Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/02/14 2:28 p.m.16 views

stored XSS in the Category Field Name

Hello, After all XSS Mitigations, I detected a XSS Bypass Possibility in the Naming of the category. Let's see : ----------------- A stored XSS through this Payload Thank you for watching :...

4.9CVSS5.2AI score0.00476EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/12 7:20 p.m.16 views

Stored XSS on Configuration Version

Description In a form version that appears to have no validation, it means that the website or application is not properly checking user inputs for malicious code before storing it in the database. This lack of validation allows an attacker to inject their own malicious script, which can then be...

4.9CVSS5.5AI score0.00615EPSS
Exploits1
Huntr
Huntr
added 2023/02/08 1:25 p.m.16 views

Complex xss to bypass protection

Description 1.First we login as a normal user, and then comment under a question, the content of the comment is 2.Then we login as an administrator user. And find the comment we just submitted, the administrator can click the edit button.Then the administrator Click "Save edits" without any...

4.9CVSS5.6AI score0.0044EPSS
Exploits1
Huntr
Huntr
added 2023/02/08 12:21 p.m.16 views

Privilege Escalation in the Cockpit CMS

Description Hi, during my analyses I realized that it is possible to perform a privilege escalation by intercepting the request and changing the roles from "user" to "admin" becoming the application's administrator. Proof of Concept poc:...

6.5CVSS8.6AI score0.00344EPSS
Exploits1
Huntr
Huntr
added 2023/01/30 9:58 a.m.16 views

Session Fixation in https://demo.froxlor.org/

Description The session ID not rotating even after relogin POC 1. Change the PHPSESSID=newsessionchanged and then login 2. Use the same session into new browser and as you can see logged into the account 3. you can try logout and login again the PHPSESSID doesn't change. Video POC:...

5.5CVSS7AI score0.00431EPSS
Exploits1References2
Huntr
Huntr
added 2023/01/24 3:6 a.m.16 views

Improper Restriction of Rendered UI Layers or Frames

Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept http://localhost:8000/admin/ Response headers http HTTP/1.1 200 OK Server: gunicorn Date: Tue, 24 Jan 202...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/12/20 3:27 p.m.16 views

No notification triggered on sensitive actions like adding SSH key

Description Adding SSH key is a sensitive action . As the application triggers a notification on all sensitive actions like email change/password reset , SSH key is also an important security feature to be notified about Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/sshkeys 2 ...

7.5CVSS0.5AI score0.00967EPSS
Exploits1
Huntr
Huntr
added 2022/11/03 8:0 p.m.16 views

XSS Stored inside Standard Interface Help Link href attribute

📜 Description Cross-site scripting XSS is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. The persistent or stored XSS vulnerability is a more devastating variant of a...

Exploits0References1
Huntr
Huntr
added 2022/10/06 4:37 p.m.16 views

Improper Name Validation in Upload Document Form

Description The name of any uploaded document can be manipulated using the destination parameter, to include new line characters in its name, breaking the execution of JS code in "New Documents" section from "Miscellaneous" menu, that will be blank until the document is removed from DB. Proof of...

5CVSS0.1AI score0.00862EPSS
Exploits1
Huntr
Huntr
added 2022/09/29 7:0 p.m.16 views

Session does not expire on password reset

Description On changing password both session using which user changes password and old sessions in any other browser or device does not expire and remains active Proof of Concept 1.Go to https://rdiffweb-dev.ikus-soft.com/login/ and login into same account using browser A and B 2.From Browser B...

7.5CVSS7.8AI score0.00876EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/20 8:24 a.m.16 views

Reflected XSS via rp4wp_parent

Description The rp4wpparent value is echoed without encoding, leading to reflected XSS. Proof of Concept Install wordpress, install the "Related Posts for WordPress" plugin, then visit the following URL, where localhost is the server hosting the app:...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/09/04 1:17 p.m.16 views

Multiple user accounts via same email and username

Description Nakama console does not validate uppercase/lowercase letters when creating a new user. This can be abused to create multiple user accounts with same email and username. Proof of Concept HTTP Request 1 request POST /v2/console/user HTTP/1.1 Host: 192.168.1.16:7351 Authorization: Bearer...

7AI score
Exploits0
Huntr
Huntr
added 2022/08/26 5:8 p.m.16 views

Improper Input Validation

Description At the team updatehttps://ripob47346.getoutline.com/api/team.update and user updatehttps://ripob47346.getoutline.com/api/users.update functions, avatarUrl was not verified as a correct url. The user can enter arbitrary values. Proof of Concept /api/team.update /api/users.update Result...

