Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/01/21 8:59 a.m.16 views

Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Description Reflected cross site scripting vulnerability in pimpore/pimcore , it is in group field in Field collections and objectbricks in settings module. Proof of Concept 1 .Login to demo account 2 . Go to settings module --data objects --object bricks or Field collection -- edit any one and a...

3.5CVSS0.9AI score0.00718EPSS
Exploits1
Huntr
Huntr
added 2022/01/18 5:49 a.m.16 views

in gpac/gpac

Description Null Pointer Dereference in gfdumpvrmlfield.isra Proof of Concept MP4Box -bt POC2 POC2 is here. Bt Program received signal SIGSEGV, Segmentation fault. 0x0000000000644ca4 in gfdumpvrmlfield.isra LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/01/14 3:36 a.m.16 views

Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq

Description When building an app, an XSS vulnerability occurs in the app's name. Proof of Concept txt 1. Go to App Settings 2. Enter " as the name of the app Video : https://www.youtube.com/watch?v=dEFDHHGxzoY Impact Through this vulnerability, an attacker is capable to execute malicious scripts...

3.5CVSS0.9AI score0.006EPSS
Exploits1
Huntr
Huntr
added 2022/01/10 2:34 p.m.16 views

Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite

Description Hello phoronix test suite maintainer team, there is a Cross site request forgery vulnerability in phoronix test suite. Proof of Concept 1. Install phoronix test suite on your system 2. Create a test suite 3. Open another tab in browser and go to the link /?localsuites/delete/-1.0.0, f...

6.8CVSS0.3AI score0.00736EPSS
Exploits1
Huntr
Huntr
added 2022/01/09 4:52 p.m.16 views

SQL Injection in dolibarr/dolibarr

Description The searchusers parameter does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection. Proof of Concept Slow query example: POST /dolibarr-14.0.5/htdocs/compta/sociales/list.php HTTP/1.1 Content-Type:...

7.5CVSS0.7AI score0.01995EPSS
Exploits1
Huntr
Huntr
added 2022/01/07 8:53 a.m.16 views

Cross-Site Request Forgery (CSRF) in liukuo362573/yishaadmin

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/01/03 2:47 p.m.16 views

in slidevjs/slidev

Description Vulnerability: CSS injection and Limited XSS via postMessage While reading the code, I came across packages/client/iframes/monaco/index.ts file, where a message eventListener is being used. The callback function adds the content of message inside tag. This way, the attacker can post a...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/12/29 12:37 p.m.16 views

Heap-based Buffer Overflow in mruby/mruby

Description Heap Base Buffer Overflow mrbirepcutref Proof of Concept a = a. nil too many irep references RuntimeError ================================================================= ==990==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000003a6 at pc 0x560e7e6acc2e bp...

7.5CVSS9AI score0.0141EPSS
Exploits1
Huntr
Huntr
added 2021/12/27 2:42 a.m.16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description The Mobile Options settings does not sanitise and escape the $mboptions'fcmkey' parameter lead to stored XSS Proof of Concept Go to Mobile settings, fill XSS payload into FCM Key field kind of: somekey" Impact XSS can have huge implications for a web application and its users. User...

3.5CVSS0.5AI score0.00531EPSS
Exploits1
Huntr
Huntr
added 2021/12/24 8:2 p.m.16 views

Business Logic Errors in janeczku/calibre-web

Description There is a possibility to create 2 public phasing shelfs that have the same name, which is a business logic error. Steps To Reproduce 1. Create a shelf with empty name 2. Tick the share with everyone box 3. Create another shelf with empty name 4. Tick the share with everyone box, it...

7.5CVSS8.6AI score0.01375EPSS
Exploits1
Huntr
Huntr
added 2021/12/20 2:16 p.m.16 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

Description I found that the CSRF vulnerability that I reported to you before https://huntr.dev/bounties/1d8439e8-b3f7-40f8-8b30-f9cb05ff2bcd/ can still be exploited via the GET request. An attacker is able to do unintentional action in the victim account by tricking other users clicking on the...

6.8CVSS7.5AI score0.00614EPSS
Exploits1
Huntr
Huntr
added 2021/12/17 8:47 a.m.16 views

Cross-Site Request Forgery (CSRF) in janeczku/calibre-web

Description CSRF on various endpoints Summary Pretty recently CSRF protection in calibre-web was implemented. However, there are some state-changing endpoints that accept GET requests instead of POST. The most impactful route so far, that allows to completely shutdown the server:...

