Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/02/28 10:45 a.m.15 views

Stored XSS in Notification and Data Management

Description Please enter a description of the vulnerability. Proof of Concept 1. Go to a survey and to Settings = Notifications and data. 2. Turn off Inherit option for Send basic notification email to: or Send basic notification email to: 3. Enter the following payload: " and Save...

6.7AI score
Exploits0References1
Huntr
Huntr
added 2023/02/21 7:28 a.m.15 views

Rxss in msg parameter

Affected url Affected parameter : msg It appear that html tags are rendered in the page via msg parameter. So I tried tag and it work, so i tried adding event handlers in this case onpageshow=alertdocument.domainand it trigred xss. POC :...

1.6AI score
Exploits0
Huntr
Huntr
added 2023/02/20 8:21 a.m.15 views

Race Condition Vulnerability can Leads to Up Vote Stealing

Description I tested in the live production site https://meta.answer.dev/. There are up vote / down vote functions in answerdev. An attacker can increase or decrease votes by using race condition vulnerability. Proof of Concept 1. Go to an question and press up vote or down vote. 2. PoC will show...

2.6CVSS6.8AI score0.00405EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/18 4:28 a.m.15 views

XSS in /admin/domains when filtering a specific tag

Description Reflected XSS happens when filtering a specific tag in the Domains page and changing the "domfilter" URL query parameter to the malicious string. Proof of Concept 1 - Login as a domain admin 2 - Go to the Domains page 3 - Click on one of the existing tags 4 - Change the domfilter quer...

4.3CVSS5.1AI score0.00494EPSS
Exploits1
Huntr
Huntr
added 2023/01/15 4:48 p.m.15 views

CSRF, Reflected XSS and Stored XSS in add instance function

Description The add instance function allows to creation of an instance from user input but does not have any sanitizing mechanism which results in a Reflected XSS bug. This feature can be made by any user in the system, including guest users. After creating the instance will be saved on the...

1.2AI score
Exploits0
Huntr
Huntr
added 2023/01/12 2:55 p.m.15 views

Stored XSS in Your Answer

Description Evil users can attack other users or administrator users through this vulnerability, causing other users/administrator user accounts to be taken over Proof of Concept step1. Insert xss payload in the hyperlink of the question answer javaScript:alertlocalStorage.getItem'alui' step2. An...

6CVSS8.5AI score0.00871EPSS
Exploits1
Huntr
Huntr
added 2023/01/04 7:55 a.m.15 views

CSRF leading to delete account

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete user accounts via /account/delete. Proof of Concept 1. Create a new user. 2. Login as the new user. 3. Open the following HTML file in the browser. html history.pushState'...

3AI score0.00304EPSS
Exploits1
Huntr
Huntr
added 2022/12/22 8:7 a.m.15 views

Critical Account Takeover and Privilege Escalation

Description Critical account takeover and privilege escalation vulnerability allow a low privilege user to take over admin account by using change password functionality. In a normal user, select change password Change the user ID to 1 as it is the admin account user ID Admin account is taken ove...

4.2AI score
Exploits0
Huntr
Huntr
added 2022/12/21 7:56 a.m.15 views

Stored XSS in Search

Description Stored XSS is a type of XSS that stores malicious code on the application. The demo website is affected of it. Proof of Concept 1. Access to the demo website https://demo.usememos.com/ 2. At "Any thoughts....", write XSS Payload and save it. In this scenario, I used payload: " 3. Now,...

4.9CVSS5.3AI score0.00539EPSS
Exploits1
Huntr
Huntr
added 2022/12/18 3:29 a.m.15 views

Multiple Blind SQL Injection Vulnerabilities in Reports

Description SQL injection typically allows an attacker to extract the entire database from the vulnerable website, including user information, encrypted passwords, and business data. This can subsequently lead to mass compromise of user accounts, data being encrypted and held to ransom, or stolen...

7.8AI score
Exploits0References1
Huntr
Huntr
added 2022/11/10 10:32 a.m.15 views

HTML injection possible via LLDP

Description An unmanaged/foreign neighbouring device that is advertising its presence with LLDP can inject malicious HTML code into LibreNMS by setting its System Name TLV to whatever snippet is to be injected. This is assuming that a device that is managed by LibreNMS has LLDP and the...

6.2AI score
Exploits0
Huntr
Huntr
added 2022/11/02 9:16 a.m.15 views

Unrestricted File Upload

BigBlueButton 2.5.6 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures. PoC: 1- Submit the request to insertDocument, specifying the extension:...

