Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/09/20 8:24 a.m.17 views

Reflected XSS via rp4wp_parent

Description The rp4wpparent value is echoed without encoding, leading to reflected XSS. Proof of Concept Install wordpress, install the "Related Posts for WordPress" plugin, then visit the following URL, where localhost is the server hosting the app:...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/09/09 7:39 a.m.17 views

Error page is default and leak error information

Description Information is leak in error page and this can support for other vulnerabilities. Proof of Concept Whenever trying to input anything meaningless after the link https://rdiffweb-demo.ikus-soft.com/ the error page will appear. Example: https://rdiffweb-demo.ikus-soft.com/...

5CVSS0.2AI score0.00684EPSS
Exploits1
Huntr
Huntr
added 2022/09/09 6:57 a.m.17 views

Session_id without Secure attribute

Description User's session id with secure attribute is false. This vulnerability makes user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Proof of Concept Open the browser and access to the website, in this scenario I use the demo website. Check the cooki...

5CVSS1AI score0.00556EPSS
Exploits1
Huntr
Huntr
added 2022/08/28 12:54 p.m.17 views

Account Takeover

Description hacker can invite any user to team and with the bug i report it before can accept the invitation ..... hacker can add user in group to give them new permission in team...... when hacker visit the team can see private info for victim as and the hash password many token and more...

5CVSS0.7AI score0.0078EPSS
Exploits1
Huntr
Huntr
added 2022/08/23 12:59 p.m.17 views

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality of the Nakama Console for valid and invalid email addresses or usernames. Proof of Concept 1. Login to the Nakama Console as admin and create a User [email protected] 2. Logout 3. Attempt a Login with an incorrect passwor...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2022/08/18 12:4 p.m.17 views

Cross Site Scripting (reflected) on fee_sheet_ajax.php

Description When testing the app for XSS we found out that the feesheetajax.php endpoint is actually vulnerable to an XSS exploit. PoC 1. visit https:///interface/forms/feesheet/review/feesheetajax.php?task=retrieve&mode=encounters&prevencounter=%3Cimg%20src%3da%20onerror%3dalertdocument.cookie%3...

5.8CVSS0.5AI score0.00651EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/16 8:12 a.m.17 views

Insufficient Session Expiration

Description Insufficient Session Expiration is when a website permits an attacker to reuse old session credentials or session IDs for authorization. Proof of Concept Steps to reproduce 1- Login into http://127.0.0.1:5000/login/ OctoPrint. 2- Open browser in the incognito tab or open another brows...

3.2CVSS0.3AI score0.00284EPSS
Exploits1References1
Huntr
Huntr
added 2022/07/03 4:13 a.m.17 views

Documents in trash accessible by Viewer role

Description Once a document is archived or deletec, there is no way to access it through the UI or the Document link. But, the API gives the file information and content. This is same with archived files. Proof of Concept 1. Give a user Viewer role. 2. Visit https://your.getoutline.com/trash or...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/07/02 4:28 p.m.17 views

Cross-site scripting - Stored via upload ".xlr" file

Description In file upload function, the server allow upload .xlr file with contain some javascript code lead to XSS. Proof of Concept REQUEST POST /demo/plupload HTTP/1.1 Host: demo.microweber.org Cookie: laravelsession=r768Tqzv8h0fkjgvKdofhxgmjcorT6pwuqMKJkIb;...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2022/06/13 10:45 a.m.17 views

Allows large characters in change password filling

Description The titra application allows large characters to insert in the input field "password" at password change feature which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1. Login and go to profile or https://app.titra.io/profile 2. Using...

1.5AI score
Exploits0References2
Huntr
Huntr
added 2022/06/13 10:36 a.m.17 views

Allows large characters in password filling

Description The titra application allows large characters to insert in the input field "password" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1. Register a new account or go to https://app.titra.io/join?email= 2. Fill a normal email, fil...

2.5AI score
Exploits0References2
Huntr
Huntr
added 2022/06/12 2:22 a.m.17 views

A stored XSS in dolibarr/htdocs/admin/accountant.php

Description I found a stored XSS in the admin/accountant.php, the field town, name, Accountant code can escape the double quote. In the path 'dolibarr/htdocs/main.inc.php' has a WAF, we can not inject any the javascript onxxx event. However, in the path...

