Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/12/29 3:53 p.m.15 views

Cross-site Scripting (XSS) - Stored in convos-chat/convos

Description The Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quarter does not exist. Proof ...

3.5CVSS5.6AI score0.00932EPSS
Exploits1
Huntr
Huntr
added 2021/12/28 4:20 a.m.15 views

Cross-site Scripting (XSS) - Stored in convos-chat/convos

Description The Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload .html extension. This causes Stored XSS. Also, after uploading a file, it does not log in, and XSS occurs even if you connect. Proof of Conce...

3.5CVSS5.6AI score0.00831EPSS
Exploits1
Huntr
Huntr
added 2021/12/23 12:30 a.m.15 views

Improper Privilege Management in rhizome-conifer/conifer

Description Hi there, I would like to report an improper privilege escalation in conifer. Any user can view all recordings of other users. Proof of Concept 1. Go to https://conifer.rhizome.org/ and register 2 accounts, let's call it user1 and user2 2. Use user1 and create a collection, let's name...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/12/20 12:43 a.m.15 views

SQL Injection in tsolucio/corebos

Description coreBOS is vulnerable to Blind SQL Injections in parameter userviewtype which allows the attacker to execute SQL commands on the target database. it is a time-based attack in which the result of the query will be determined based on the time of the response. payload...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/12/18 4:55 a.m.15 views

Cross-site Scripting (XSS) - Reflected in opensourcepos/opensourcepos

Description Reflected Cross site scripting vulnerability in barcode field and name field in itemkits category Proof of Concept 1. Login to the demo account 2. Go to item kits , edit any item and add payload in barcode field and click save 3. payload " 4. poc 1 https://ibb.co/ZJZLKdQ 5. poc 2...

Exploits0
Huntr
Huntr
added 2021/12/14 12:3 a.m.15 views

in convos-chat/convos

Description Hi there, I would like to report a vulnerability that allows a hacker to upload dangerous file type in convos. Proof of Concept Go to a conversation and click on upload file, then upload a file. The request to upload file looks like this: POST /api/files.json HTTP/1.1 Host:...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/12/06 1:43 p.m.15 views

Cross-site Scripting (XSS) - Generic in uiwjs/react-md-editor

Description XSS vulnerability through the markdown editor Proof of Concept Steps to Reproduce Visit the demo page. Past the payload in the markdown editor. Impact - Steal a user's token - Session hijacking...

1.2AI score
Exploits0References1
Huntr
Huntr
added 2021/11/30 12:11 p.m.15 views

Prototype Pollution in fabiocaccamo/utils.js

Summary I discovered a prototype pollution vulnerability via utils.js method analysis. javascript set: functionobj, path, value var keys = path.split'.'; var key; var cursor = obj; for var i = 0, j = keys.length; i j; i++ key = keysi; if !TypeUtil.isObjectcursorkey cursorkey = ; if i j - 1 cursor...

7.5CVSS0.9AI score0.00843EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/28 3:48 a.m.15 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description coreBOS is vulnerable to Stored XSS via Entity Name in User Preferences. Steps to reproduce 1.After login, click on the avatar icon on the top right corner to go to My Preferences 2.Click Edit button 3.In Last Name field, input payload then click Save button 4.Now you will see that th...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/11/23 9:11 a.m.15 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Description CSRF to disable 2FA Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking users to disable 2FA...

4.3CVSS0.9AI score0.00429EPSS
Exploits1
Huntr
Huntr
added 2021/11/20 1:39 p.m.15 views

Open Redirect in star7th/showdoc

Description I found a new way to exploit Open Redirect at the "redirect" parameter on the login page by using the Chinese dot %E3%80%82 to bypass the dot . filter. Vulnerable parameter redirect Payload /%09/google%E3%80%82com Proof of Concept Send users the following login link...

5.8CVSS0.3AI score0.00822EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/20 6:56 a.m.15 views

Improper Access Control in kevinpapst/kimai2

Description Authenticated users can preview invoices which they do not have read access to Proof of Concept To demonstrate this vulnerability, we will use tonyteamlead on the demo site. 1: Login as tonyteamlead. 2: Go to Invoices page, see that there is no Haley-Jaskolski invoice document present...