6.8CVSS0.5AI score0.0054EPSS
Exploits1
Huntr
Huntr
added 2021/12/05 8:28 a.m.16 views

Improper Authorization in openwhyd/openwhyd

Description This Account Takeover via Dom XSS vulnerability occurs because the backend does not check the value of the redirect parameter in the login logic. javascript if form.fbUid userModel.updatedbUser.id, $set: fbId: form.fbUid, fbTok: form.fbTok, // access token provided on last facebook...

4.3CVSS6.5AI score0.00522EPSS
Exploits1
Huntr
Huntr
added 2021/12/02 9:15 a.m.16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS via upload Photo avatar with format .svg in Account data. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept PoC.svg va...

4.3CVSS0.4AI score0.0085EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/27 7:15 p.m.16 views

SQL Injection in wbce/wbce_cms

Description Plaintext administrator password recovery vulnerability due to SQL injection in password reset page. admin/login/forgot/index.php lines 33-34: php $sSql = "SELECT FROM TPusers WHERE email = '" . $email . "'"; $rRow = $database-query$sSql; Due to poor email validation attacker can inje...

7.5CVSS0.4AI score0.37824EPSS
Exploits4
Huntr
Huntr
added 2021/11/20 5:53 a.m.16 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

CSRF Set 1 modify invoice status Medium severity Description CSRF in saving invoices / modifying status of invoices pending and cancel only Proof of Concept The following state-changing endpoints are vulnerable to CSRF GET...

4.3CVSS3.5AI score0.00505EPSS
Exploits1
Huntr
Huntr
added 2021/11/18 2:44 p.m.16 views

in elgg/elgg

Hello Elgg Team, hope you are having an awesome day : Just found an issue on the latest version of Elgg, and apparently the previous versions also have the same flaw. Description There is this endpoint, which is: http://elgg-example-here.com/ajax/form/admin/user/changeemail This endpoint is...

5CVSS6.5AI score0.01547EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/17 5:55 p.m.16 views

Cross-site Scripting (XSS) - Stored in invoiceninja/invoiceninja

Description In recent InvoiceNinja version 9d7145c in /documents it is possible to store svg file with html/js content, which later can be used to phish other users Proof of Concept POST /documents HTTP/1.1 Host: 172.17.0.1:8888 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:95.0 Gecko/20100101...

3.5CVSS5.4AI score0.00592EPSS
Exploits1
Huntr
Huntr
added 2021/11/17 6:37 a.m.16 views

Improper Authorization in hdinnovations/unit3d-community-edition

Description 2FA bypass in in chat functions. The "twostep" middleware is not implemented under the vue.php routing. Proof of Concept 1: Login into account with 2FA. Do not complete the 2FA process. 2: See all chat messages at https://UNIT3D-URL/api/chat/messages/1 3: If the CSRF token does not...

0.9AI score0.05701EPSS
Exploits0References1
Huntr
Huntr
added 2021/11/15 2:3 a.m.16 views

Cross-site Scripting (XSS) - DOM in janeczku/calibre-web

Description It is possible to execute XSS payloads when editing book properties, such as uploading a cover or a format. Proof of Concept The file editbooks.js contains the following code: $"btn-upload-cover".on"change", function var filename = $this.val; if filename.substring3, 11 === "fakepath"...

1.5AI score0.00356EPSS
Exploits1
Huntr
Huntr
added 2021/10/25 8:56 p.m.16 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description When uploading a new module, the description of the module can contain JavaScript code. After uploading the new module and looking at the Details page, the JavaScript code would be executed. Proof of Concept - I downloaded this module...

3.5CVSS5.6AI score0.00671EPSS
Exploits1
Huntr
Huntr
added 2021/10/21 5:2 p.m.16 views

Server-Side Request Forgery (SSRF) in pimcore/pimcore

Description Your demo server is running in a vulnerable Apache server Apache/2.4.38. The attacker can easily exploit SSRF vulnerability just by visiting a crafted URL. The vulnerability has been discovered few days ago and it relies on modproxy module. I know that this vulnerability is not direct...

