Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2020/07/26 12:0 a.m.18 views

Code Injection in swooningfish/ffmpeg-web-gui

Description The ffmpeg-web-gui project is a simple video converter written in PHP which uses the ffmpeg command to convert videos in HTML formats. The issue arises at the following line: https://github.com/swooningfish/ffmpeg-web-gui/blob/master/upload-and-convert.phpL176. The arbitrary command...

0.1AI score
Exploits0
Huntr
Huntr
added 2020/04/03 12:0 a.m.18 views

Code Injection in keymetrics/vizion

Overview The issue is an RCE triggerable via the module. This is possible because in the https://github.com/keymetrics/vizion/blob/master/lib/git/git.jsL228 line, the git reset --hard command is concatenated with a unsanitized input: js var command = cliCommandargs.folder, "git reset --hard " +...

0.9AI score
Exploits0References1
Huntr
Huntr
added 2026/02/13 3:49 a.m.17 views

Authorization Bypass in SearchModelVersions Allows Any Authenticated User to Enumerate All Model Versions Regardless of Permissions

Summary MLflow's SearchModelVersions REST API endpoint GET /api/2.0/mlflow/model-versions/search and GraphQL query mlflowSearchModelVersions lack per-model authorization checks when basic auth is enabled. Any authenticated user can enumerate ALL model versions across ALL registered models,...

6.5CVSS5.8AI score0.00441EPSS
Exploits1
Huntr
Huntr
added 2023/10/15 2:58 p.m.17 views

new 3 SEGV in MP4Box

Description new 3 SEGV in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Reproduce ./MP4Box -das...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/10/11 4:41 p.m.17 views

2 stack-buffer-overflow in MP4Box

Description 2 stack-buffer-overflow in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Reproduce...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/09/28 4:14 p.m.17 views

CSRF Delete Categories

Description CSRF Delete Categories Proof of Concept 1 .Attack sends fake requests to users history.pushState'', '', '/'; document.forms0.submit; 2 .User clicks, deletes unwanted Categories Payload Poc https://drive.google.com/file/d/12cCzI-b9KLCRlND6MmjM6j-DJfTJiIt/view?usp=sharing Video Poc...

7.1AI score0.00264EPSS
Exploits1
Huntr
Huntr
added 2023/09/27 9:36 a.m.17 views

SSRF vulnerability in the vrite

Description This vulnerability can be used to leak remote server information, bypass CDN like cloudflare. Also it can be used to the SSRF attack. Proof of Concept Here we can use it to leak the real IP of the https://app.vrite.io. GET /proxy?url=https://your-vps-ip.nip.io/ HTTP/2 Host: app.vrite....

7.5CVSS6.9AI score0.00842EPSS
Exploits1
Huntr
Huntr
added 2023/09/22 5:2 a.m.17 views

Improper validation of intent data received in TextViewerActivity allows opening of arbitrary files in hamza417/inure

Description Tested on Build89 of the Inure application. It was discovered that the application had an exported activity .activities.association.TextViewerActivity which accepted intent data via the file scheme + text/ mime type and opened the associated files from provided URI data string. The...

1.7CVSS7AI score0.00261EPSS
Exploits1References1
Huntr
Huntr
added 2023/09/01 2:46 a.m.17 views

Store XSS in FAQ Multisites

Description I noticed, your website is very secure. But you overlooked a flaw XSS Proof of Concept 1 .Login vs admin demo account and access admin page. 2 .Go to Configuration == FAQ Multisites 3 . Edit Instance URL with payload: javascript:alertdocument.domain 4 .Edit Instance path with payload:...

4.9CVSS6.7AI score0.00336EPSS
Exploits0
Huntr
Huntr
added 2023/08/31 6:32 a.m.17 views

left shift of negative value in scene_manager/swf_parse.c:213:12

Description left shift of negative value in MP4Box Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC...

