Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/05/05 11:57 p.m.45 views

Users Account Pre-Takeover or Users Account Takeover.

Team, May you all be well on your side of the screen. : While Doing some research on the https://microweber.org, I was able to find a Pre-Account Takeover vulnerability. Kindly check the proof of concept video & reproduction steps for better understanding. Proof of concept: I have uploaded the bo...

6.8CVSS0.7AI score0.08958EPSS
Exploits4
Huntr
Huntr
added 2022/02/07 1:16 p.m.45 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you change the value of Abbreviation, Longname, Converter Service at "Settings" = "Data Objects" = "Quantity Value" in the...

3.5CVSS0.5AI score0.00537EPSS
Exploits1
Huntr
Huntr
added 2021/11/15 1:20 a.m.45 views

in janeczku/calibre-web

Description A user can see the name of private shelves from other users when trying to remove a book of those shelves. Proof of Concept The file shelf.py in its line 221 exposes the name of the shelf when the user tries to remove a book from a shelf which is not his. log.warning"You are not allow...

1AI score0.00358EPSS
Exploits1
Huntr
Huntr
added 2021/08/26 3:57 a.m.45 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in azuracast/azuracast

✍️ Description The secure flag is not set for appsession cookie in the application. 🕵️‍♂️ Proof of Concept PoC Image: https://i.ibb.co/v1y0Fdv/cookie-flag.png 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2021/03/28 2:28 p.m.45 views

Path Traversal in mailtrain-org/mailtrain

✍️ Description A path traversal also known as directory traversal is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. This might include application code and data, credentials for back-end systems, and sensitive operating...

1AI score
Exploits0References2
Huntr
Huntr
added 2021/01/26 12:0 a.m.45 views

Prototype Pollution in grpc/grpc-node

Description grpc native core package is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var grpc =require'grpc'...

5CVSS2.1AI score0.03554EPSS
Exploits0References1
Huntr
Huntr
added 2021/01/10 12:0 a.m.45 views

Prototype Pollution in dominictarr/libnested

Description libnested is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var libnested = require"libnested" var obj = console.log"Before : " + .polluted; libnested.setobj, 'proto','polluted', 'Yes! Its Polluted'; console.log"After : " + .polluted; 2...

7.5CVSS2AI score0.0322EPSS
Exploits1
Huntr
Huntr
added 2020/11/18 12:0 a.m.45 views

Prototype Pollution in b-heilman/bmoor

Description bmoor is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js const bmoor = require'bmoor'; var obj = console.log"Before : " ...

7.5CVSS1.7AI score0.01469EPSS
Exploits1
Huntr
Huntr
added 2023/03/03 10:14 p.m.44 views

Blind LFI in register-model/get?name=

Description A blind LFI exists in /ajax-api/2.0/mlflow/registered-models/get?name= The response from the server is different depending on if the file exists on the local file system or not. When the arbitrary local file exists, the server responds with 500 INTERNAL SERVER ERROR and when it doesn'...

1.7CVSS4.7AI score0.00578EPSS
Exploits1
Huntr
Huntr
added 2022/11/14 1:31 p.m.44 views

XSS in RSS Description Link

Description An Administrator can import a malicious RSS feed that contains Cross Site Scripting XSS payloads inside RSS links. Victims who wish to visit an RSS content and click on the link will execute the Javascript. Proof of Concept 1. Create a malicious RSS feeds The XSS payload is inside ite...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/11/01 6:7 a.m.44 views

Cross Site Scripting (XSS) Reflected

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept 1. i open this page...

5.8CVSS5.9AI score0.01532EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/25 2:18 p.m.44 views

Out-of-bounds write in function vim_regsub_both

Description Out-of-bounds write in function vimregsubboth at regexp.c:1954 vim version git log commit 4c3d21acaa09d929e6afe10288babe1d0af3de35 HEAD - master, tag: v8.2.5014, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pocobw2s.dat -c :qa!...