0.6AI score0.99999EPSS
Exploits5References2
Huntr
Huntr
added 2021/10/16 6:15 p.m.16 views

in zmister2016/mrdoc

Description When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication. Proof of Concept https://github.com/zmister2016/MrDoc/blob/master/appadmin/views.pyL985 普通用户修改密码 @loginrequired @logger.catch def...

6.3AI score
Exploits0References1
Huntr
Huntr
added 2021/10/15 7:3 a.m.16 views

SQL Injection in ampache/ampache

Description The application does not validate and escape the client parameter before using it in a SQL statement at getbookmark function in Repository/Model/Bookmark.php file, leading to a SQL Injection The function named getbookmark which called by in 3 functions: bookmarkcreate, bookmarkedit an...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2021/10/13 6:40 a.m.16 views

Cross-site Scripting (XSS) - Reflected in mariotti94/webrisc-v

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.5AI score
Exploits0References2
Huntr
Huntr
added 2021/10/11 8:35 p.m.16 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in siwapp/siwapp

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1IOglL2LBh8CnvJUI0tRJw2wCJ8ugnws/view Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The...

Exploits0References1
Huntr
Huntr
added 2021/10/05 4:1 a.m.16 views

SQL Injection in yeswiki/yeswiki

Description A SQL injection attack consists of insertion or 'injection' of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data Insert/Update/Delete, execute administration operations ...

0.3AI score
Exploits0References2
Huntr
Huntr
added 2021/10/02 8:23 a.m.16 views

Server-Side Request Forgery (SSRF) in chevereto/chevereto-free

Description Attackers can make the server perform arbitrary requests to internal IPs as well as use the file:/// protocol to disclose internal image data. Proof of Concept 1: Create a valid image file on the server /path/to/index.png 2: Choose add Image URLs and use a valid URL and click OK. Then...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/09/12 5:30 p.m.16 views

Cross-site Scripting (XSS) - Stored in fisharebest/webtrees

✍️ Description A malicious actor is able to add a malicious payload as a Family Tree Title, and after click the Family Tree nav button from the My Pages Menu, the XSS payload is executed. 🕵️‍♂️ Proof of Concept 1;Create a new family tree, either when logging in after install for the first time, or...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/09/06 6:10 a.m.16 views

Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver

✍️ Description Accept Bitcoin payments. Free, open-source & self-hosted, Bitcoin payment processor this package is vulnerable for xss 🕵️‍♂️ Proof of Concept 💥 Impact This vulnerability is capable of xss...

3.5CVSS2AI score0.00542EPSS
Exploits1
Huntr
Huntr
added 2021/09/02 11:59 a.m.16 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description A malicious actor is able to add new Milestone with a malicious payload, and upon opening the research menu, the XSS payload is being executed. 🕵️‍♂️ Proof of Concept - 1; Log in with a proper roled user - 2; Add a new Milestone to the system at the /tickets/roadmap URI with the +...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/09/02 10:35 a.m.16 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description A malicious actor is able to add New Project with a malicious payload, and upon opening the research menu, the XSS payload is being executed. 🕵️‍♂️ Proof of Concept 1; Log in with a proper roled user 2; Add a new Project to the system at the /projects/showAll/ URI with the + New...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/08/29 10:59 p.m.16 views

Cross-Site Request Forgery (CSRF) in combodo/itop

✍️ Description Attacker able to delete Standard SLA with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/08/26 3:28 p.m.16 views

Cross-Site Request Forgery (CSRF) in azuracast/azuracast

✍️ Description Attacker able to enable any Streamer/DJ account section with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/08/23 3:56 p.m.16 views

in getgrav/grav-plugin-admin

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

5.8CVSS1.3AI score0.01547EPSS
Exploits1References1
Huntr
Huntr
added 2021/08/23 8:33 a.m.16 views

Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin

✍️ Description The delete key functionality in the application is vulnerable to CSRF attack. 🕵️‍♂️ Proof of Concept history.pushState'', '', '/' 💥 Impact This vulnerability can let an attacker delete data from the database without the knowledge/interaction of the user...

2.4AI score
Exploits0References1
Huntr
Huntr
added 2021/08/01 10:36 p.m.16 views

in aquilacms/aquilacms

✍️ Description Unauthenticated API function allows any user to change OR view another user first name, last name, password, and address information. As well, leaked activateAccountToken and resetPassToken can be viewed. 🕵️‍♂️ Proof of Concept The attacker can guess the correct MongoDBobject ID and...