1.9CVSS6.8AI score0.00296EPSS
Exploits1References1
Huntr
Huntr
added 2023/08/27 9:44 p.m.17 views

Account takeover via password reset

Description An attacker could predict all future password reset tokens due to the use of RandomStringUtils.randomAlphanumeric in PasswordService. An attacker could crack the random number generator RNG seed from a password reset token, then perform password resets on their and the victim’s...

6.9AI score
Exploits0References3
Huntr
Huntr
added 2023/08/25 10:39 a.m.17 views

Session Fixation

Description Session fixation allows an attacker to impersonate a user by abusing an authenticated session ID SID. This attack can occur when a web application: •Fails to supply a new, unique SID to a user following a successful authentication •Allows a user to provide the SID to be used after...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2023/08/01 5:2 a.m.17 views

Pre-Auth SQLi leading to RCE in Social Media Skeleton v1.0

Summary A SQL Injection vulnerability exists in Social Media Skeleton v1.0 via the username and password parameters in admin/login.php. Not to be confused with login.php, which properly escapes special characters. Issue Description SQL injection SQLi is a code injection technique used to attack...

8.2AI score
Exploits0References5
Huntr
Huntr
added 2023/07/24 2:53 p.m.17 views

Stored XSS in Preview title

Description There is accumulated XSS in the preview title of the page. Proof of Concept Step 1. Log in to the administrator screen and create a new page. Step 2. Insert "Browse preview" from "Add new block" and specify Payload in "Preview title". Step 3. When you access the preview screen in the...

4.3CVSS5.9AI score0.00401EPSS
Exploits1References1
Huntr
Huntr
added 2023/07/23 3:7 p.m.17 views

CWE-521: Weak Password Requirements

Description Users at this moment can set really weak password like 123. Proof of Concept Go to register page and set really weak password like 123, see allowed - registered in. For example, go to https://sandbox.openedx.org/register?next=/dashboard , type '1' see info 'This password is too short...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2023/07/13 8:47 p.m.17 views

Business Logic Error - letting the Name Field blank

Hello, I was able to bypass the restriction for setting an admin username and letting the username via spaces blank. Let's have a look. As you can see the name is with a red star and therefore required to be filled. Now we will add2 spaces and let the username blank and save. As you can see all t...

3.3CVSS7AI score0.00477EPSS
Exploits1References1
Huntr
Huntr
added 2023/07/02 7:14 p.m.17 views

youtube service is vulnerable to XSS vulnerability

Description If an attacker is able to insert a div with attributes on a page where the youtube service is enabled, they can craft a width attribute that would allow them to execute arbitrary JS on the page. Other attributes like theme or controls are also vulnerable to this. Proof of Concept html...

4.9CVSS7.4AI score0.00469EPSS
Exploits1
Huntr
Huntr
added 2023/06/29 11:30 a.m.17 views

Stored XSS via user's Full Name

Description The user's full name is rendered as HTML during user deletion. This enables an user to add Javascript code in the username which when can be executed in admin's webpage during user deletion. Proof of Concept - Login as a normal user and change the Full name to: javascript "...

6.3AI score
Exploits0References1
Huntr
Huntr
added 2023/06/25 5:33 p.m.17 views

Stored XSS at Search page

Description Create new item with XSS payload. Then go to Search page, XSS vulnerability will be trigger. Proof of Concept https://drive.google.com/file/d/1OB11FmQvy2-qRI9r1BlavKUxJ4kaMjp/view?usp=sharing Acknowledge Tran Van Nhan from bl4ckh0l3 of GalaxyOne...

4.9CVSS6.3AI score0.00537EPSS
Exploits1References1
Huntr
Huntr
added 2023/06/11 8:40 a.m.17 views

IDOR in message deletion

Description user can delete others's message. we know the report https://huntr.dev/bounties/24ae402f-220f-41c6-962e-47c26938986e/ , but we find that we do not fix one case. Proof of Concept 1 user1 send admin a greeting card1 2 user2 send admin a greeting card2 3 user1 delete his message related ...

