.com/pheditor/pheditor/commit/69a79e3ba7f4a9f844cf5919c14a953e4a0d1867, it is basically impossible to change the password now because you forgot to add in the CSRF token in the reset password functionality, hence the password cannot be changed from...

1.4AI score
Exploits0
Huntr
Huntr
•added 2021/09/25 6:37 p.m.•18 views

Code Injection in collectiveaccess/providence

Description client side injection Proof of Concept open the https://demo.collectiveaccess.org/find/QuickSearch/Index click on search input the code in search bar clickme https://i.ibb.co/tmB0K64/client.png Impact This vulnerability is injecting malicious code into application...

0.4AI score
Exploits0References1
Huntr
Huntr
•added 2021/09/25 5:7 p.m.•18 views

Cross-Site Request Forgery (CSRF) in collectiveaccess/providence

Description No CSRF token and GET requests allowed in Data and Metadata imports Proof of Concept 1. Login as administrator 2. Create a directory called test in /import directory and put a CSV file inside 3. On the browser with administrator cookies, visit...

0.8AI score
Exploits0
Huntr
Huntr
•added 2021/09/09 6:25 a.m.•18 views

in bfabiszewski/libmobi

āœļø Description Overview This vulnerability is of writing user controlled values out of the buffer. The buffer is of MOBIBuffer type which is allocated using malloc. It is possible for the attacker to finally accomplish RCE Remote Code Execution using this out-of-bound write vulnerability to...

7.5CVSS1AI score0.01237EPSS
Exploits1References1
Huntr
Huntr
•added 2021/09/08 11:41 p.m.•18 views

in weseek/growi

āœļø Description In following endpoint don't check the authorization of users and any user can delete other users comments /api/comments.remove the body of request is like this : "commentid" : "61393bb36970d0000c62b3cf" , "csrf" : any user receive all commentid and can easily replace other users...

5CVSS3.3AI score0.00808EPSS
Exploits1
Huntr
Huntr
•added 2021/09/06 7:19 p.m.•18 views

Improper Privilege Management in chatwoot/chatwoot

āœļø Description A user without collaborator access to an Inbox is able to reveal the messages from it, by guessing the ID of the Inbox. šŸ•µļøā€ā™‚ļø Proof of Concept - 1; With an Administrator user, create an Inbox email type - 2; Only add the Administrator itself to the list of collaborators in the Inbox...

4CVSS0.01086EPSS
Exploits1
Huntr
Huntr
•added 2021/09/06 10:19 a.m.•18 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

āœļø Description With CSRF vulnerability Attacker able to delete any member to of any item if users visit attacker website. We can bypass the CSRF Protection if we put our payload on a iframe or a html file and send them to victim as after that the Origin header will be set to null and we can bypass...

5.8CVSS0.7AI score0.00399EPSS
Exploits1
Huntr
Huntr
•added 2021/09/02 11:49 a.m.•18 views

in leantime/leantime

āœļø Description In the source code of the application, the Secret Hash value and the initialization vector is being hardcoded. šŸ•µļøā€ā™‚ļø Proof of Concept In the following code snippet, we can see the hard-coded secret hash and IV. private $encryptionMethod = 'AES-256-CBC'; private $secrethash =...

0.6AI score
Exploits0
Huntr
Huntr
•added 2021/08/13 1:6 p.m.•18 views

Server-Side Request Forgery (SSRF) in bookstackapp/bookstack

āœļø Description User with "Editor" rights can create a special book page containing tag with "src" property pointing to any external or internal resource. Exporting this page using default domPdf will result in firing request from server side. šŸ•µļøā€ā™‚ļø Proof of Concept Updating page with malicious...

4CVSS0.1AI score0.008EPSS
Exploits1
Huntr
Huntr
•added 2021/08/03 6:6 p.m.•18 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

āœļø Description With CSRF vulnerability Attacker able to add any member to for any item if users visit attacker site. šŸ•µļøā€ā™‚ļø Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that member with email address [email protected] that already should registered befor have access to...

4.3CVSS3AI score0.00397EPSS
Exploits1
Huntr
Huntr
•added 2021/07/21 10:42 a.m.•18 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

āœļø Description CSRF bug to set-paid expense-report šŸ•µļøā€ā™‚ļø Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when set-paid expense report....

1.3AI score
Exploits0
Huntr
Huntr
•added 2021/07/15 7:0 p.m.•18 views

Cross-Site Request Forgery (CSRF) in emoncms/emoncms

āœļø Description In CSRF attack if your users going to attacker website and click the mallicouse link then they able to steal users cookie, submit unwanted date, .... šŸ•µļøā€ā™‚ļø Proof of Concept 1.you login in your account 2.you make a file contain the following html file. 3.open html as victim site...

0.5AI score
Exploits0
Huntr
Huntr
•added 2021/07/10 2:13 p.m.•18 views

Open Redirect in ionicabizau/parse-url

āœļø Description parse-url improperly handles the user input such as https:/\ and interprets it as a relative path. Backslashes after the protocol are accepted by browsers and treated as normal slashes, but parse-url reads them as the relative path, which could lead to SSRF, open redirects, or other...

6.1AI score0.02483EPSS
Exploits2
Huntr
Huntr
•added 2021/07/06 7:53 a.m.•18 views

Open Redirect in unshiftio/url-parse

āœļø Description url-parse mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-parse sees it as a relative path. Similar attacks:...

5CVSS5.5AI score0.01964EPSS
Exploits2References1
Huntr
Huntr
•added 2021/07/05 7:34 a.m.•18 views

Session Fixation in chatwoot/chatwoot

āœļø Description The application is vulnerable to Session Fixation vulnerability even after a user changes its password the old sessions on other devices persist. šŸ•µļøā€ā™‚ļø Proof of Concept 1. open chatwoot and login to your account on multiple browsers 2. change the password of the account on one of...

2.9AI score0.00197EPSS
Exploits0References1
Huntr
Huntr
•added 2021/07/02 3:33 p.m.•18 views

in projectsend/projectsend

šŸ’„ BUG create client even when self client registration is disabled šŸ’„ IMPACT any user can create create client even when self client registration is disabled šŸ’„ STEP TO REPRODUCE 1. From admin account goto http://localhost/projectsend2/options.php?section=clients and disabled client registration....

0.2AI score
Exploits0
Huntr
Huntr
•added 2021/06/07 5:46 a.m.•18 views

in alovoa/alovoa

āœļø Description It is possible to set a weak password with no compliance with the register form checks that state "Your password needs to be at least 7 characters long and must contain characters and numbers." If a user bypasses the frontend checks, he will be able to register a completely weak...

7AI score
Exploits0
Huntr
Huntr
•added 2021/03/25 7:3 p.m.•18 views

Code Injection in donmccurdy/expression-eval

āœļø Description Althrough we have decleared in the README.MD that do not use this package with user-provided inputs, but after i exam some project with this project, i found that many developers still use in that way, which may lead to some serious security problem. So I think that we still need to...

1.7AI score
Exploits0
Total number of security vulnerabilities4072