6.8CVSS7.8AI score0.01474EPSS
Exploits1
Huntr
Huntr
added 2022/05/06 2:2 p.m.44 views

Stored xss bug

Description stored xss bug Proof of Concept I created a repository on try.gitea.io and uploaded a pdf file containing xss vector. https://try.gitea.io/cokeBeer/test/src/branch/main/poc.pdf Just click the "Raw" button The xss vector will be triggered Fix Suggestion prohibit viewing pdf directly by...

3.5CVSS0.4AI score0.00751EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/14 2:36 p.m.44 views

Stored XSS viva .ofd file upload

Description The application allows .ofd files to upload which lead to stored XSS Proof of Concept 1.First, open your text file/notepad and paste the below payload and save it as XSS.ofd: alert1337 alertdocument.domain alertdocument.location alert'XSSbySamprit Das' 2.Then go to...

3.5CVSS0.6AI score0.00888EPSS
Exploits1
Huntr
Huntr
added 2022/03/11 4:5 p.m.44 views

Host Header injection in password Reset

Description The password reset uses $SERVER'HTTPHOST' to generate the password without any checks or filtering. Allowing a malicious attacker to generate a fake password reset link to steal password reset tokens which may lead to account takeover Impact Account Takeover...

6.8CVSS1.8AI score0.01319EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/06 9:6 p.m.44 views

Exposure of Sensitive Information to an Unauthorized Actor in eventsource/eventsource

Exposure of Sensitive Information to an Unauthorized Actor in EventSource/eventsource Reported on Feb 6th 2022 | Timothee Desurmont Vulnerability type: CWE-200 Bug Cookies & Authorisation headers are leaked to external sites. Description When fetching an url with a link to an external site...

5.8CVSS0.5AI score0.01799EPSS
Exploits1
Huntr
Huntr
added 2022/01/27 4:7 a.m.44 views

Cross-Site Request Forgery (CSRF) in crater-invoice/crater

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

4.3CVSS4.3AI score0.00422EPSS
Exploits1
Huntr
Huntr
added 2021/10/09 7:11 p.m.44 views

in attendize/attendize

Description: There is no rate limit sent unlimited email victim or any email address. Proof of Concept: There is no rate limit return-password , attacker to send unlimited email to victim or any email address. Impact: Attacker can sent unlimited email to any mail address . Solution: Add 'throttle...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/08/05 11:57 a.m.43 views

Tabnabbing via window.opener [bookwyrm.social]

Description: 1. Hello @bookwyrm-social I found a tabnabbing vulnerability. attack is possible due to taget=blank or Tab nabbing via window.opener. VISIT:- https://bookwyrm.social/ SUMMARY: 1. I was browsing the site and found a tabnabbing vulnerability . As per the observation I found that attack...

5.8CVSS0.00492EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/25 7:53 a.m.43 views

Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot

Title Stored XSS in customattributes Description Relying on frontend URI check without verifying it on the backend allows to inject arbitrary JS code. Steps to reproduce 1. 1. Create a custom attribute, set its type to Link 2. 2. Navigate to any conversation, click on the right sidebar. 3. 3...

4.3CVSS0.9AI score0.00856EPSS
Exploits1
Huntr
Huntr
added 2021/07/10 1:39 a.m.43 views

Cross-site Scripting (XSS) - Reflected in swiftyspiffy/twitch-token-generator

✍️ Description An almost XSS exists in this repository that, if not for the WAF used on https://twitchtokengenerator.com; would have resulted in reflected XSS. Despite this, it is possible to inject HTML onto the page, making some attack scenarios possible. 🕵️‍♂️ Proof of Concept - Navigate to...

0.3AI score
Exploits0
Huntr
Huntr
added 2020/10/25 12:0 a.m.43 views

Prototype Pollution in jquense/yup

Description yup is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js let yup = require'yup'; const payload =...

1.5AI score
Exploits0
Huntr
Huntr
added 2025/12/31 2:25 p.m.42 views

Command Injection through bash -c

This report is not public...