5.5CVSS7AI score0.00415EPSS
Exploits1
Huntr
Huntr
added 2023/06/09 4:16 p.m.17 views

Security vulnerability in product bundling feature

Description Our e-commerce platform offers a bundled sales promotion feature, allowing an administrator to bind the sale of a product to an addon. However, we have identified a security vulnerability that exists in this feature. After an administrator cancels a bundle offer, users can still make...

3.5CVSS6.8AI score0.00407EPSS
Exploits1
Huntr
Huntr
added 2023/06/06 9:29 a.m.17 views

Stored XSS via file upload in FireFox

Description Upload html file containing XSS payload. Payload ' On opening and refreshing the page, XSS payload executes in Firefox. Proof of Concept https://drive.google.com/file/d/1Irkg0u-8DcEizRSN3xE87ezEWmp0L4j/view?usp=sharing...

6.4AI score
Exploits0References1
Huntr
Huntr
added 2023/06/05 6:7 a.m.17 views

we can still send the photo as greeting card even the albums is locked

1 admin create a album and upload a photo 2 member-1 login and send the photo as greeting card to member-2 3 member-1 use burpsuite hijack the request, which can be like POST /admprogram/modules/ecards/ecardsend.php HTTP/1.1...

3.5CVSS6.9AI score0.00416EPSS
Exploits1
Huntr
Huntr
added 2023/06/02 4:5 p.m.17 views

Stored XSS on user's name

Description Paste the payload XSS into the Name or Last name field. XSS vulnerability will trigger. Proof of Concept https://drive.google.com/file/d/1hoZkCxzTQbcIDy28hKJyjyrOD1Pcaaz0/view?usp=sharing...

4.9CVSS6.4AI score0.00738EPSS
Exploits1References1
Huntr
Huntr
added 2023/05/29 7:8 a.m.17 views

Cross-Site Scripting (Stored XSS)

Description With Association's board role, i can add a new web link. But, when i create a link, in Link name input field can insert an onfocus/autofocus attribute because do not processing for double quote. Proof of Concept 1. Login by account with Association's board role 2. Access funtion Web...

4.9CVSS6.3AI score0.00479EPSS
Exploits1
Huntr
Huntr
added 2023/05/18 3:34 a.m.17 views

File Path Traversal Vulnerability

Description in the file adminautoupdate.php php elseif $page == 'extract' if isset$POST'send' && $POST'send' == 'send' $toExtract = isset$POST'archive' ? $POST'archive' : null; $localArchive = Froxlor::getInstallDir . '/updates/' . $toExtract; $log-logActionFroxlorLogger::ADMACTION, LOGNOTICE,...

5.8CVSS6.9AI score0.01216EPSS
Exploits1
Huntr
Huntr
added 2023/05/13 2:34 p.m.17 views

Stored cross-site scripting via RSS feed

Description Due to the improper handling of RSS titles in inc/parser/xhtml.php, a malicious RSS feed can be used to inject arbitrary HTML elements into the page, resulting in cross-site scripting. inc/parser/xhtml.php line 1292-1294 javascript else $this-doc .= ' '.$item-gettitle; Proof of Concep...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/05/07 12:53 p.m.17 views

Stored HTML injection in folderName affecting Admin

Description Here FolderName field is vulnerable to HTML injection, a malicious user could potentially rename a folder with a payload containing malicious code. This could result in an attack on the admin who edits the folder, as the payload could execute upon the admin's interaction with the...

6.8CVSS7.1AI score0.01649EPSS
Exploits1References1
Huntr
Huntr
added 2023/05/04 12:20 p.m.17 views

No rate limit on send report functionality results in an email spam

Description There is no rate limit on the send report feature on the https://rdiffweb-dev.ikus-soft.com/prefs/notification endpoint , which allows an attacker to spam the victims mailbox Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/notification 2 Click on daily frequency for...