3.5CVSS5.6AI score0.00863EPSS
Exploits1
Huntr
Huntr
added 2022/06/07 4:26 p.m.17 views

chafa <= 4bac1466 is vulnerable to an out of bounds read vulnerability.

chafa = 4bac1466 is vulnerable to an out of bounds read vulnerability. Building Build chafa with ASANaddress sanitizer sh $ git rev-parse HEAD 4bac14668535c09f6f47552bbd1566097dab4bf8 $ export CFLAGS="-g -O0 -fsanitize=address"; export CXXFLAGS="-g -O0 -fsanitize=address"; export CC=$which...

2.1CVSS3.6AI score0.0042EPSS
Exploits1
Huntr
Huntr
added 2022/05/31 4:17 a.m.17 views

Cross-site Scripting (XSS) - Stored

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. Proof of Concept 1.Access demo website https://demo.syspass.org and login with an account. 2.Create new account, in URL/IP field - input https://google.com"...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/05/26 4:55 p.m.17 views

Server-Side Request Forgery via upload image gallery

Description Upload image to gallery, the server use filegetcontents function to load image via data scheme url, so attacker can modify this url to any URL like http to send ability request to any URL , and file to read local file, ... Proof of Concept POST /index.php?q=/api/leadmall/gallery...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2022/05/12 11:40 a.m.17 views

Able to create an user with a long password as well as long username

Issue Description: Any admin may able to create and allocate user the credentials but when admin creates a user account where as the fields with the first name , last name and password has no defined length limit where as this scenario causes the application level DOS to the snipe-it What's the...

7AI score
Exploits0
Huntr
Huntr
added 2022/05/05 6:47 p.m.17 views

RCE due to a dependency confusion

Description Hi team, I hope you are well. I found a dependency confusion vulnerability in this repo. When I analyzed your repo, I found a Makefile which install a dependency : https://github.com/bits-and-blooms/bloom/blob/25ba46ef8744ddeba999dcd048dbb8b0fa87edb3/MakefileL188 go get...

4.4CVSS7.3AI score0.00403EPSS
Exploits1References4
Huntr
Huntr
added 2022/04/27 7:52 a.m.17 views

Refelect XSS in facturascripts

Description facturascripts is vulnerable to XSS in fsNick parameter Proof of Concept save this code as poc.html history.pushState'', '', '/' document.forms0.submit; open file with your browser - xss trigger...

4.3CVSS2.5AI score0.00907EPSS
Exploits1
Huntr
Huntr
added 2022/04/23 8:31 p.m.17 views

Mass Assignment Leading to (Limited) Password Confirmation Bypasses at UsersController

Description Hello there! Hope you are having an amazing day! 🤗 Just found out, while testing one of diaspora\ open servers, that the /user/edit endpoint has a limited case of "mass assignment", which enables an authenticated user to change their password and disable 2FA or change its secret witho...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/04/12 7:7 a.m.17 views

Stored xss bug

Description stored xss bug Proof of Concept create a public repo and create a issue .\ now in issue upload a html file with xss payload inside.\ When any user view the repo and click the attachment link then xss is executed .\ you can upload...

3.5CVSS5.6AI score0.00687EPSS
Exploits1
Huntr
Huntr
added 2022/04/11 3:24 p.m.17 views

Stored Cross Site Scripting vulnerability in Item name parameter

Description Stored cross site scripting vulnerability on Item name parameter in Assest module. Add payload in item name and whenever the user add the item in his requested assest . The alert will trigger. Proof of Concept 1. Login to the demo account 2. Go to Asset functionality , add or edit an...

3.5CVSS1.2AI score0.00834EPSS
Exploits1
Huntr
Huntr
added 2022/04/05 11:10 p.m.17 views

XSS affecting "Logs" Page

Description A review of organizr's logging system found it is possible for an unauthenticated threat actor to inject arbitrary JavaScript into the "Logs" page found within the administrator dashboard. In a default installation organizr is set to log failed login attempts. In these attempts, the...

7.3AI score
Exploits0
Huntr
Huntr
added 2022/03/30 8:19 p.m.17 views

Use-After-Free in str_escape in mruby/mruby

Affected commit: 60cf382ff9765e36b21143d79688a3e758b66fd4 Proof of Concept ruby= v11 = '1111111111111111111111111111' v17 = 1=1, 2 = 'b' , '3' = 1 v20 = 1,2,3,4,5,6,7,8,9,10,11,12,13,14.findall do 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17.sortby do Hash.initialize|| .instanceexec do end "".chop d...

7.5CVSS9.5AI score0.0168EPSS
Exploits1
Huntr
Huntr
added 2022/03/18 8:23 a.m.17 views

Use After Free in op_is_set_bp

Description Heap use after free in opissetbp function. ASAN report: ================================================================= ==2367298==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060000481a0 at pc 0x7f580c10da41 bp 0x7ffd53a17ed0 sp 0x7ffd53a17ec0 READ of size 8 at...

