Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/05/16 4:57 a.m.15 views

Cross-site Scripting (XSS) - Stored in knadh/listmonk

✍️ Description Stored xss 🕵️‍♂️ Proof of Concept Check this recorded video https://drive.google.com/file/d/1wlbisKCbYUZprOkAGzWGRQm0f-LDRD/view?usp=sharing 💥 Impact xss...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/04/17 4:26 p.m.15 views

Cross-site Scripting (XSS) - Generic in boxbilling/boxbilling

✍️ Description Xss via support ticket 🕵️‍♂️ Proof of Concept login into your boxbilling account and create support ticket . put bellow xss payload in support ticket click-me Now save the link and click the and see xss is executed Video Poc--...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/04/16 7:30 a.m.15 views

Cross-site Scripting (XSS) - Generic in chatwoot/chatwoot

SUMMURY i contacted the company directly , but they told me submit the bug through huntr ✍️ Description Stored xss .Agent can make cross site scripting against admin VIDEO POC https://drive.google.com/file/d/1vWXiFKbsqVhMUS4kgpz50wSNsFTo9Ny/view?usp=sharing 🕵️‍♂️ Proof of Concept STEP TO REPRODUCE...

6.2AI score
Exploits0
Huntr
Huntr
added 2021/03/26 11:41 a.m.15 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtereritem" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/02/07 12:0 a.m.15 views

Prototype Pollution in sttk/fav-prop.set-deep

Description @fav/prop.set-deep is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js var setDeep = require"@fav/prop.set-deep" var obj = ; console.log"Before: " + .polluted; setDeepobj, "proto", "polluted", "Yes, its polluted"...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/01/26 12:0 a.m.15 views

Prototype Pollution in cronvel/tree-kit

Description tree-kit is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const dotPath = require'tree-kit' console.log"Before: ", .polluted dotPath.set, 'proto.polluted', true console.log"After: ", .polluted 2. Execute the following comman...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/01/06 12:0 a.m.15 views

in catalyst-team/catalyst

Description Catalyst is a PyTorch framework for Deep Learning research and development. It focuses on reproducibility, rapid experimentation, and codebase reuse so you can create something new rather than write another regular train loop. This package was vulnerable to Arbitrary code execution vi...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2020/12/21 12:0 a.m.15 views

Prototype Pollution in patrickleet/expand-keys

Description expand-keys is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var expandKeys = require"expand-keys" console.log"Before : " + .polluted; expandKeys"proto.polluted": "Yes! Its Polluted" console.log"After : " + .polluted; 2. Execute the...

2.5AI score
Exploits0
Huntr
Huntr
added 2020/12/21 12:0 a.m.15 views

Code Injection in ultralytics/yolov5

Description Arbitrary Code Excecution in ultralytics/yolov5. Yolov5 is a Object Detection model from Ultralytics. Ultralytics is a U.S.-based particle physics and AI startup with over 6 years of expertise supporting government, academic and business clients. Ultralytics offer a wide range of visi...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2020/10/30 12:0 a.m.15 views

Prototype Pollution in okunishinishi/node-objnest

Description objnest is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var objnest = require"objnest" console.log"Before : " +...

1.8AI score
Exploits0
Huntr
Huntr
added 2020/09/03 12:0 a.m.15 views

Code Injection in swig/swig

Description SWIG is a compiler that integrates C and C++ with languages including Perl, Python, Tcl, Ruby, PHP, Java, C, D, Go, Lua, Octave, R, Scheme Guile, MzScheme/Racket, Scilab, Ocaml. SWIG can also export its parse tree into XML. One of the python tools of swig include a mkdist.py script...

1.6AI score
Exploits0
Huntr
Huntr
added 2020/05/02 12:0 a.m.15 views

Code Injection in courajs/node-svn

Description The svn module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var SVN = require'svn'; var svn = new SVN'./workingcopy'; svn.info"test; touch...

2.3AI score
Exploits0
Huntr
Huntr
added 2020/04/13 12:0 a.m.15 views

Code Injection in heroku/heroku-exec-util

Description The heroku-exec-util module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var heu = require'heroku-exec-util'; heu.sshargs:,'test; touch...