6.4CVSS6.8AI score0.00405EPSS
Exploits1
Huntr
Huntr
added 2023/04/27 5:51 p.m.17 views

XML.php JSONP hijacking

Description The XML.php file has a JSONP hijacking vulnerability. When a user visits a page carefully crafted by the attacker, the JSON data is obtained and sent to the attacker. Proof of Concept We created an HTML file as a proof of concept to showcase the vulnerability. This HTML file will...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/04/21 12:14 a.m.17 views

Broken Rate Limiting

Description The request rate limiting feature on the login page can be bypassed. If we look at the code in src/Controller/Frontend/Account/LoginAction.php php $this-rateLimit-checkRequestRateLimit$request, 'login', 30, 5; We see that checkRequestRateLimit is invoked with a restriction of a maxmim...

7.5CVSS7.1AI score0.00787EPSS
Exploits1
Huntr
Huntr
added 2023/04/17 10:55 a.m.17 views

IDOR make users can delete others' subscription

Proof of Concept 1 user1 create subscription1 2 user2 create subscription2 3 user2 delete subscription2 4 user2 use burpsuite hiajck the request 5 the request URL can be DELETE /inlong/manager/api/consume/delete/2 6 change the request :DELETE /inlong/manager/api/consume/delete/1 1 is the id of...

5CVSS7AI score0.01182EPSS
Exploits0
Huntr
Huntr
added 2023/04/17 8:51 a.m.17 views

attackers can change the immutable name and type of cluster

Proof of Concept 1 admin creates a cluster 2 admin adds user1 as one owner 3 attack login as user1 4 user1 edit the the cluster 5 user1 finds that the name and type can not be changed. 6 user1 still edits the cluster and using the burpsuit to hijack the request 7 the request content can be like...

5CVSS6.9AI score0.01304EPSS
Exploits0
Huntr
Huntr
added 2023/04/17 8:43 a.m.17 views

attack can change the immutable name and type of nodes

1 admin create a node 2 add user1 as one owner 3 login as user1 4 user1 edit the the node 5 user1 finds that the name and type can not be changed. 6 user1 still edit the node and using the burpsuit to hijack the request 7 the request content can be like...

5CVSS6.8AI score0.01247EPSS
Exploits0
Huntr
Huntr
added 2023/04/05 4:13 p.m.17 views

Stored XSS on function item with folder

Description Create two account and allow same folder. \ one account create a new item in folder. in description parameter select code view and paste payload XSS.\ Save and click on item will show a alert XSS. Other account login and view folder click on item and see a alert XSS Proof of Concept g...

4.9CVSS5.7AI score0.00363EPSS
Exploits1
Huntr
Huntr
added 2023/04/02 5:19 a.m.17 views

Multiple Stored XSS via mail parameter

Description In PhpMyFaq, while submitting a question, the mail parameter is accepting unsanitized user input which leads to Stored XSS vulnerability, executing on Admin Panel /admin/?action=question. Proof of Concept 1. Go to https://roy.demo.phpmyfaq.de/index.php?action=ask&categoryid=0 1. Fill ...

4.3CVSS6.4AI score0.0046EPSS
Exploits1References1
Huntr
Huntr
added 2023/04/02 3:24 a.m.17 views

Insufficient Session Expiration

Description User session are still vaild when users is deleted or password is changed Proof of Concept 1 user1 login in browser1 2 admin delete user1 in browser2 3 user1 can still do anyting...

6.4CVSS7.1AI score0.01162EPSS
Exploits0
Huntr
Huntr
added 2023/03/31 5:0 p.m.17 views

CSRF leading to delete Client API in API clients management

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete API key via client/delete/id Proof of Concept history.pushState'', '', '/'; document.forms0.submit;...

4.3CVSS7.1AI score0.00276EPSS
Exploits1
Huntr
Huntr
added 2023/03/08 9:15 p.m.17 views

XSS @ group

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Code: if $groupAction == 'addsave' && $user-perm-hasPermission$user-getUserId, 'addgroup' $user =...

5.8CVSS5.2AI score0.00601EPSS
Exploits1
Huntr
Huntr
added 2023/03/05 8:17 p.m.17 views

Server Side Template Injection

Description alf-event is vulnerable to Server Side Template Injection via angular Proof of Concept VIDEO: With an authenticated user, access the admin panel. Create a organization and then Go to users and create new user having username 77 in that organization Now login with this username and you...