9.6CVSS5.8AI score0.01328EPSS
Exploits2
Huntr
Huntr
added 2023/10/18 7:42 a.m.42 views

heap-buffer-overflow in /radare2/shlr/java/code.c:211:21 in java_print_opcode

Description heap-buffer-overflow in /radare2/shlr/java/code.c:211:21 in javaprintopcode Version $ r2 -v radare2 5.8.9 31339 @ linux-x86-64 birth: git.5.8.8-691-gb2de2288d8 2023-10-1701:18:28 commit: b2de2288d8299f89288c503fc2ce22381b61aba0 Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes...

6.8CVSS7AI score0.0079EPSS
Exploits1
Huntr
Huntr
added 2023/01/22 3:44 p.m.42 views

heap-buffer-overflow in function utfc_ptr2len

Description Heap-based Buffer Overflow in function utfcptr2len at mbyte.c:2145 Vim Version git log commit ebfec1c531f32d424bb2aca6e7391ef3bfcbfe20 HEAD - master, tag: v9.0.1234, origin/master, origin/HEAD Both POCs also apply to v9.0.1262: git log commit f2e30d0c448b9754d0d4daa901b51fbbf4c30747...

4.4CVSS7AI score0.00598EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/28 3:41 a.m.42 views

IDOR to archive victims memo

Description Insecure direct object references IDOR are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. Proof of Concept 1 Login into your account at demo.usememos.com 2 Turn on your burpsuite proxy 3 Click on the three do...

4CVSS0.00534EPSS
Exploits1
Huntr
Huntr
added 2022/12/23 9:32 p.m.42 views

IDOR results in deletion of others public & private memos

Description What is IDOR Insecure Direct Object Reference? Insecure direct object references are common, potentially devastating vulnerabilities resulting from broken access control in web applications. IDOR bugs allow an attacker to maliciously interact with a web application by manipulating a...

5CVSS0.6AI score0.00756EPSS
Exploits1References1
Huntr
Huntr
added 2022/06/16 5:35 a.m.42 views

Out-of-bounds write in function vim_regsub_both

Description Out-of-bounds write in function vimregsubboth at regexp.c:1973 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC root@fuzz-vm0-187:/home/fuzz/fuzz/vim/afl/src ./vim -u NONE -i NONE -n -m -X -Z -e -s -S...

6.8CVSS7.6AI score0.01352EPSS
Exploits1
Huntr
Huntr
added 2022/05/20 5:41 p.m.42 views

SSRF in /service endpoint

Description The problem came from this line of code I ran docker-drawio with following command : docker run -it --rm --name="draw" -e EXPORTURL=http://somesite.com -p 8080:8080 -p 8443:8443 jgraph/drawio if the drawio EXPORTURL is set to an address without any / after the primary Hostname like...

5CVSS6.4AI score0.05704EPSS
Exploits1
Huntr
Huntr
added 2021/11/20 12:39 p.m.42 views

Cross-site Scripting (XSS) - Stored in kunstmaan/kunstmaanbundlescms

Description In kunstmaan / kunstmaanbundlescms, menu form slug field is vulnerable to cross site scripting Proof of Concept 1. login to demo page 2. go to pages, open any page 3. go to menu , in slug feild place the payload and save, it will trigger. payload : " Impact This vulnerability is capab...

1AI score
Exploits0References1
Huntr
Huntr
added 2021/05/18 1:15 a.m.42 views

Cross-site Scripting (XSS) - Stored in knadh/listmonk

💥 BUG Stored xss via file upload 💥 SUMMURY uploaded file extension only checked in client-side javascript. It must be also checked in server side so that user cant upload html file instead of image . 💥 STEP TO REPRODUCE 1. From your account goto http://localhost:9000/campaigns/media and upload a...

7AI score
Exploits0
Huntr
Huntr
added 2021/03/30 8:12 a.m.42 views

Server-Side Request Forgery (SSRF) in frenchbread/private-ip

✍️ Description Private-ip is an NPM module that is used to check if the input IP address is private or not, so as to prevent SSRF attacks. It has 12k downloads every week on NPM However, I found that by crafting a malicious IP, an attacker can easily bypass this check. 🕵️‍♂️ Proof of Concept First...