6.8CVSS7.6AI score0.00978EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/06 10:22 a.m.17 views

Improper Authorization

Description When Gitea is build and configured for PAM authentification it skips checking authorization completely. Therefore expired accounts and accounts with expired passwords can still login. Proof of Concept You can expire an account with chage -E0 and still login. Impact Since disabling an...

5.5CVSS2.3AI score0.00833EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/02 11:30 p.m.17 views

Server-Side Request Forgery (SSRF)

Description youtube-downloader takes an URL from the url query parameter, passes it directly to curl and streams the response to the browser. This makes it vulnerable to an SSRF attack if someone passes an URL containing an internal hostname, as it will stream internal resources to the browser...

1AI score
Exploits0
Huntr
Huntr
added 2022/02/22 12:50 p.m.17 views

Business Logic Errors

Description In Dolibarr v14.0.5, any low privileged users could update their login name which should only be updated by admin. Proof of Concept POST /dolibarr/user/card.php?id=2 HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:97.0 Gecko/20100101 Firefox/97.0...

4CVSS4.6AI score0.00868EPSS
Exploits1
Huntr
Huntr
added 2022/02/18 4:4 p.m.17 views

Business Logic Errors

Description I found a IDOR vulnerability where we can able to delete their product in the cart by the id parameter Steps to Produce: First add any product in to the cart and checkout In the checkout page , we can see the cart details and we have functionality to delete the product also I gave the...

4CVSS0.00911EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 10:37 p.m.17 views

Cross-site Scripting (XSS) - Stored in helloxz/onenav

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.1AI score
Exploits0
Huntr
Huntr
added 2022/02/13 8:11 a.m.17 views

Open Redirect in microweber/microweber

Description An Open Redirect vulnerability enables attacker to redirect the victims/users to malicious websites. The bug exists due to improper fix of https://huntr.dev/bounties/c9d586e7-0fa1-47ab-a2b3-b890e8dc9b25/. By adding an extra slash / the previous fix can be bypassed. Proof of Concept...

5.8CVSS0.6AI score0.03019EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/03 9:35 p.m.17 views

Exposure of Sensitive Information to an Unauthorized Actor in transloadit/uppy

Description First thanks to my friend Haxatron for this awsome report I review the @uppy/companion code from the source to the sink, and I figure out a significant issue that makes any SSRF protection Effectless. I put myself as a Developer and started to read the companion document, and then I s...

5CVSS6.8AI score0.00963EPSS
Exploits1
Huntr
Huntr
added 2022/02/03 12:31 p.m.17 views

Business Logic Errors in publify/publify

Description It was found that if a user tries to create an article, and want to make that article private, the functionality is not working. Proof of Concept 1. Create an article 2. Click on publish and you will see the option to visibility to make it private, but functionality is not designed...

5CVSS1.8AI score0.01567EPSS
Exploits1
Huntr
Huntr
added 2022/01/24 11:41 a.m.17 views

Improper Authorization in liukuo362573/yishaadmin

Description When downloading files using the /admin/File/DownloadFile?filePath= URI, you're able to download any file you want, as long as you know the path of the file, even as an unauthenticated user. This means that an unauthenticated user could download the /etc/passwd/ file or any file that...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/01/24 3:41 a.m.17 views

Improper Privilege Management in liukuo362573/yishaadmin

Description Hi there, there is another improper privilege management in /admin/OrganizationManage/Position/GetFormJson Proof of Concept 1. Access the link http://106.14.124.170:80/admin/OrganizationManage/Position/GetFormJson?id=16508640061130139 2. See that the page return with position data...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/01/17 3:3 a.m.17 views

Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web

Description There is a reflected XSS vulnerability on the site calibre-web. Proof of Concept 1. go to the calibre e-book management 2. create a new book give the title name 3. and give the title sort name 4. save and go to the website 5.go to Author 6.press one of the books 7. then right click an...

4.3CVSS1.1AI score0.00853EPSS
Exploits1
Huntr
Huntr
added 2022/01/14 5:43 p.m.17 views

in mruby/mruby

Description There is a NULL Pointer Dereference in preparesingletonclass src/class.c:360:13. This bug has been found on mruby lastest commit hash 171d32c0071d776207174a40a8fa26def3dbb931 on Ubuntu 20.04 for x8664/amd64. Proof of Concept 1.timesb= a=0 0,m:0 c=0=0,nil=nil0 def mend def c.eend Steps...