5.8CVSS7.1AI score0.01089EPSS
Exploits1References2
Huntr
Huntr
added 2023/02/12 7:20 p.m.17 views

Stored XSS on Configuration Version

Description In a form version that appears to have no validation, it means that the website or application is not properly checking user inputs for malicious code before storing it in the database. This lack of validation allows an attacker to inject their own malicious script, which can then be...

4.9CVSS5.5AI score0.00615EPSS
Exploits1
Huntr
Huntr
added 2023/01/31 1:51 p.m.17 views

XSS in HTML-Tags

Description Cross site scripting vulnerability in pimcore/pimcore in HTML-Tags of "SEO & Settings" Proof of Concept 1. Login in stable account URL : https://demo.pimcore.fun/admin/?dc=1675166039&perspective= 2. Go to Home --- SEO & Settings 3. Enter Payload in HTML-Tags For More Understanding...

Exploits0
Huntr
Huntr
added 2023/01/30 2:58 p.m.17 views

Reflected XSS

Description Reflected Cross-Site Scripting XSS vulnerability in LibreNMS 22.12.0 - Fri Dec 30 2022 10:11:51 GMT+0100 allows attackers to execute arbitrary external javascript code in the browser affected from /ports/group parameter. 1. Login 2. Navigate PoC link Proof of Concept...

4.9CVSS6.3AI score0.66884EPSS
Exploits1
Huntr
Huntr
added 2023/01/17 8:4 a.m.17 views

SQL Injection in search function

Description In the search function \ \ \ \ With options recentplayed, user input is taken directly into the query without being included in the prepare statement \ \ \ Proof of Concept POST /ampache-5.5.6allphp7.4/public/search.php?type=song HTTP/1.1 Host: localhost:8888 User-Agent: Mozilla/5.0...

6.5CVSS8.4AI score0.00746EPSS
Exploits1
Huntr
Huntr
added 2023/01/08 6:15 p.m.17 views

Stored XSS in Add new question

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. steps 1-log in as an admin user first. 2-go to :...

4.9CVSS4.8AI score0.00541EPSS
Exploits0
Huntr
Huntr
added 2022/12/22 1:52 p.m.18 views

Username field are not unique to users allowing exploitation of primary key logic by creating same name with different combinations & unauthorized access

Description The username fields while creating a user Role is same which should not be the case, the username should be made unique. Proof of Concept 1. Login to Demo account at https://rdiffweb-demo.ikus-soft.com/login/ 2. Enter the username and password as admin: admin123 respectively. 3. visit...

5.8CVSS7AI score0.0113EPSS
Exploits1
Huntr
Huntr
added 2022/12/21 6:39 a.m.17 views

Cookie without Secure attribute

Description At the moment, memossession has the value false at secure flag. Proof of Concept 1. Access to web demo https://demo.usememos.com/ 2. Use browser's dev tool to check the cookie, we can see there is a memossession having value false at Secure...

4CVSS0.1AI score0.00376EPSS
Exploits1
Huntr
Huntr
added 2022/12/12 5:24 a.m.17 views

Html Injection in Activity

Description Html injection in Activity and just only need html payload in workflow and fire in Activity list Proof of Concept 1. navigate to dashboard and workflow settings 2. insert new workflow with this payload test 3. open the activity list POC:...

5.8CVSS6.6AI score0.0058EPSS
Exploits1
Huntr
Huntr
added 2022/11/23 4:51 p.m.17 views

Cross-site scripting

Description memos allow users to upload file and make it public to others. But if the file is html with below content, xss attack can happen. Proof of Concept // PoC.js alert"warning";...

4.9CVSS1.9AI score0.00704EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/03 8:8 a.m.17 views

SQL Injection inside instance name leads to Remote Code Execution

📜 Description SQL injection SQLi is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other...

0.3AI score
Exploits0References1
Total number of security vulnerabilities4072