7.5CVSS1.5AI score0.02949EPSS
Exploits0
Huntr
Huntr
added 2023/08/10 6:38 p.m.41 views

SSRF Blind in the image upload module via url

Description Web application with the function of uploading images through a link provided by the user . This access error leads to RCE and scanning of intranet ports Proof of Concept Link video Poc https://drive.google.com/file/d/17fksa8odZAqCuqRQbOCutc9I7eoNun-/view?usp=sharing Steps 1 . Use a...

5.5CVSS6.9AI score0.00349EPSS
Exploits1
Huntr
Huntr
added 2023/06/15 1:14 p.m.41 views

Desktop APP XSS to RCE

🔒️ Requirements The user must load the malicious configuration and click on the buttons. 📝 Description This exploitation relies on several issues which chained together lead to an RCE. In the following subsection, I will try to explain it as best I can. 💉 Not sanitized HTML injection In the...

7.5CVSS6.4AI score0.0194EPSS
Exploits1
Huntr
Huntr
added 2023/04/20 10:14 p.m.41 views

Session is not expiring after password reset

Description 1. Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization, in this case the session is not getting expired after the password change Steps to reproduce : 1. Open...

6.5CVSS7AI score0.00479EPSS
Exploits1
Huntr
Huntr
added 2023/01/18 7:26 p.m.41 views

heap-buffer-overflow in same_leader and utfc_ptr2len

Description Heap-based Buffer Overflow in function sameleader at textformat.c:558 Heap-based Buffer Overflow in function utfcptr2len at mbyte.c:2138 Vim Version git log commit f97a295ccaa9803367f3714cdefce4e2283c771d HEAD - master, tag: v9.0.1221, origin/master, origin/HEAD Able to replicate the...

4.4CVSS7.7AI score0.00555EPSS
Exploits1References2
Huntr
Huntr
added 2022/12/31 7:6 a.m.41 views

Get based CSRF on Reset OP Cache functionality

Description The functionality to reset the OPCache is vulnerable to CSRF. In fact, it would be a good practice to implement a CSRF token in URL if the GET functionality is meant to trigger an action, instead of only retrieving data. Alternatively, it can be turned in a POST request, which I can s...

4.3CVSS0.2AI score0.00346EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/19 6:31 p.m.41 views

Account takeover via changing password

Description after login with normal user go to Settings then change password ,you will find the following request PATCH /api/user/104 HTTP/2 Host: demo.usememos.com Cookie:...

6.5CVSS0.4AI score0.00741EPSS
Exploits1
Huntr
Huntr
added 2022/05/08 4:1 a.m.41 views

Buffer Over-read in function find_next_quote

Description Buffer Over-read in function findnextquote at textobject.c:1663 POC ./vim -u NONE -X -Z -e -s -S ./poch4s.dat -c :qa! ================================================================= ==1740874==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000741a at pc 0x0000010f50...

6.8CVSS7AI score0.01864EPSS
Exploits1
Huntr
Huntr
added 2022/04/28 8:53 p.m.41 views

Use after free in append_command

✍️ Description When fuzzing vim commit fc78a0369 works with latest build and latest commit 202b4bd3a per this time of this report with clang 13 and ASan, I discovered a buffer overflow. Proof of Concept Here is the poc bash...

6.8CVSS0.1AI score0.02645EPSS
Exploits1
Huntr
Huntr
added 2022/04/28 8:2 p.m.41 views

Reflected XSS

Description Bypass XSS filter on /module/ Proof of Concept https://demo.microweber.org/demo/module/?module=admin%2Fmodules%2Fmanage&id=x"draggable="true"ondragexit=alert1&class=x&fromurl=x Drag something around to trigger the XSS. Might only work in FireFox. How to fix This is still CVE-2022-1439...