5CVSS1AI score0.00963EPSS
Exploits1
Huntr
Huntr
added 2022/01/14 12:7 p.m.17 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description A CSRF issue is found in the SettingsLive help configurationCanned Messages. It was found that no CSRF token validation is getting done as no CSRF token is getting passed with the request. Also while generating statistics, the action is done through GET method with no CSRF token. Two...

4.3CVSS4.7AI score0.00439EPSS
Exploits1
Huntr
Huntr
added 2022/01/10 2:34 p.m.17 views

Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite

Description Hello phoronix test suite maintainer team, there is a Cross site request forgery vulnerability in phoronix test suite. Proof of Concept 1. Install phoronix test suite on your system 2. Create a test suite 3. Open another tab in browser and go to the link /?localsuites/delete/-1.0.0, f...

6.8CVSS0.3AI score0.00736EPSS
Exploits1
Huntr
Huntr
added 2022/01/06 1:16 a.m.17 views

Improper Access Control in snipe/snipe-it

Description All bulk actions bulk-edit / bulk-delete / form info in asset models do not have access control checks Proof of concept 1: Grant view to Asset Models 2: UI for bulk-edit and bulk-delete is still enabled, proceed. 3: You may bulk-delete / edit any asset model Impact This vulnerability ...

4.9CVSS2.1AI score0.00639EPSS
Exploits1
Huntr
Huntr
added 2022/01/05 1:28 p.m.17 views

Path Traversal in konloch/bytecode-viewer

Description the.bytecode.club:Bytecode-Viewer is a lightweight user-friendly Java/Android Bytecode Viewer, Decompiler & More. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". The vulnerability is exploited using a specially crafted...

6.8CVSS1.6AI score0.02544EPSS
Exploits0
Huntr
Huntr
added 2021/12/31 9:36 a.m.17 views

Improper Access Control in chocobozzz/peertube

Description Unauthenticated users can obtain the caption of private videos Proof of Concept 1: First, create a private video and upload a caption 2: As an unauthenticated user, logout and visit the /api/v1/videos/1/captions 3: The response should return a lazy-static URL...

5CVSS2.3AI score0.01213EPSS
Exploits1
Huntr
Huntr
added 2021/12/30 1:0 p.m.17 views

Server-Side Request Forgery (SSRF) in rodber/chevereto-free

Description There was some hardening done previously against private IP addresses in the SSRF vulnerability I disclosed in the previous report https://github.com/rodber/chevereto-free/. However the checks can be bypassed by URL redirection. Proof of Concept If http://example.com resolves to a...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/12/12 6:29 p.m.17 views

Business Logic Errors in tsolucio/corebos

Description The application is vulnerable to Business Logic error through negative product amount. Proof of Concept Step 1: Login into the application https://demo.corebos.com/index.php?action=Login&module=Users Step 2: Navigate to Inventory - Product - Edit any product. Step 3: Now enter an amou...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/12/12 6:1 a.m.17 views

Cross-site Scripting (XSS) - Stored in snipe/snipe-it

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.3CVSS0.00764EPSS
Exploits1
Huntr
Huntr
added 2021/11/25 7:14 a.m.17 views

in combodo/itop

Proof of Concept Bellow request is vulnerable to csrf attack history.pushState'', '', '/' document.forms0.submit;...

7AI score
Exploits0
Huntr
Huntr
added 2021/11/23 12:59 p.m.17 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Description CSRF in switching transactions link Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking users to switch transaction links...

4.3CVSS1.4AI score0.00429EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/08 7:29 p.m.17 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

Description cross site request forgery vulnerability is present in delete functionality of doctor feature. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of delete the existing logs...

4.3CVSS2.1AI score0.00371EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/30 8:26 p.m.17 views

Path Traversal in bookstackapp/bookstack

Description During reading recent BookStack source code 85dc8d I discovered path traversal vulnerability. Authenticated user can have access to all files stored in storage directory. Proof of Concept GET /uploads/images/..%2f/..%2f/logs/laravel.log HTTP/1.1 Host: 172.17.0.1:8888 User-Agent:...

4CVSS1.2AI score0.01202EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/27 6:18 a.m.17 views

Cross-Site Request Forgery (CSRF) in area17/twill

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

4.3CVSS0.2AI score0.00393EPSS
Exploits1
Huntr
Huntr
added 2021/10/23 2:50 p.m.17 views

in firefly-iii/firefly-iii

Description Firefly 3 allows users to register OAuth clients. However, Firefly allows duplicate client names to be registered into the application. Hence, attackers from a different account assuming registration is enabled can register a client with duplicate client name and trick the user into...

0.8AI score
Exploits0
Total number of security vulnerabilities4072