4CVSS2.8AI score0.01031EPSS
Exploits1
Huntr
Huntr
added 2021/11/19 8:53 p.m.15 views

Improper Authorization in dolibarr/dolibarr

Description I found an IDOR in Dolibarr In preview2.dolibarr.org login with demo:demo then open Agenda section first, I Change all permissions of demo user in Reception to None second, I can't see the Receptions List in Products at all But I am able to see following Reception...

1.5AI score0.00309EPSS
Exploits0
Huntr
Huntr
added 2021/11/16 4:31 p.m.15 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF to delete chat messages POC CLICK ME! Impact This vulnerability is capable of tricking users to delete messages. This is probably the last state-changing endpoint in your application which is unprotected from CSRF...

2.7AI score
Exploits0
Huntr
Huntr
added 2021/11/16 3:57 a.m.15 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF related to Torrents section. 6 actions recorded 1: /id/torrentfl 2: /id/torrentdoubleup 3: /id/bumpTorrent 4: /id/torrentsticky 5: /id/reseed 6: /id/freeleechtoken Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking admin users to reseed / use freeleech...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/11/15 2:49 a.m.15 views

Improper Access Control in janeczku/calibre-web

Description Although a user has no permissions about public shelves, he can create them. Proof of Concept The method createshelf at shelf.py does not check if the user has public shelf permissions for create it. @shelf.route"/shelf/create", methods="GET", "POST" @loginrequired def createshelf:...

0.3AI score0.00334EPSS
Exploits1
Huntr
Huntr
added 2021/11/01 7:37 a.m.15 views

in sebastienheyd/boilerplate-media-manager

Description RCE via 'Rename Media' after upload media on boilerplate-media-manager 7.1.3 Proof of Concept // PoC.req upload media POST /admin/medias/ajax/upload HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101 Firefox/94.0 Accept:...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/10/25 4:36 p.m.15 views

in marcoax/magutticms

Description RCE via 'upload file image or document' on maguttiCms 8.62 allows remote authenticated administrators to execute arbitrary PHP code Proof of Concept // PoC.req POST /admin/api/uploadifiveSingle HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15;...

0.3AI score
Exploits0References3
Huntr
Huntr
added 2021/10/23 9:52 p.m.15 views

Sensitive Cookie Without 'HttpOnly' Flag in namelessmc/nameless

Description Due to a culmination of factors in the design of the authentication and authorization system and a lack of proper cookie setting it is possible for a malicious user to exfiltrate session tokens from a NamelessMC instance and aggregate them in a remote service. A malicious administrati...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/10/19 12:35 p.m.15 views

Cross-site Scripting (XSS) - Stored in boxbilling/boxbilling

Description Stored XSS at parameter 'iconurl' when Create New Product, New Category or New Addon Proof of Concept // PoC.req POST /BoxBilling/src/index.php?url=/api/admin/product/update HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2021/10/17 12:57 p.m.15 views

Session Fixation in admidio/admidio

Description admin create a membermember role user named B then B log in to the Admidio after that user B already logged into the Admidio, Admin decide to delete all Roles of user B but user B can do anything that he/she can do before...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/10/16 6:12 a.m.15 views

Cross-Site Request Forgery (CSRF) in pkp/ojs

Description No CSRF token in DataCite save settings plugin OJS only POC document.forms0.submit; Impact This vulnerability is capable of tricking admins to change settings for OJS DataCite plugin...

2.2AI score
Exploits0
Huntr
Huntr
added 2021/10/14 9:54 a.m.15 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

Description More instances of CSRF Proof of Concept /index.php?route=/panel/users/reports/&action=close&id=1 /index.php?route=/panel/users/reports/&action=open&id=1 /index.php?route=/panel/core/emails/errors/&do=delete&id=2 /index.php?route=/panel/core/emails/errors/&do=purge...

2.4AI score
Exploits0
Huntr
Huntr
added 2021/10/13 3:38 p.m.15 views

in star7th/showdoc

Firstly, I would say to the dev, your application Showdoc is good to use, and I will keep an eye on it, continuously improving the safety of it. Then, I would also thank the staff in huntr.dev, your quick response impressed me a lot. ​ Good to work with you enthusiastic people. ​ Description ​...

