Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
•added 2021/12/12 6:29 p.m.•17 views

Business Logic Errors in tsolucio/corebos

Description The application is vulnerable to Business Logic error through negative product amount. Proof of Concept Step 1: Login into the application https://demo.corebos.com/index.php?action=Login&module=Users Step 2: Navigate to Inventory - Product - Edit any product. Step 3: Now enter an amou...

0.1AI score
Exploits0
Huntr
Huntr
•added 2021/12/12 6:1 a.m.•17 views

Cross-site Scripting (XSS) - Stored in snipe/snipe-it

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.3CVSS0.00764EPSS
Exploits1
Huntr
Huntr
•added 2021/11/25 7:14 a.m.•17 views

in combodo/itop

Proof of Concept Bellow request is vulnerable to csrf attack history.pushState'', '', '/' document.forms0.submit;...

7AI score
Exploits0
Huntr
Huntr
•added 2021/11/23 12:59 p.m.•17 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Description CSRF in switching transactions link Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking users to switch transaction links...

4.3CVSS1.4AI score0.00429EPSS
Exploits1References1
Huntr
Huntr
•added 2021/11/08 7:29 p.m.•17 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

Description cross site request forgery vulnerability is present in delete functionality of doctor feature. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of delete the existing logs...

4.3CVSS2.1AI score0.00371EPSS
Exploits1References1
Huntr
Huntr
•added 2021/10/30 8:26 p.m.•17 views

Path Traversal in bookstackapp/bookstack

Description During reading recent BookStack source code 85dc8d I discovered path traversal vulnerability. Authenticated user can have access to all files stored in storage directory. Proof of Concept GET /uploads/images/..%2f/..%2f/logs/laravel.log HTTP/1.1 Host: 172.17.0.1:8888 User-Agent:...

4CVSS1.2AI score0.01202EPSS
Exploits1References1
Huntr
Huntr
•added 2021/10/23 2:50 p.m.•17 views

in firefly-iii/firefly-iii

Description Firefly 3 allows users to register OAuth clients. However, Firefly allows duplicate client names to be registered into the application. Hence, attackers from a different account assuming registration is enabled can register a client with duplicate client name and trick the user into...

0.8AI score
Exploits0
Huntr
Huntr
•added 2021/10/11 5:20 p.m.•17 views

Path Traversal in yuda-lyu/w-zip

Description w-zip is vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. Proof of Concept // PoC.js var wz = require'w-zip'; let fpUnzip = './testData/outputZip' let fpUnzipExtract = fpUnzip + '/extract' let fpZip1 = fpUnzip + '/zipslip.zip' async function checkzipslip //unzip...

7.5CVSS0.2AI score0.01623EPSS
Exploits1
Huntr
Huntr
•added 2021/10/01 5:0 a.m.•17 views

Improper Input Validation in filebrowser/filebrowser

Description File Browser is a web-interface that allows you to manage and navigate through your files in a web browser. One of its features is to allow a user to run specific shell commands in the server, these commands are specified by users with administrator privileges, with an allow list. Thi...

1.7AI score
Exploits0
Huntr
Huntr
•added 2021/09/30 7:57 a.m.•17 views

Static Code Injection in collectiveaccess/pawtucket2

Description This is with reference to another SSRF report I made https://huntr.dev/bounties/43505ece-7d5e-44b8-a7a3-69bd42d0ad02/ in which the fix was to filter external src from images. Pawtucket2 makes use of the same code as Providence to filter HTML, however it does not include the new fix...

0.2AI score
Exploits0References1
Huntr
Huntr
•added 2021/09/21 8:24 p.m.•17 views

Cross-site Scripting (XSS) - Reflected in sbrl/pepperminty-wiki

✍️ Description Stored XSS in action 🕵️‍♂️ Proof of Concept 1. Navigate to "index.php?action=alert1;&page=Main Page" 2. See XSS executed 💥 Impact With this vulnerability, You can run arbitrary java script on all users...

3.4AI score
Exploits0
Huntr
Huntr
•added 2021/09/20 6:33 a.m.•17 views

Inefficient Regular Expression Complexity in josdejong/jsoneditor

✍️ Description The jsoneditor package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted element as input to the getInnerText function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex...

5CVSS0.6AI score0.01372EPSS
Exploits1
Huntr
Huntr
•added 2021/09/12 8:39 a.m.•17 views

in bfabiszewski/libmobi

✍️ Description Overview This vulnerability is the use of out-of-range pointer offset, which lets attackers read memory information beyond the buffer size. Possibly, attackers can use this to do DOS Denial of Service attack or ALSR bypass by reading sensitive memory address information to all...