6.8AI score
Exploits0References1
Huntr
Huntr
added 2021/07/30 4:59 p.m.16 views

in babybuddy/babybuddy

✍️ Description According to 1 we have : The secure attribute is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure attribute is to prevent cookies from being observed by unauthorized parties due to the...

1AI score
Exploits0
Huntr
Huntr
added 2021/07/26 5:58 p.m.16 views

Cross-Site Request Forgery (CSRF) in changeweb/unifiedtransform

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/07/18 3:22 p.m.16 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker able to reopen any Poll in Tools section. 🕵️‍♂️ Proof of Concept // PoC.html https://demo.dolibarr.org/opensurvey/card.php?action=reopen&id=amyra52rg3g4ywzj...

1AI score
Exploits0
Huntr
Huntr
added 2021/05/18 6:2 a.m.16 views

in tagspaces/tagspaces

Vulnerability Code Execution using Reflected Cross Site Scripting ✍️ Description Tagspaces is a file organizer that also works as a file manager. When you open a file, it tries to provide a preview of common files like images, code and text files. But if the extension is not known to tagspaces, it...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/04/16 2:12 p.m.16 views

Server-Side Request Forgery (SSRF) in prasathmani/tinyfilemanager

✍️ Description SSRF to access internal server 🕵️‍♂️ Proof of Concept 1. goto http://localhost/tinyfilemanager/index.php?p=&upload and put internal serveer address and see it will fetch that file Video Poc https://drive.google.com/file/d/1dsTqvuQbGN619Gdncze4tuIH7MsonliT/view?usp=sharing 💥 Impact...

1AI score
Exploits0References2
Huntr
Huntr
added 2021/03/25 4:6 p.m.16 views

Cross-site Scripting (XSS) - Generic in maxsite/cms

✍️ Description Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/03/17 8:20 p.m.16 views

Command Injection in yibn2008/find-process

✍️ Description find-process is vulnerable to Command Injection through the find function. This function is capable to get information about running processes by PID number, port number or a string value. 🕵️‍♂️ Proof of Concept // PoC.js const find = require'find-process'; const command = "$touch...

2.6AI score
Exploits0References1
Huntr
Huntr
added 2021/03/10 4:44 p.m.16 views

Code Injection in prayag2/konsave

✍️ Description konsave is a CLI program that will let you save and apply your KDE Plasma customizations with just one command , which is vulnerable to YAML deserialization attack caused by unsafe loading leads to Arbitary Code Execution. 🕵️‍♂️ Proof of Concept Installation bash pip install konsave...

2.3AI score
Exploits0References2
Huntr
Huntr
added 2021/02/18 12:0 a.m.16 views

Code Injection in ngockhanh5110/nlp-vietnamese-text-summarization

Description nlp-vietnamese-text-summarization package is vulnerable to Arbitary Code Execution due to insecure yaml desearilization. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept steps to reproduce: python import os...

2.7AI score
Exploits0
Huntr
Huntr
added 2021/02/18 12:0 a.m.16 views

Code Injection in xdf8/deepfriedbot

Description DeepFriedBot is a telegram bot that sends random deep fried memes, package is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept python import os os.system'https://github.com/xdf8/DeepFriedBot'...

2.6AI score
Exploits0
Huntr
Huntr
added 2021/02/14 12:0 a.m.16 views

Cross-site Scripting (XSS) - Generic in ciur/papermerge-js

Description Papermerge is an open source document management system DMS primarily designed for archiving and retrieving your digital documents. Instead of having piles of paper documents all over your desk, office or drawers - you can quickly scan them and configure your scanner to directly uploa...

6.2AI score
Exploits0
Huntr
Huntr
added 2021/01/30 12:0 a.m.16 views

Code Injection in nosarthur/gita

✍️ Description gita helps to Manage multiple git repos with sanity. Vulnerability description Vulnerable to YAML deserialization attack caused by unsafe loading. 🕵️‍♂️ Proof of Concept vulnerable part of code yaml.load in getcmdsfromfiles...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/01/10 12:0 a.m.16 views

Prototype Pollution in allgay/jsonuri

Description jsonuri is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js const set = require'jsonuri' var obj = console.log"Before : " + .polluted; set, 'proto/polluted', 'Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute the following...

1.8AI score
Exploits0
Total number of security vulnerabilities4072