7.2AI score
Exploits0
Huntr
Huntr
added 2022/11/02 7:22 a.m.15 views

Reflected XSS on multiple locations and parameters

Description The user input is not being sanitized properly on multiple locations and on different parameters leading to XSS. Proof of Concept https://demo.bumsys.org/reports/sales-report/?salesDate=" Payload "...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/11/01 5:47 p.m.15 views

Reflected Cross Site Scripting leading to session hijacking

Description Basic XSS: XSS Cross-Site Scripting vulnerabilities arise when untrusted data gets interpreted as code in a web context. XSS attacks effectively make the attacker logged in as the target user, with the nasty addition of tricking the user into giving some information such as their...

6.3AI score
Exploits0
Huntr
Huntr
added 2022/11/01 1:35 a.m.15 views

Eve has a Comparison of Incompatible Types that Results in Invalid State

Description A conditional statement that always resolves to False. Proof of Concept // eve/methods/common.py if field in document and documentfield is not None and documentfield is not Always resolves to False : relatedlinks =...

1.7AI score
Exploits0References1
Huntr
Huntr
added 2022/10/09 2:34 p.m.15 views

Reflected Cross-Site Scripting due to Improper Sanitization

Description User Input that is reflected in a JavaScript Context is not properly sanitized. The User Input is reflected inside of a single-quoted string and single-quotes are encoded. However, there is an issue with the entity removing HTML tags that prevents single-quotes from being encoded. Thi...

6.6AI score
Exploits0
Huntr
Huntr
added 2022/09/30 3:4 p.m.15 views

Weak password policy : Old password can be set as new password

Description Rdiffweb has a weak password implementation , where a new password set by the user can be same to the old password Proof of Concept 1 Go to https://rdiffweb-demo.ikus-soft.com/prefs/general end point 2 Change your password Set your new password similar to old password you will notice...

5CVSS4.6AI score0.00672EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/29 7:7 p.m.15 views

No notification triggered on sensitive actions like 2FA enable/disable

Description 2FA enable/disable is a sensitive action . As the application triggers a notification on all sensitive actions like email change/password reset , 2FA is also an important security feature to be notified about Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/mfa 2 Do a...

7.5CVSS1.3AI score0.0075EPSS
Exploits0
Huntr
Huntr
added 2022/09/24 5:36 a.m.15 views

No Limit in length of root directory name , results in memory consumption/DOS attack

Description There must be a fixed length for user input parameters like root directory name. Allowing users to enter long strings may result in a DOS attack or memory corruption Proof of Concept 1Go to https://rdiffweb-demo.ikus-soft.com/admin/users endpoint . 2Click on add user 3Here you will se...

5CVSS2.6AI score0.00943EPSS
Exploits1
Huntr
Huntr
added 2022/09/23 2:25 p.m.15 views

Stored XSS in Notifications

Description It is possible to create a notification with stored XSS which can result in the JavaScript code execution. Notifications can only be created while logged in on user with admin privileges, but once notification is created any user can see it. Proof of Concept Create notification with...

5.8CVSS1.5AI score0.00451EPSS
Exploits0
Huntr
Huntr
added 2022/09/21 7:23 p.m.15 views

Insufficient Session Expiration

Description Active user sessions are not invalidated when that user is disabled. Proof of Concept Steps to reproduce: 1. Log in with an admin account. 2. Create a test user with the user role Normal & enable that user 3. Log in with the test user in a separate browser or private browser window 4...

7.5CVSS0.9AI score0.00598EPSS
Exploits0References1
Huntr
Huntr
added 2022/09/20 6:53 p.m.15 views

Normal user can set himself or any other user to admin role

Description Improper access to an API endpointAddUserToRole can allow a regular user to escalate his privileges to be an admin Infected code AuthorizeRoles = Roles.User HttpPost public async Task AddUserToRoleFromQuery string username, string role var results = await...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/08/27 12:49 p.m.15 views

Session does not expire on logout

Description Existing session is not invalidated on actions like logout. The fact that the session key is valid for 1 year makes it more dangerous. Proof of Concept 1. Login to planka 2. Record the session token 3. Logout 4. Replay an authenticated request with the recorded token. The actions will...

1.8AI score
Exploits0References1
Huntr
Huntr
added 2022/08/08 5:26 p.m.15 views

IDOR allows to create new collection or modify a existing one

Description A normal user can create a new collection with the provided book ids or add new books to an existing collection, whose operations should be only executed by the administrator. \ \ This is possible due to an missing administrative role check in the /api/collection/update-for-series API...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/08/03 12:27 p.m.15 views

Remote Code Execution due to code injection

Description RCE in CP ADMIN site structure it needs admin privilege Because of the typo in the sanitization. Anyone who has admin privilege can edit “site structure”, bypass it and execute php code. And we can execute system or other system function by php, so that's a RCE vulnerability. And next...