5.8CVSS0.4AI score0.012EPSS
Exploits1
Huntr
Huntr
•added 2021/09/10 7:9 p.m.•17 views

in getgrav/grav

✍️ Description Developers often set cookies to be accessible from the root context path "/". Doing so exposes the cookie to all web applications on the domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications can lead a vulnerability...

5CVSS1.9AI score0.02374EPSS
Exploits1
Huntr
Huntr
•added 2021/09/07 10:11 a.m.•17 views

Cross-site Scripting (XSS) - Reflected in andrewpaglusch/flashpaper

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.3AI score
Exploits0References1
Huntr
Huntr
•added 2021/09/07 1:13 a.m.•17 views

Cross-site Scripting (XSS) - Reflected in mailcow/mailcow-dockerized

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.2AI score
Exploits0References1
Huntr
Huntr
•added 2021/08/29 9:12 a.m.•17 views

in zmister2016/mrdoc

✍️ Description online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for RCE due to Yaml.load in import function 🕵️‍♂️ Proof of Concept Uploaded ZIp : Payload.yaml :...

6.8CVSS1.3AI score0.00824EPSS
Exploits1
Huntr
Huntr
•added 2021/08/25 1:9 p.m.•17 views

in froxlor/froxlor

✍️ Description The login form POST request can be hijacked so that the credentials will be sent to an external website, by modifying the login page URL. 🕵️‍♂️ Proof of Concept Change the login page URL to https://mydomain.com/index.php/evilsite.com Then the form action in the webpage will be...

0.5AI score
Exploits0References1
Huntr
Huntr
•added 2021/08/24 5:8 p.m.•17 views

Cross-site Scripting (XSS) - Stored in yourls/yourls

✍️ Description stored xss 🕵️‍♂️ Proof of Concept plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1MHQSKVczRNwDC8S6xKuedjMNcQw8YOz5/view?usp=sharing 💥 Impact Stored xss allow to executed arbitary javascript code...

3.5CVSS0.8AI score0.00721EPSS
Exploits1
Huntr
Huntr
•added 2021/08/21 10:15 a.m.•17 views

Sensitive Cookie Without 'HttpOnly' Flag in slackero/phpwcms

✍️ Description HTTPOnly attribute is not set for session cookies in the application. 🕵️‍♂️ Proof of Concept 💥 Impact When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session cookies that can...

0.6AI score
Exploits0References1
Huntr
Huntr
•added 2021/08/20 7:14 a.m.•17 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

✍️ Description Attacker able to set default currency with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

4.3CVSS1.4AI score0.00405EPSS
Exploits0
Huntr
Huntr
•added 2021/07/08 8:8 a.m.•17 views

Open Redirect in ionicabizau/parse-path

✍️ Description parse-path mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while parse-path sees it as a relative path. Which will lead to SSRF attacks, open redirects, o...

0.6AI score0.02483EPSS
Exploits2
Huntr
Huntr
•added 2021/05/22 7:20 p.m.•17 views

in dolibarr/dolibarr

đź’Ą BUG unprivileged user can upload file to a task associated with a project. đź’Ą IMPACT user who has read-only access to a project can add file to task associated with this project đź’Ą TESTED VERSION dolibarr 14.0.0-beta đź’Ą STEP TO REPRODUCE 1. First goto admin account and add user B as normal user ....

7.1AI score
Exploits0
Huntr
Huntr
•added 2021/05/18 8:58 a.m.•17 views

in cythron/gcp

✍️ Description Hard-Coded User Credentials are exposed in the docker file. 🕵️‍♂️ Proof of Concept https://github.com/cythron/gcp/blob/master/%23DockerfileL20 💥 Impact Attacker is capable of login using given credentials...

0.9AI score
Exploits0
Huntr
Huntr
•added 2021/04/18 11:2 p.m.•17 views

Improper Access Control in idno/known

✍️ Description A logged in user can edit 'Public' or 'Members only' status of other users 🕵️‍♂️ Proof of Concept 1. Create a 'Public' or 'Members only' status update with a first user 2. Login with a second user and go to the root page e.g. http://yoursite/known where you can see the status of the...

7.2AI score
Exploits0
Huntr
Huntr
•added 2021/04/17 1:49 p.m.•17 views

Prototype Pollution in ssnau/xkit

✍️ Description Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype. An attacker...