1.1AI score
Exploits0
Huntr
Huntr
added 2022/08/23 12:59 p.m.16 views

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality of the Nakama Console for valid and invalid email addresses or usernames. Proof of Concept 1. Login to the Nakama Console as admin and create a User [email protected] 2. Logout 3. Attempt a Login with an incorrect passwor...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2022/08/11 6:46 a.m.16 views

cross site scripting - reflected

The reflected XSS vulnerability occurs to a flaw in the cleanxsstags function called in new.php of Gnuboard 5. 1. Open the https://sir.kr/bbs/new.php?darkmode=%22%3E%3Cscript%3Ealertdocument.domain%3C/script%3E 2. payload executing...

1.1AI score
Exploits0References1
Huntr
Huntr
added 2022/08/04 1:30 a.m.16 views

Cross-Site Request Forgery

Description The administrative /api/users registration endpoint is vulnerable to an Cross-Site Request Forgery attack due the lack of any kind of anti-CSRF token verification. Proof of Concept 1. 1 - An authenticated administrator visits an attacker-controllable website, in this case the PoC file...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/07/28 5:56 p.m.16 views

No password brute-force protection on login page

Description The login page doesn't have any protection against a brute-force password attack, which allows an attacker to try every possible combination without any restriction. Proof of Concept 1. 1 - Send a login request of the target user POST /api/auth/token HTTP/1.1 Host: localhost:9091...

1.3AI score
Exploits0
Huntr
Huntr
added 2022/07/15 3:17 a.m.16 views

Cross-site Scripting (XSS)

Description ihatemoney is vulnerable to Cross-Site Scripting XSS when inviting people via email. Steps to reproduce 1.Go to https://ihatemoney.org/ and try out the demo. 2.In the bottom left, click on Invite people. 3.In the Send via Emails section, input the payload: into the People to notify...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/07/09 7:40 p.m.16 views

Weak Password Change Mechanism

Description When setting a new user password it does not require knowledge of the original password Current password not required Proof of Concept 1. Log in as a regular user 2. Navigate: https://book.dansmonorage.blue/preferences/password 3. Enter any password string...

7.2AI score
Exploits0References2
Huntr
Huntr
added 2022/07/01 4:47 a.m.16 views

Uncontrolled Memory Allocation in function lodepng_realloc

Description Uncontrolled Memory Allocation in function lodepngrealloc at lodepng/lodepng.c:86 Version git log commit 06bb36ae2c9b9074e9736a2e25845a2e789cc4e6 HEAD - master, origin/master, origin/HEAD Author: Hans Petter Jansson Date: Fri Jul 1 01:06:00 2022 +0200 POC ./tools/chafa/chafa...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/06/27 12:33 p.m.16 views

Threaded Race Condition in Authentication Allows Bypass of Authentication Attempt Restrictions

Description A threaded race condition exists in how the application handles authentication attempts in the application. The application recognizes and protects against single-threaded attempts with a five-attempt lockout function. By increasing threads in an authentication brute force attack it i...

7.5CVSS0.4AI score0.00747EPSS
Exploits0References1
Huntr
Huntr
added 2022/06/22 2:50 a.m.16 views

Zammad's Misconfigured Rack_Attack.rb Does Not Appropriately Protect Against Brute Force Attacks

Description Zammad relies on the rackattack.rb file to defend the application against various brute force attacks, including forgotten password requests, ticket submissions, etc. The currently utilized RackAttack.rb file's configuration attempts to prevent password reset requests per IP to 3 per...

5CVSS0.1AI score0.00733EPSS
Exploits0References1
Huntr
Huntr
added 2022/06/20 7:20 a.m.16 views

NDIS Packet Buffer Overflow Due To Allocation/Copy Inconsistencies

Description Reading driver source code is a challenge because despite things appearing to be a vulnerability, there might be a single overlooked comment in MSDN's documentation for an obscure function that ensures that something isn't a vulnerability - in light of this challenge, I'm going to wal...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/06/17 4:39 p.m.16 views

Privilege Escalation via edit response body

Description Recently, i found a business logic vulnerabity and this vulnerability allow reader user perform privilege escalation on allaccess user. Because before user perform any function, client-side will perform OPTIONS request to view user permission with specify function via response body. I...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/06/13 10:45 a.m.16 views

Allows large characters in change password filling

Description The titra application allows large characters to insert in the input field "password" at password change feature which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1. Login and go to profile or https://app.titra.io/profile 2. Using...