4.3CVSS0.1AI score0.0321EPSS
Exploits2
Huntr
Huntr
added 2022/03/19 3:51 p.m.41 views

Stored XSS viva .svg file upload

Description The application allows .svg files to upload which lead to stored XSS Proof of Concept 1.Download the payload from this link:- https://drive.google.com/file/d/1c1BP5bxXBxtwLfRJTrEPgMWK1yVFDF2R/view?usp=sharing and upload it on your profile. 2.Now open the path of the uploaded image...

3.5CVSS0.9AI score0.01561EPSS
Exploits1
Huntr
Huntr
added 2022/03/02 3:26 p.m.41 views

Improper Authorization

Description When configuring cobbler-web to authentificate via PAM. The authorization of a account validity is missing. Therefore expired accounts can still login. Proof of Concept Enable authnpam in the modules.conf Create a testuser to login $ useradd expireduser $ passwd expireduser 12345 $...

6.4CVSS2.1AI score0.02256EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/15 10:8 a.m.41 views

Path Traversal in prasathmani/tinyfilemanager

Description A Path Traversal vulnerability exists in Tiny File Manager, which allows the upload of files to an arbitrary location in the server. This flaw derives from the way that the file upload/creation is handled when a file with the same name already exists in the target directory. Affected...

7.5CVSS0.3AI score0.01864EPSS
Exploits1
Huntr
Huntr
added 2021/12/12 8:29 p.m.41 views

in pytorchlightning/pytorch-lightning

Description There is untrusted YAML Deserialization vulnerability on PyTorchLightning Github repository. PyTorchLightning's saving.py core.saving.loadhparamsfromyaml functionality is calling "yaml.UnsafeLoader" from pyyaml Python library which is not secure method. Because of that, maliciously...

6.8CVSS1AI score0.00978EPSS
Exploits1References1
Huntr
Huntr
added 2023/10/14 8:28 p.m.40 views

Privilege Escalation to admin from any other users

Description By default, hestiacp creates a default fpm configuration that runs php-fpm service as the www-data user common socket. Also another php-fpm service runs from admin user and www-data group unix-socket. That allows any user upload php-file into /tmp dir, then run that script from...

7.1AI score0.00285EPSS
Exploits1
Huntr
Huntr
added 2023/03/02 8:56 a.m.40 views

Storage xss vulnerability exists in simple graph beds

Description Storage xss vulnerability exists in simple graph beds,By constructing a malicious svg code that directs the administrator to click, the cookie is stolen Proof of Concept Make the svg file as follows alertdocument.cookie; You can steal administrator cookies,No login required to upload...

4.9CVSS5.7AI score0.00429EPSS
Exploits1
Huntr
Huntr
added 2023/01/04 5:10 a.m.40 views

Lack of Input Sanitazion lead to RCE

Description This vulnerability occur because there is no sanitation on user controlled input during the update configuration process. The input later , written to another .php file and this could lead to RCE. Proof of Concept 1. Go to Config then go to Mail Settings 2. Change the From Email Addre...

6.5CVSS8.4AI score0.32278EPSS
Exploits2References1
Huntr
Huntr
added 2023/01/03 2:5 p.m.40 views

Heap-based Buffer Overflow in function msg_puts_printf

Description Heap-based Buffer Overflow in function msgputsprintf at message.c:3058 vim version git log commit ea720aea851e645f4c8ec3b20afb27c7ca38184c HEAD - master, tag: v9.0.1137, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochbo01s.dat -c :qa!...

4.4CVSS7.7AI score0.00518EPSS
Exploits1
Huntr
Huntr
added 2022/06/19 2:34 a.m.40 views

NULL Pointer Dereference in function _appendStartNsEvents

Description NULL Pointer Dereference in function vimappendStartNsEvents at src/lxml/iterparse.pxi:435 allows attackers to cause a denial of service or application crash. Proof of Concept python from io import StringIO from lxml import etree firstinput = """ """ secondinput = """ """ def...

5CVSS1.3AI score0.02462EPSS
Exploits1
Total number of security vulnerabilities4072