2.6AI score
Exploits0
Huntr
Huntr
added 2022/06/26 8:6 a.m.15 views

Bypassing CSRF on Multiple Endpoint

Description It's possible to bypass the CSRF protection which is already implemented on the coreBOS CMS. When some request not contain any valid CSRF token, the webpage will be displayed an error like: CSRF Error. The reason this happens is that the page has been open without any interaction for...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/06/17 4:51 p.m.15 views

Password Reset Allows For User Email Enumeration

Description The password reset function at the login page responds to valid and invalid emails in the application. Submitting an invalid email result in "The e-mail address is not assigned to any user account." A valid response results in a message stating an email has been sent. Proof of Concept...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2022/06/11 8:55 a.m.15 views

Stored XSS in Part IPN

Description The application inventree is vulnerable to Stored XSS in part IPN field. Proof of Concept Video PoC link: https://drive.google.com/file/d/1HEy7XS89FlzVSPFGilowBrBDMPAfCs/view?usp=sharing...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/06/07 9:45 a.m.15 views

https://huntr.dev/bounties/582cb14b-b2a8-4064-91c5-b580ff69ba07/ fix bypass; XSS via improper input validation of \t and lone \n character

Description I read this report https://huntr.dev/bounties/582cb14b-b2a8-4064-91c5-b580ff69ba07/ and noticed \t and lone \n is also missing from the filter list in the regex URL replace/\r?\n|\r/gm, "" All instances of \r \n and \t should be cleaned, but the filter list only checks for \r\n or \r...

Exploits0
Huntr
Huntr
added 2022/06/01 1:54 p.m.15 views

OS Command Injection

Description A OS Command Injection in rancher continuous delivery panel, add repository function Proof of Concept first install a rancher in docker and login. Go to continuous delivery panel and click add repository button.\ set repository url as --upload-pack=$touch /tmp/poc, and click Create...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/06/01 5:25 a.m.15 views

Improper Restriction of Excessive Authentication Attempts in login feature

Description No rate limiting in login form leads to bruteforce attack Steps to reproduce 1.Go to http://localhost:/login 2.Login with wrong credentials 3.Capture POST request with Burp Suite and Send to Intruder 4.Create 100 null payloads and start attack 5.Noticed that all request return 200...

7.5CVSS9.2AI score0.00762EPSS
Exploits1
Huntr
Huntr
added 2022/05/10 3:10 a.m.15 views

Cross-site Scripting (XSS) in Search Fuction with filter

Description The is an XSS could be trigger via search function in number filter. Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of...

2.9AI score
Exploits0
Huntr
Huntr
added 2022/05/01 7:47 a.m.15 views

Store XSS

Description Phishing and stealing users through vulnerabilities and accessing users' personal information Proof of Concept POST /admin/enhavo/article/article/update/5?viewid=6 HTTP/1.1 Host: demo.enhavo.com User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:56.0 Gecko/20100101 Firefox/56.0...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2022/04/24 2:11 a.m.15 views

Authenticated Reflected XSS

Description Hello Team , I found a Authenticated Reflected XSS when you go here : https://demo.collectiveaccess.org and then login as demo , demo username,password Proof of Concept https://demo.collectiveaccess.org/lookup/DisplayTemplate/Get?table=caobjects&id=21&template=asdasdasdasd alert1xx...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/04/23 3:31 a.m.15 views

Improper authorization - receptionist can read all secure messaging

Description Hi there openemr maintainers, I would like to report an improper authorization vulnerability in your source code. Proof of Concept 1. Install openemr in your system and create an admin account and a receptionist account 2. Use admin account and create a secure message by go to Portal...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/03/15 11:6 a.m.15 views

Path Traversal

Description A Path Traversal vulnerability exists in Language export function, which allows attacker upload files to an arbitrary location in the server. By adding the special characters on filename, it can lead to a Denial Of Service Attack. Proof of Concept 1. Use the credential, access to the...

2.8AI score
Exploits0
Huntr
Huntr
added 2022/02/28 7:32 p.m.15 views

OS Command Injection

Description npm-lockfile before 2.0.4 does not santize unsafe external input and invoke sensitive command execution API with the input, causing command injection vulnerability. Proof of Concept // npm i [email protected] const getLockfile = require'npm-lockfile/getLockfile';...