1.5AI score
Exploits0References2
Huntr
Huntr
added 2022/06/10 3:13 p.m.16 views

Sensitive header uncleared on same-host, cross-port redirect

Description Sensitive headers are uncleared on cross-port redirect Proof of Concept poc.php 'http://10.0.2.4', ;...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/06/08 3:34 a.m.16 views

Reflected XSS in Results tab

Description Please enter a description of the vulnerability. Proof of Concept 1. Install a local instance of phoronix 2. Run a benchmark 3. When the test is complete, for example the result id is xxxxx 4. Acess...

7AI score
Exploits0
Huntr
Huntr
added 2022/06/07 4:26 p.m.16 views

chafa <= 4bac1466 is vulnerable to an out of bounds read vulnerability.

chafa = 4bac1466 is vulnerable to an out of bounds read vulnerability. Building Build chafa with ASANaddress sanitizer sh $ git rev-parse HEAD 4bac14668535c09f6f47552bbd1566097dab4bf8 $ export CFLAGS="-g -O0 -fsanitize=address"; export CXXFLAGS="-g -O0 -fsanitize=address"; export CC=$which...

2.1CVSS3.6AI score0.0042EPSS
Exploits1
Huntr
Huntr
added 2022/06/05 10:24 a.m.16 views

buffer size confusion

Description an attempt to write 2000 into a buffer of 10 bytes, while SSLread does not add a zero at the end. Proof of Concept cpp define BUFFSIZE 2000 ... char buf10; SSLreadssl,buf,BUFFSIZE; int virtualIP = atoibuf;...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/05/12 11:40 a.m.16 views

Able to create an user with a long password as well as long username

Issue Description: Any admin may able to create and allocate user the credentials but when admin creates a user account where as the fields with the first name , last name and password has no defined length limit where as this scenario causes the application level DOS to the snipe-it What's the...

7AI score
Exploits0
Huntr
Huntr
added 2022/05/05 6:46 p.m.16 views

RCE due to a dependency confusion

Description Hi team, I hope you are well. I found a dependency confusion vulnerability in this repo. When I analyzed your repo, I found a Makefile which install a dependency : https://github.com/openziti/ziti/blob/271614d50df5535cf99ad0882649ae0ef7bb88a2/ziti/MakefileL155 go get...

7AI score
Exploits0References4
Huntr
Huntr
added 2022/05/05 9:7 a.m.16 views

Cross-site Scripting (XSS) in create space function

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept 1.Login as normal user. 2.Access subdomain /space/create/create. 3.Input name, color, description,...

5.7AI score
Exploits0
Huntr
Huntr
added 2022/05/03 2:25 p.m.16 views

Server-Side Request Forgery in scout

Description Server-Side Request Forgery in remotecors Proof of Concept GET /remote/cors/http://:8888 HTTP/1.1 Host: localhost:8000 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:100.0 Gecko/20100101 Firefox/100.0 Accept:...

6.4CVSS0.5AI score0.01095EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/29 3:19 a.m.16 views

Cross-site Scripting (XSS) in Error Page

Description The is an XSS could be trigger via error page through invalid file name. Proof of Concept 1.Login as Admin. 2.Upload new file with name .svg 3.Save - Fatal Error Page show up and the xss will be trigger...

1.8AI score
Exploits0References1
Huntr
Huntr
added 2022/04/25 2:52 a.m.16 views

Stored XSS via Scan Engine Name

Description Scan Engine name is displayed in different places without validation Proof of Concept 1. Add a scan engine with name: 2. Scan a target, Create scheduled tasks 3. Go to https://127.0.0.1/scan/history/scan Note: Try on a private browser if it doesn't execute on the first. I am not sure...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/04/12 4:12 p.m.16 views

Stored XSS on add Group Name

Description XSS found on function add Group Name on User Management module at Organizr 2.1.1810. Proof of Concept 1 Go to User Management - Manage Group 2 Add new group 3 Insert payload on "Group Name" field then Add Group Payload 1 "alert"xss-here"; Screenshot 1 xss-triger 2 version 3 document...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/04/04 2:31 a.m.16 views

Unauthenticated Path Traversal via /api/upload

Description While reviewing FUXA, research found it is possible to upload arbitrary files into arbitrary locations via the "/api/upload" endpoint. Even when authentication in enabled, it was found this endpoint does not validate a user's session. In addition, the function behind this endpoint...

1AI score
Exploits0
Huntr
Huntr
added 2022/04/01 6:12 p.m.16 views

Stored XSS viva .svg file upload

Description The application allows .svg files to upload which leads to stored XSS. Proof of Concept 1.Download the payload XSS.svg from below drive link and go to "Files". 2.Now click on "Add file" and upload the downloaded payload. 3.Then see the uploaded file details and open the file path once...