7.4AI score
Exploits0References1
Huntr
Huntr
added 2021/10/08 6:18 p.m.15 views

in squell/id3

Description Hello, I hope you're doing well. Whilst testing id3 built from commit 896d42a, we discovered crafted input which triggers a negative-size-param size=-1 error when when calling memcpy, causing the software to crash. Proof of Concept First... Second... echo...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/10/05 3:58 a.m.15 views

Cross-site Scripting (XSS) - Reflected in yeswiki/yeswiki

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.2AI score
Exploits0References2
Huntr
Huntr
added 2021/09/30 3:47 p.m.15 views

Cross-site Scripting (XSS) - Stored in fisharebest/webtrees

Description Multiple Stored XSS when Add new record at features Add a source citation, Add a shared note Proof of Concept // PoC.req POST /demo-stable/index.php?route=%2Fdemo-stable%2Ftree%2Fdemo%2Fcreate-source HTTP/2 Host: dev.webtrees.net Cookie: Secure-WT-ID=35jvr7cdk25bf0s6k0e1r91c3e...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/09/29 8:6 p.m.15 views

Open Redirect in sbrl/pepperminty-wiki

Description I saw this report https://huntr.dev/bounties/89f222e4-2aaa-44f8-8b24-657d3a0e741f/ and this fix commit : https://github.com/sbrl/Pepperminty-Wiki/blob/f59e68127cb4147e49f9453e1f657cc24972fda5/modules/page-login.phpL167 and I find out that you never use the new $returntoredirect...

7.3AI score
Exploits0
Huntr
Huntr
added 2021/09/25 3:41 p.m.15 views

Server-Side Request Forgery (SSRF) in collectiveaccess/providence

Description Authenticated, blind SSRF vulnerability exists in CollectiveAccess. Requires edit access tested with default cataloguer account Proof of Concept As the 'cataloguer', user: Step 1. Create a new object with the title: Step 2. After submitting this object, browse for objects in...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/09/25 9:59 a.m.15 views

Cross-site Scripting (XSS) - Stored in jonschoning/espial

Description Stored XSS in parameter description when add url Proof of Concept // PoC.request POST /api/add HTTP/2 Host: esp.ae8.org Cookie:...

6.3AI score
Exploits0
Huntr
Huntr
added 2021/09/19 6:12 p.m.15 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Description Hello dear firefly-iii team I found some CSRFs with low priority in firefly-iii...

6.8CVSS1.4AI score0.00524EPSS
Exploits1
Huntr
Huntr
added 2021/09/16 4:40 p.m.15 views

Cross-site Scripting (XSS) - Stored in zhongshaofa/easyadmin

Description Stored XSS in FileName allows for arbitrary execution of JavaScript Proof of Concept At Upload Management Upload File Image with filename : Sun'set.jpg Image Upload File https://user-images.githubusercontent.com/31820707/133646077-b6a14692-fea3-4a37-95e7-eb4c4e6f9073.png Image XSS...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/09/15 2:54 p.m.15 views

in khodakhah/nodcms

Description Clear Text submission of password through unencrypted channel Proof of Concept POST /en/login HTTP/1.1 Host: demo.nodcms.com User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:92.0 Gecko/20100101 Firefox/92.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language:...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2021/09/13 6:56 a.m.15 views

Cross-Site Request Forgery (CSRF) in e107inc/e107

✍️ Description Attacker or malicious user is able to change delete any banning record if a logged in user visits attacker website. because lack of CSRF token "checking" 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally blacklist record with...

1.2AI score
Exploits0References1
Huntr
Huntr
added 2021/09/13 6:52 a.m.15 views

Cross-Site Request Forgery (CSRF) in e107inc/e107

✍️ Description Attacker or malicious user is able to change social setting if a logged in user visits attacker website. because lack of CSRF token 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally your facebook page changed to...

Exploits0References1
Huntr
Huntr
added 2021/09/12 11:23 p.m.15 views

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

✍️ Description Attacker able to Purge All Archive Messages with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/09/12 3:25 a.m.15 views

in bfabiszewski/libmobi

✍️ Description Overview This vulnerability is of out-of-bound read, which lets attackers read memory information beyond the buffer size. Possibly, attackers can use this to do DOS Denial of Service attack or ALSR bypass by reading sensitive memory address information to all applications which use...

