Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
โ€ขadded 2022/03/27 4:38 p.m.โ€ข17 views

Stack buffer overflow in XML entity parsing

Description Attempting to parse a XML/SVG file containing an !ENTITY with a sufficiently long name into a fixed sized, stack allocated buffer causes an overflow. Proof of Concept ./bin/gcc/gpac -play ./poc-clean.svg poc-clean.svg available here GDB stack smashing detected : terminated Thread 1...

3.8AI score
Exploits0
Huntr
Huntr
โ€ขadded 2022/03/09 6:40 p.m.โ€ข16 views

File upload filter bypass leading to stored XSS

Description A User Can uplaod .cshtml file with XSS payload. Proof of Concept Login to the demo portal with admin creds at https://demo.microweber.org/demo/admin/ Navigate to page create functionality at https://demo.microweber.org/demo/admin/page/create Select the picture upload request in burp...

3.5CVSS0.00773EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2022/02/20 5:42 a.m.โ€ข16 views

Improper Access Control in Configuration (Credential store)

Description Pandora FMS v7.0NG.759 allows improper access control in Configuration Credential store where a user with the role of Operator Write could create, delete, view existing keys which are outside the intended role. Proof of Concept Affected endpoint: POST...

5.5CVSS0.6AI score0.00344EPSS
Exploits0
Huntr
Huntr
โ€ขadded 2022/02/17 3:58 p.m.โ€ข16 views

Arbitrary Command Injection

Description When creating a strapi app using npxcreate-strapi-app, we can inject arbitrary commands through the template cli argument as per the code in this particular link https://github.com/strapi/strapi/blob/master/packages/generators/app/lib/utils/fetch-npm-template.jsL13, this happens due t...

7.2CVSS0.8AI score0.00782EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2022/02/14 4:58 a.m.โ€ข16 views

Improper Authorization in chocobozzz/peertube

Description The app doesn't check the status of video when making data changes. Normal users can create new comment or reply comment in private videos. Proof of Concept note: I'm using instance p.lu for testing - Step 1: Login as video test1 and upload private video. Get video ID of private video...

5.5CVSS5.4AI score0.00667EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/01/27 2:6 p.m.โ€ข16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Stored XSS at the Name and Surname fields in the User account page. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to User account page https://demo.livehelperchat.com/siteadmin/user/account 2.In the Name and Surname fields,...

3.5CVSS0.0064EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/01/26 7:57 a.m.โ€ข16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Stored XSS at the Name field in the Admin themes of System configuration. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to Setting - Live help configuration tab 2.Click on Admin themes in Visual settings for the admin sectio...

3.5CVSS0.2AI score0.007EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/01/21 8:59 a.m.โ€ข16 views

Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Description Reflected cross site scripting vulnerability in pimpore/pimcore , it is in group field in Field collections and objectbricks in settings module. Proof of Concept 1 .Login to demo account 2 . Go to settings module --data objects --object bricks or Field collection -- edit any one and a...

3.5CVSS0.9AI score0.00718EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/01/18 5:49 a.m.โ€ข16 views

in gpac/gpac

Description Null Pointer Dereference in gfdumpvrmlfield.isra Proof of Concept MP4Box -bt POC2 POC2 is here. Bt Program received signal SIGSEGV, Segmentation fault. 0x0000000000644ca4 in gfdumpvrmlfield.isra LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA...

1.2AI score
Exploits0
Huntr
Huntr
โ€ขadded 2022/01/14 3:36 a.m.โ€ข16 views

Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq

Description When building an app, an XSS vulnerability occurs in the app's name. Proof of Concept txt 1. Go to App Settings 2. Enter " as the name of the app Video : https://www.youtube.com/watch?v=dEFDHHGxzoY Impact Through this vulnerability, an attacker is capable to execute malicious scripts...

3.5CVSS0.9AI score0.006EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/01/09 4:52 p.m.โ€ข16 views

SQL Injection in dolibarr/dolibarr

Description The searchusers parameter does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection. Proof of Concept Slow query example: POST /dolibarr-14.0.5/htdocs/compta/sociales/list.php HTTP/1.1 Content-Type:...