5.9AI score0.00831EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/27 4:38 p.m.17 views

Stack buffer overflow in XML entity parsing

Description Attempting to parse a XML/SVG file containing an !ENTITY with a sufficiently long name into a fixed sized, stack allocated buffer causes an overflow. Proof of Concept ./bin/gcc/gpac -play ./poc-clean.svg poc-clean.svg available here GDB stack smashing detected : terminated Thread 1...

3.8AI score
Exploits0
Huntr
Huntr
added 2022/03/09 6:40 p.m.16 views

File upload filter bypass leading to stored XSS

Description A User Can uplaod .cshtml file with XSS payload. Proof of Concept Login to the demo portal with admin creds at https://demo.microweber.org/demo/admin/ Navigate to page create functionality at https://demo.microweber.org/demo/admin/page/create Select the picture upload request in burp...

3.5CVSS0.00773EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/20 5:42 a.m.16 views

Improper Access Control in Configuration (Credential store)

Description Pandora FMS v7.0NG.759 allows improper access control in Configuration Credential store where a user with the role of Operator Write could create, delete, view existing keys which are outside the intended role. Proof of Concept Affected endpoint: POST...

5.5CVSS0.6AI score0.00332EPSS
Exploits0
Huntr
Huntr
added 2022/02/17 3:58 p.m.16 views

Arbitrary Command Injection

Description When creating a strapi app using npxcreate-strapi-app, we can inject arbitrary commands through the template cli argument as per the code in this particular link https://github.com/strapi/strapi/blob/master/packages/generators/app/lib/utils/fetch-npm-template.jsL13, this happens due t...

7.2CVSS0.8AI score0.00782EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/14 10:37 p.m.16 views

Cross-site Scripting (XSS) - Stored in helloxz/onenav

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.1AI score
Exploits0
Huntr
Huntr
added 2022/02/14 4:58 a.m.16 views

Improper Authorization in chocobozzz/peertube

Description The app doesn't check the status of video when making data changes. Normal users can create new comment or reply comment in private videos. Proof of Concept note: I'm using instance p.lu for testing - Step 1: Login as video test1 and upload private video. Get video ID of private video...

5.5CVSS5.4AI score0.00667EPSS
Exploits1
Huntr
Huntr
added 2022/02/03 12:31 p.m.16 views

Business Logic Errors in publify/publify

Description It was found that if a user tries to create an article, and want to make that article private, the functionality is not working. Proof of Concept 1. Create an article 2. Click on publish and you will see the option to visibility to make it private, but functionality is not designed...

5CVSS1.8AI score0.01567EPSS
Exploits1
Huntr
Huntr
added 2022/01/27 2:6 p.m.16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Stored XSS at the Name and Surname fields in the User account page. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to User account page https://demo.livehelperchat.com/siteadmin/user/account 2.In the Name and Surname fields,...

3.5CVSS0.0064EPSS
Exploits1
Huntr
Huntr
added 2022/01/26 7:57 a.m.16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Stored XSS at the Name field in the Admin themes of System configuration. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to Setting - Live help configuration tab 2.Click on Admin themes in Visual settings for the admin sectio...

3.5CVSS0.2AI score0.007EPSS
Exploits1
Huntr
Huntr
added 2022/01/21 8:59 a.m.16 views

Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Description Reflected cross site scripting vulnerability in pimpore/pimcore , it is in group field in Field collections and objectbricks in settings module. Proof of Concept 1 .Login to demo account 2 . Go to settings module --data objects --object bricks or Field collection -- edit any one and a...

3.5CVSS0.9AI score0.00718EPSS
Exploits1
Huntr
Huntr
added 2022/01/18 5:49 a.m.16 views

in gpac/gpac

Description Null Pointer Dereference in gfdumpvrmlfield.isra Proof of Concept MP4Box -bt POC2 POC2 is here. Bt Program received signal SIGSEGV, Segmentation fault. 0x0000000000644ca4 in gfdumpvrmlfield.isra LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/01/14 3:36 a.m.16 views

Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq

Description When building an app, an XSS vulnerability occurs in the app's name. Proof of Concept txt 1. Go to App Settings 2. Enter " as the name of the app Video : https://www.youtube.com/watch?v=dEFDHHGxzoY Impact Through this vulnerability, an attacker is capable to execute malicious scripts...

3.5CVSS0.9AI score0.006EPSS
Exploits1
Total number of security vulnerabilities4072