2AI score
Exploits0
Huntr
Huntr
•added 2021/03/27 3:9 p.m.•17 views

Cross-Site Request Forgery (CSRF) in thewawar/simple-http-server

✍️ Description The 'upload' feature in simple-http-server is vulnerable to cross-site request forgery, it doesn't authenticate the user and just uploads the files which are given to it. If upload feature is enabled, it can allow attackers to craft web pages and if victims interact with attackers'...

1.1AI score
Exploits0
Huntr
Huntr
•added 2021/02/23 12:0 a.m.•17 views

Code Injection in jeikeilim/kindle

Description Kindle is an easy model build package for PyTorch. Building a deep learning model became so simple that almost all model can be made by copy and paste from other existing model codes, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization atta...

2.2AI score
Exploits0References1
Huntr
Huntr
•added 2021/02/18 12:0 a.m.•17 views

Server-Side Request Forgery (SSRF) in sebhildebrandt/systeminformation

Description systeminformation package is vulnerable to Server-side request forgery. It allows attackers to abuse of @ to make requests to a different domain or possibility to applications that are not publicly exposed through http://[email protected]:8080. Proof of Concept javascript cons...

1.9AI score
Exploits0
Huntr
Huntr
•added 2021/02/13 12:0 a.m.•17 views

Prototype Pollution in allain/propper

Description Prototype Pollution in propper Proof of Concept 1. Create the following PoC file: // poc.js var propper = require"propper" var obj = console.log"Before : " + .polluted; propperobj,"proto.polluted","Yes! Its Polluted"; console.log"After : " + .polluted; 2. Execute the following command...

2.1AI score
Exploits0
Huntr
Huntr
•added 2021/01/10 12:0 a.m.•17 views

Prototype Pollution in babak-gholamzadeh/deeply-object-assign

Description deeply-object-assign is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var deeplyObjectAssign = require"deeply-object-assign" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " +...

2AI score
Exploits0
Huntr
Huntr
•added 2020/12/21 12:0 a.m.•17 views

Code Injection in ultralytics/yolov3

Description Arbitrary Code Excecution in ultralytics/yolov3. Yolov3 is a model from Ultralytics. Ultralytics is a U.S.-based particle physics and AI startup with over 6 years of expertise supporting government, academic and business clients. Ultralytics offer a wide range of vision AI services,...

0.3AI score
Exploits0References1
Huntr
Huntr
•added 2020/12/21 12:0 a.m.•17 views

in nvidia/runx

Description runx is a Deep Learning Experiment Management library by NVIDIA. This package was vulnerable to Arbitrary code execution via Insecure YAML deserialization due to the use of a known vulnerable function load in yaml. repo: https://github.com/NVIDIA/runx Proof of Concept python...

1.4AI score
Exploits0References1
Huntr
Huntr
•added 2020/11/03 12:0 a.m.•17 views

Cross-site Scripting (XSS) - Generic in frappe/charts

Description frappe-charts is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce 1. Open NPM repo https://www.npmjs.com/package/frappe-charts 2. Open the Explore demos https://frappe.io/charts 3. At the bottom find the sandbox Ref:...

0.5AI score
Exploits0References2
Huntr
Huntr
•added 2020/10/22 12:0 a.m.•17 views

Prototype Pollution in sonnyp/json8

Description json8-pointer is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var json8Pointer = require"json8-pointer"...

2.1AI score
Exploits0
Huntr
Huntr
•added 2020/08/17 12:0 a.m.•17 views

in spunjs/selenium-binaries

Overview selenium-binaries assists downloading Selenium related binaries for your OS, this package is vulnerable to Man in the Middle MitM attacks due to downloading resources over an insecure protocol...

9.3CVSS4.2AI score0.01752EPSS
Exploits0
Huntr
Huntr
•added 2020/05/08 12:0 a.m.•17 views

Command Injection in thebeet/idevicekit

Overview Affected versions execute arbitrary commands remotely inside the victim's PC. The issue occurs because user input is formatted inside a command that will be executed without any checks. There is a possible bypass of the checkSerial function leading to malicious serial variable content...

6.7AI score
Exploits0References1
Huntr
Huntr
•added 2026/02/25 9:10 a.m.•16 views

Path Traversal via Incorrect startswith() Root Directory Check in jupyter-server Allows Access to Sibling Directories

This report is not public...