7.5CVSS0.7AI score0.01995EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2022/01/07 8:53 a.m.โ€ข16 views

Cross-Site Request Forgery (CSRF) in liukuo362573/yishaadmin

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
Huntr
Huntr
โ€ขadded 2022/01/03 2:47 p.m.โ€ข16 views

in slidevjs/slidev

Description Vulnerability: CSS injection and Limited XSS via postMessage While reading the code, I came across packages/client/iframes/monaco/index.ts file, where a message eventListener is being used. The callback function adds the content of message inside tag. This way, the attacker can post a...

0.6AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/29 12:37 p.m.โ€ข16 views

Heap-based Buffer Overflow in mruby/mruby

Description Heap Base Buffer Overflow mrbirepcutref Proof of Concept a = a. nil too many irep references RuntimeError ================================================================= ==990==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000003a6 at pc 0x560e7e6acc2e bp...

7.5CVSS9AI score0.0141EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/27 2:42 a.m.โ€ข16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description The Mobile Options settings does not sanitise and escape the $mboptions'fcmkey' parameter lead to stored XSS Proof of Concept Go to Mobile settings, fill XSS payload into FCM Key field kind of: somekey" Impact XSS can have huge implications for a web application and its users. User...

3.5CVSS0.5AI score0.00531EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/24 8:2 p.m.โ€ข16 views

Business Logic Errors in janeczku/calibre-web

Description There is a possibility to create 2 public phasing shelfs that have the same name, which is a business logic error. Steps To Reproduce 1. Create a shelf with empty name 2. Tick the share with everyone box 3. Create another shelf with empty name 4. Tick the share with everyone box, it...

7.5CVSS8.6AI score0.01375EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/20 2:16 p.m.โ€ข16 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

Description I found that the CSRF vulnerability that I reported to you before https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd/ can still be exploited via the GET request. An attacker is able to do unintentional action in the victim account by tricking other users clicking on the...

6.8CVSS7.5AI score0.00614EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/17 8:47 a.m.โ€ข16 views

Cross-Site Request Forgery (CSRF) in janeczku/calibre-web

Description CSRF on various endpoints Summary Pretty recently CSRF protection in calibre-web was implemented. However, there are some state-changing endpoints that accept GET requests instead of POST. The most impactful route so far, that allows to completely shutdown the server:...

6.8CVSS0.5AI score0.0054EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/05 8:28 a.m.โ€ข16 views

Improper Authorization in openwhyd/openwhyd

Description This Account Takeover via Dom XSS vulnerability occurs because the backend does not check the value of the redirect parameter in the login logic. javascript if form.fbUid userModel.updatedbUser.id, $set: fbId: form.fbUid, fbTok: form.fbTok, // access token provided on last facebook...

4.3CVSS6.5AI score0.00522EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/02 9:15 a.m.โ€ข16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS via upload Photo avatar with format .svg in Account data. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept PoC.svg va...

4.3CVSS0.4AI score0.0085EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2021/11/27 7:15 p.m.โ€ข16 views

SQL Injection in wbce/wbce_cms

Description Plaintext administrator password recovery vulnerability due to SQL injection in password reset page. admin/login/forgot/index.php lines 33-34: php $sSql = "SELECT FROM TPusers WHERE email = '" . $email . "'"; $rRow = $database-query$sSql; Due to poor email validation attacker can inje...

7.5CVSS0.4AI score0.37824EPSS
Exploits4
Huntr
Huntr
โ€ขadded 2021/11/20 5:53 a.m.โ€ข16 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

CSRF Set 1 modify invoice status Medium severity Description CSRF in saving invoices / modifying status of invoices pending and cancel only Proof of Concept The following state-changing endpoints are vulnerable to CSRF GET...

4.3CVSS3.5AI score0.00505EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/11/18 2:44 p.m.โ€ข16 views

in elgg/elgg

Hello Elgg Team, hope you are having an awesome day : Just found an issue on the latest version of Elgg, and apparently the previous versions also have the same flaw. Description There is this endpoint, which is: http://elgg-example-here.com/ajax/form/admin/user/changeemail This endpoint is...

5CVSS6.5AI score0.01547EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2021/11/17 5:55 p.m.โ€ข16 views

Cross-site Scripting (XSS) - Stored in invoiceninja/invoiceninja

Description In recent InvoiceNinja version 9d7145c in /documents it is possible to store svg file with html/js content, which later can be used to phish other users Proof of Concept POST /documents HTTP/1.1 Host: 172.17.0.1:8888 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:95.0 Gecko/20100101...