5.8CVSS0.4AI score0.012EPSS
Exploits1
Huntr
Huntr
added 2021/09/08 11:1 a.m.15 views

Prototype Pollution in viking04/merge

✍️ Description The npm package @viking04/merge is vulnerable to Prototype Pollution. More Details on the Vulnerability: https://medium.com/node-modules/what-is-prototype-pollution-and-why-is-it-such-a-big-deal-2dd8d89a93c 🕵️‍♂️ Proof of Concept LIVE POC LINK var merge = require"@viking04/merge" var...

7.5CVSS0.1AI score0.01429EPSS
Exploits1
Huntr
Huntr
added 2021/09/06 10:18 a.m.15 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

✍️ Description With CSRF vulnerability Attacker able to add any member to for any item if users visit attacker website. We can bypass the CSRF Protection if we put our payload on a iframe or a html file and send them to victim as after that the Origin header will be set to null and we can bypass...

5.8CVSS0.9AI score0.00399EPSS
Exploits1
Huntr
Huntr
added 2021/09/04 9:35 a.m.15 views

Improper Authorization in imran300/inventory

✍️ Description A designer user can deactivate any other users IDOR. 🕵️‍♂️ Proof of Concept go to this url when logging in as a Designer. http://localhost:8000/inventory/index.php/Users/deactiveStatus/10 and then you can see that a user with id 10 will be deactivated. 💥 Impact This vulnerability is...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/09/02 3:11 a.m.15 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in flatpressblog/flatpress

✍️ Description The secure flag is not set for session cookies in the application. 🕵️‍♂️ Proof of Concept 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2021/09/01 1:4 p.m.15 views

Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack

✍️ Description There is svg tag filtration problem in "book page" egit leading to stored XSS. SVG images can be used on book pages, but there is not server side attribute filtration implemented for it. 🕵️‍♂️ Proof of Concept There is filter for href attribute, but inside SVG xlink:href used. That...

3.5CVSS0.1AI score0.0058EPSS
Exploits1
Huntr
Huntr
added 2021/08/24 9:4 p.m.15 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

✍️ Description csrf bug to update uploaded-file 🕵️‍♂️ Proof of Concept Bellow request is vulnerable to csrf bug to update uploaded-file. Submit request POST /siteadmin/file/edit/2 HTTP/1.1 Host: demo.livehelperchat.com Cookie: PHPSESSID=b8cdt7e1436rstdhbgq5mjqskq User-Agent: Mozilla/5.0 X11;...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/08/05 3:13 p.m.15 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

✍️ Description Attacker able to delete any Document with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/08/05 3:13 p.m.15 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

✍️ Description Attacker able to delete any Campaign with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/07/31 2:1 p.m.15 views

Improper Privilege Management in amirsanni/mini-inventory-and-sales-management-system

💥 BUG unprivileged user can update item 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ 2. Now goto user-B account and here user-B cant see any item.\ Now user-B execute...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/07/30 10:20 a.m.15 views

Cross-Site Request Forgery (CSRF) in pimcore/pimcore

✍️ Description Your application have not any CSRF protection and also You set the SameSite attribute to Lax, this means if you want to alter some data with GET HTTP requests, then your site should be vulnerable to CSRF attacks with no doubt. First you run this Html payload and then you should see...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/07/22 6:18 p.m.15 views

Cross-Site Request Forgery (CSRF) in emoncms/dashboard

💥 BUG csrf bug to change schedule to public 💥 STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/schedule/set.json?id=1&fields=%22public%22:true and your schedule will be change from private to public. 💥 IMPACT Any attacker can send those link to vicitm...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/07/21 11:48 a.m.15 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to classify bill of sales-order 🕵️‍♂️ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when classify bill of sales-order ....

1AI score
Exploits0
Huntr
Huntr
added 2021/07/18 5:33 p.m.15 views

Inefficient Regular Expression Complexity in cronvel/string-kit

✍️ Description A ReDoS regular expression denial of service flaw was found in the string-kit package. An attacker that is able to provide crafted input to the naturalSort function may cause an application to consume an excessive amount of CPU. 🕵️‍♂️ Proof of Concept Create the following PoC file:...

1.2AI score
Exploits0
Total number of security vulnerabilities4072