8.1CVSS6.7AI score0.00437EPSS
Exploits1
Huntr
Huntr
•added 2026/01/13 3:32 a.m.•16 views

Integer Overflow lead to DOS in handling Accept-Encoding header in API /v2/models/<model-name>/generate

This report is not public...

5.8AI score
Exploits0
Huntr
Huntr
•added 2025/12/23 7:16 a.m.•16 views

Command Injection via Malicious Model Artifacts

A command injection vulnerability exists in MLflow's model serving container initialization code. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and directly interpolates them into a shell command without...

10CVSS6.3AI score0.01994EPSS
Exploits1
Huntr
Huntr
•added 2025/12/05 8:47 p.m.•16 views

Arbitrary Code Execution in NLTK StanfordSegmenter via untrusted JAR loading

This report is not public...

10CVSS5.9AI score0.00809EPSS
Exploits3
Huntr
Huntr
•added 2025/11/13 5:44 p.m.•16 views

Zip Slip Vulnerability in NLTK Downloader Leading to Remote Code Execution

This report is not public...

10CVSS5.5AI score0.0079EPSS
Exploits1
Huntr
Huntr
•added 2024/12/03 10:12 a.m.•16 views

Regular expression Denial of Service - ReDoS

Description A Regular Expression Denial of Service ReDoS vulnerability identified in the Transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issue...

7.5CVSS6.2AI score0.00684EPSS
Exploits0
Huntr
Huntr
•added 2023/09/12 2:53 a.m.•16 views

SQL Injection Vulnerability in Content Page

In menu Content page, there is a SQL Injection Vulnerability at Filter function. To exploit this vulnerability, attacker injection query into filter field. Proof of Concept 1. Login with admin 2. Go to "http://127.0.0.1/icms2/admin/content/5". In this case, the number 5 is content's id Can be...

5.8CVSS8.1AI score0.00737EPSS
Exploits1
Huntr
Huntr
•added 2023/09/11 9:54 a.m.•16 views

Stored xss using journal-name

BUG ======== Stored xss using journal-name ACCOUNT ========== 1. user-A -- superadmin -- Victim -- Firefox browser Normal mode\ 2. user-B -- journal manager -- Attacker -- Firefox browser Container-1\ STEP TO RERPODUCE ====================== 1. From user-A account create a journal called...

7.5AI score0.00404EPSS
Exploits1
Huntr
Huntr
•added 2023/09/07 12:53 p.m.•16 views

Relative Path Traversal vulnerability in the serve command

Description When a Cecil site is served by cecil serve, Relative Path Traversal is possible via the URI path. Proof of Concept Run the following commands: mkdir cecil-path-traversal-poc cd cecil-path-traversal-poc curl -L https://cecil.app/cecil.phar -o cecil chmod +x cecil ./cecil new:site -n...

5CVSS6.9AI score0.00731EPSS
Exploits1
Huntr
Huntr
•added 2023/08/14 1:51 p.m.•16 views

Password Plaintext Storage

The application stored a password in a database in plaintext format. Storing user passwords in a database in plaintext is a security vulnerability that can have serious consequences. If an attacker is able to gain access to the database, they will be able to see all of the user passwords in plain...

7AI score
Exploits0References1
Huntr
Huntr
•added 2023/08/14 11:2 a.m.•16 views

Stored XSS via user's Username

Description The application allows creating users with Username containing Malicious HTML/Javascript that can be executed in the users’ privileged context during the user editing process or visiting a phishing link. Proof of Concept Step 1: A privileged user creates a normal user account with...

6.3AI score
Exploits0References1
Huntr
Huntr
•added 2023/08/14 8:15 a.m.•16 views

Authentication cookie is not renewed after successfully login

Description ICMS62EC2566CC4B5 cookie is still same after log in. The value is not changed or renewed. Detail: 1/ Access to the web demo and user browser's dev tool to check the cookie. 2/ Observe the value of ICMS62EC2566CC4B5 cookie, try to log in and it is still the same. Proof of Concept Link...

5.5CVSS6.9AI score0.00368EPSS
Exploits1
Huntr
Huntr
•added 2023/06/30 10:50 a.m.•16 views

CSV Injection while export users

1 admin add a client, or a client signup. 2 the client logins and edit himeself 3 the client change his COMPANY as "=1+cmd|'/C calc'!A0" 4 admin go to export the client as a csv file 5 admin open the csv and we can see that the calculator is opened. see...

6CVSS6.8AI score0.00526EPSS
Exploits0
Total number of security vulnerabilities4072