3.5CVSS5.4AI score0.00592EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/11/17 6:37 a.m.โ€ข16 views

Improper Authorization in hdinnovations/unit3d-community-edition

Description 2FA bypass in in chat functions. The "twostep" middleware is not implemented under the vue.php routing. Proof of Concept 1: Login into account with 2FA. Do not complete the 2FA process. 2: See all chat messages at https://UNIT3D-URL/api/chat/messages/1 3: If the CSRF token does not...

0.9AI score0.05701EPSS
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/11/15 2:3 a.m.โ€ข16 views

Cross-site Scripting (XSS) - DOM in janeczku/calibre-web

Description It is possible to execute XSS payloads when editing book properties, such as uploading a cover or a format. Proof of Concept The file editbooks.js contains the following code: $"btn-upload-cover".on"change", function var filename = $this.val; if filename.substring3, 11 === "fakepath"...

1.5AI score0.00356EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/10/25 8:56 p.m.โ€ข16 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description When uploading a new module, the description of the module can contain JavaScript code. After uploading the new module and looking at the Details page, the JavaScript code would be executed. Proof of Concept - I downloaded this module...

3.5CVSS5.6AI score0.00671EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/10/21 5:2 p.m.โ€ข16 views

Server-Side Request Forgery (SSRF) in pimcore/pimcore

Description Your demo server is running in a vulnerable Apache server Apache/2.4.38. The attacker can easily exploit SSRF vulnerability just by visiting a crafted URL. The vulnerability has been discovered few days ago and it relies on modproxy module. I know that this vulnerability is not direct...

0.6AI score0.99999EPSS
Exploits5References2
Huntr
Huntr
โ€ขadded 2021/10/16 6:15 p.m.โ€ข16 views

in zmister2016/mrdoc

Description When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication. Proof of Concept https://github.com/zmister2016/MrDoc/blob/master/appadmin/views.pyL985 ๆ™ฎ้€š็”จๆˆทไฟฎๆ”นๅฏ†็  @loginrequired @logger.catch def...

6.3AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/10/15 7:3 a.m.โ€ข16 views

SQL Injection in ampache/ampache

Description The application does not validate and escape the client parameter before using it in a SQL statement at getbookmark function in Repository/Model/Bookmark.php file, leading to a SQL Injection The function named getbookmark which called by in 3 functions: bookmarkcreate, bookmarkedit an...

0.4AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/10/13 6:40 a.m.โ€ข16 views

Cross-site Scripting (XSS) - Reflected in mariotti94/webrisc-v

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโ€™s browser has no way to know that the script should not be trusted, and will execut...

5.5AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2021/10/11 8:35 p.m.โ€ข16 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in siwapp/siwapp

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1IOglL2LBh8CnvJUI0tRJw2wCJ8ugnws/view Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The...

Exploits0References1
Huntr
Huntr
โ€ขadded 2021/10/05 4:1 a.m.โ€ข16 views

SQL Injection in yeswiki/yeswiki

Description A SQL injection attack consists of insertion or 'injection' of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data Insert/Update/Delete, execute administration operations ...

0.3AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2021/10/02 8:23 a.m.โ€ข16 views

Server-Side Request Forgery (SSRF) in chevereto/chevereto-free

Description Attackers can make the server perform arbitrary requests to internal IPs as well as use the file:/// protocol to disclose internal image data. Proof of Concept 1: Create a valid image file on the server /path/to/index.png 2: Choose add Image URLs and use a valid URL and click OK. Then...

0.3AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/09/26 1:48 a.m.โ€ข16 views

Heap-based Buffer Overflow in mruby/mruby

Description Heap buffer overflow on mrb-vm-exec Proof of Concept // poc.rb 1.timesuntil% ;break Result ./mruby poc.rb ================================================================= ==1451==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000023d9 at pc 0x55b2fc3f1046 bp...

Exploits0
Huntr
Huntr
โ€ขadded 2021/09/12 5:30 p.m.โ€ข16 views

Cross-site Scripting (XSS) - Stored in fisharebest/webtrees

โœ๏ธ Description A malicious actor is able to add a malicious payload as a Family Tree Title, and after click the Family Tree nav button from the My Pages Menu, the XSS payload is executed. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept 1;Create a new family tree, either when logging in after install for the first time, or...