10CVSS3AI score0.02675EPSS
Exploits1
Huntr
Huntr
added 2022/02/25 6:35 a.m.15 views

Improper Authorization in User Management to Vertical Privilege Escalation

Description Pandora FMS v7.0NG.759 allows improper authorization in User Management where any authenticated user with access to the User Management module could create, modify, delete any user with full admin privilege. The impact could lead to vertical privilege escalation to access the privileg...

6.5CVSS1.8AI score0.00593EPSS
Exploits0References1
Huntr
Huntr
added 2022/02/14 10:35 p.m.15 views

in helloxz/onenav

Description During the comparisons of different variables, PHP will automatically convert the data into a common, comparable type. This makes it possible to compare the number 12 to the string '12' or check whether or not a string is empty by using a comparison like $string == True. This, however...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/01/31 9:45 a.m.15 views

Cross-site Scripting (XSS) - Reflected in ptrofimov/beanstalk_console

Description Beanstalk Console is vulnerable to reflected Cross-Site Scripting via the server parameter. Steps to reproduce 1. Setup the Beanstalk console locally. 2. Go to https://localhost/public/? and add a random server. 3. Visit...

4.3CVSS0.6AI score0.0087EPSS
Exploits1
Huntr
Huntr
added 2022/01/30 3:7 a.m.15 views

Improper Privilege Management in liangliangyy/djangoblog

Description Hi there, I would like to report an improper privilege management vulnerability in djangoblog source code. This would allow an attacker to create comment on behalf of anyone. Proof of Concept 1. Install a local instance of djangoblog, login as admin and create an article 2. Create a n...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/01/26 7:20 a.m.15 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS is found in ModuleFormsList of formsNew. Use payload constructor.constructor'alert1' while creating form, and you will see that the input gets stored, and every time the user visits, the payload gets executed. Proof of Concept Impact Through this vulnerability, an attacker ...

3.5CVSS1.2AI score0.00687EPSS
Exploits1
Huntr
Huntr
added 2022/01/25 11:49 a.m.15 views

SQL Injection in star7th/showdoc

Description The uid parameter does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection. Proof of Concept Time based: POST /server/index.php?s=/api/adminUser/addUser HTTP/1.1 Content-Type: application/x-www-form-urlencoded Accept:...

7.5CVSS0.6AI score0.01439EPSS
Exploits1
Huntr
Huntr
added 2022/01/24 4:2 p.m.15 views

Cross-Site Request Forgery (CSRF) in requarks/wiki

Note: Not a vulnerability in ExpressJS Description Fix can by bypassed. Express treats routes as case insensitive while req.path is case sensitive. The fix in the previous report was to check if req.path === "/u"...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/01/24 3:30 a.m.15 views

Improper Authorization in liukuo362573/yishaadmin

Description Hi there, there is another Improper authorization in /admin/OrganizationManage/Department/GetFormJson Proof of Concept 1. Open link http://106.14.124.170/admin/OrganizationManage/Department/GetFormJson?id=16508640061124402 without logging in demo page. 2. See that department data is...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/01/22 9:10 a.m.15 views

Improper Authorization in liukuo362573/yishaadmin

Description Hi there yisshadmin team, I would like to report an improper authorization in yishaadmin source code. The link /admin/ToolManage/Server/ServerIndex requires no authorization and available for anyone to view server information like IP, RAM, CPU... Proof of Concept 1. Access the link...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/01/16 10:5 p.m.15 views

Inefficient Regular Expression Complexity in parallax/jspdf

Description The jspdf package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the setZoomMode functionality may cause an application to consume an excessive amount of CPU. Proof of Concept // PoC.js var jsPDF = require"jspdf".jsPDF...

2.4AI score
Exploits0
Huntr
Huntr
added 2022/01/09 4:8 p.m.15 views

Business Logic Errors in dolibarr/dolibarr

Description The application does not check the input of price number lead to Business Logic error through negative price amount. Proof of Concept 1. Go to Product and Services area htdocs/product/index.php 2. Create a new or edit an item, insert a negative amount into Selling price field. Also in...

4CVSS2AI score0.00851EPSS
Exploits1
Huntr
Huntr
added 2022/01/06 11:35 a.m.15 views

Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore

Description The application does not escape special characters before output to FE, lead to stored XSS. Proof of Concept Example of a case: 1. Go to Content Content Types /Admin/ContentTypes/List 2. Create or edit a type with XSS payload into Display Name field, e.g: Social Meta Settings Tick on...

3.5CVSS0.5AI score0.00634EPSS
Exploits1
Huntr
Huntr
added 2022/01/05 9:30 a.m.15 views

Exposure of Sensitive Information to an Unauthorized Actor in axios/axios

BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...

9.5AI score
Exploits0
Total number of security vulnerabilities4072