2.1AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/09/06 6:10 a.m.โ€ข16 views

Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver

โœ๏ธ Description Accept Bitcoin payments. Free, open-source & self-hosted, Bitcoin payment processor this package is vulnerable for xss ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept ๐Ÿ’ฅ Impact This vulnerability is capable of xss...

3.5CVSS2AI score0.00542EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/09/02 11:59 a.m.โ€ข16 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

โœ๏ธ Description A malicious actor is able to add new Milestone with a malicious payload, and upon opening the research menu, the XSS payload is being executed. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept - 1; Log in with a proper roled user - 2; Add a new Milestone to the system at the /tickets/roadmap URI with the +...

1.6AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/09/02 10:35 a.m.โ€ข16 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

โœ๏ธ Description A malicious actor is able to add New Project with a malicious payload, and upon opening the research menu, the XSS payload is being executed. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept 1; Log in with a proper roled user 2; Add a new Project to the system at the /projects/showAll/ URI with the + New...

1.7AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/29 10:59 p.m.โ€ข16 views

Cross-Site Request Forgery (CSRF) in combodo/itop

โœ๏ธ Description Attacker able to delete Standard SLA with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...

1.6AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/26 3:28 p.m.โ€ข16 views

Cross-Site Request Forgery (CSRF) in azuracast/azuracast

โœ๏ธ Description Attacker able to enable any Streamer/DJ account section with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

1.8AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/23 3:56 p.m.โ€ข16 views

in getgrav/grav-plugin-admin

โœ๏ธ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept ๐Ÿ’ฅ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

5.8CVSS1.3AI score0.01547EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2021/08/23 8:33 a.m.โ€ข16 views

Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin

โœ๏ธ Description The delete key functionality in the application is vulnerable to CSRF attack. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept history.pushState'', '', '/' ๐Ÿ’ฅ Impact This vulnerability can let an attacker delete data from the database without the knowledge/interaction of the user...

2.4AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/01 10:36 p.m.โ€ข16 views

in aquilacms/aquilacms

โœ๏ธ Description Unauthenticated API function allows any user to change OR view another user first name, last name, password, and address information. As well, leaked activateAccountToken and resetPassToken can be viewed. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept The attacker can guess the correct MongoDBobject ID and...

6.8AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/07/30 4:59 p.m.โ€ข16 views

in babybuddy/babybuddy

โœ๏ธ Description According to 1 we have : The secure attribute is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure attribute is to prevent cookies from being observed by unauthorized parties due to the...

1AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/07/26 5:58 p.m.โ€ข16 views

Cross-Site Request Forgery (CSRF) in changeweb/unifiedtransform

โœ๏ธ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.2AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/07/18 3:22 p.m.โ€ข16 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

โœ๏ธ Description Attacker able to reopen any Poll in Tools section. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept // PoC.html https://demo.dolibarr.org/opensurvey/card.php?action=reopen&id=amyra52rg3g4ywzj...

1AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/05/18 6:2 a.m.โ€ข16 views

in tagspaces/tagspaces

Vulnerability Code Execution using Reflected Cross Site Scripting โœ๏ธ Description Tagspaces is a file organizer that also works as a file manager. When you open a file, it tries to provide a preview of common files like images, code and text files. But if the extension is not known to tagspaces, it...

0.2AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/04/16 2:12 p.m.โ€ข16 views

Server-Side Request Forgery (SSRF) in prasathmani/tinyfilemanager

โœ๏ธ Description SSRF to access internal server ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept 1. goto http://localhost/tinyfilemanager/index.php?p=&upload and put internal serveer address and see it will fetch that file Video Poc https://drive.google.com/file/d/1dsTqvuQbGN619Gdncze4tuIH7MsonliT/view?usp=sharing ๐Ÿ’ฅ Impact...

1AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2021/03/25 4:6 p.m.โ€ข16 views

Cross-site Scripting (XSS) - Generic in maxsite/cms

โœ๏ธ Description Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites...

0.6AI score
Exploits0
Total number of security vulnerabilities4072