2AI score
Exploits0
Huntr
Huntr
added 2020/04/03 12:0 a.m.15 views

Command Injection in joeyism/node-git-lib

Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Create the following PoC file: js // poc.js var git = require"git-lib"; git .add"test;touch HACKED;" .thenfunction / successfully added /...

1.3AI score
Exploits0
Huntr
Huntr
added 2020/04/03 12:0 a.m.15 views

Command Injection in ionicabizau/node-gry

Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Create the following PoC file: js // poc.js const Repo = require"gry"; var myRepo = new Repo"."; myRepo.pull"test; touch HACKED; ", function...

1.3AI score
Exploits0
Huntr
Huntr
added 2020/04/03 12:0 a.m.15 views

Cross-Site Request Forgery (CSRF) in tuhinshubhra/extanalysis

Overview The ExtAnalysis project is vulnerable against various CSRFs, that could lead to loss of functionalities and placement of malicious files in arbitrary directories without knowledge of the victim. Proof of Concept Credit: Mik317 1. Download the git project and run the server through the...

0.7AI score
Exploits0
Huntr
Huntr
added 2026/02/17 8:26 p.m.14 views

Incomplete Fix for CVE-2025-10279: get_or_create_nfs_tmp_dir() Still Creates World-Writable (0o777) Directories Enabling Local Code Execution

Description Description CVE-2025-10279 huntr bounty 01d3b81e identified that MLflow's getorcreatetmpdir created temporary directories with world-writable permissions 0o777, enabling local attackers to tamper with model artifacts and achieve arbitrary code execution. The fix PR 17544, commit...

7.8CVSS7.4AI score0.00215EPSS
Exploits2
Huntr
Huntr
added 2023/10/11 4:53 p.m.14 views

memcpy-param-overlap in MP4Box

Description memcpy-param-overlap in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Asan 32mDashe...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/09/13 11:14 p.m.14 views

Admin account TakeOver

Description The endpoint api/system/update-env allows any authenticated users to change env variables of the back-end process : js process.envenvKey = value; The envKey value comes from here : js const envKey, checks = KEYMAPPINGkey; One of the value in the KEYMAPPING dictionnary is : js JWTSecre...

6.6AI score0.00633EPSS
Exploits1
Huntr
Huntr
added 2023/08/01 5:2 a.m.14 views

Pre-Auth SQLi leading to RCE in Social Media Skeleton v1.0

Summary A SQL Injection vulnerability exists in Social Media Skeleton v1.0 via the username and password parameters in admin/login.php. Not to be confused with login.php, which properly escapes special characters. Issue Description SQL injection SQLi is a code injection technique used to attack...

8.2AI score
Exploits0References5
Huntr
Huntr
added 2023/06/29 9:40 p.m.14 views

Open Redirect via deskDomain

Description This vulnerability occurs because the desired domain value can be inserted into the A tag through deskDomain manipulation. javascript if window.location.hash != null && window.location.hash.substring0, 9 == 'TICKETS' try var temp = JSON.parsedecodeURIComponent...

7AI score
Exploits0
Huntr
Huntr
added 2023/06/29 4:11 a.m.14 views

Remote Code Execution via File upload

Description In the theme settings function, any file can be uploaded without any filter, resulting in an arbitrary php file being uploaded. Proof of Concept POST /admin/theme/huraga HTTP/1.1 Host: localhost Content-Type: multipart/form-data;...

6.5CVSS6.9AI score0.00889EPSS
Exploits1References1
Huntr
Huntr
added 2023/06/28 12:9 p.m.14 views

Improper Authorization in Export role function

Description The application controls user rights incorrectly, leading to the attacker being able to collect sensitive information. Proof of Concept Step1: The administrator user accesses the user role management function and performs the 'export role' operation. Step2: Upon observation, a HTTP...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/06/24 5:14 p.m.14 views

Stored XSS

Description: The application contains a stored XSS vulnerability, which allows an attacker to inject and execute malicious scripts within the application. The vulnerability occurs due to improper input validation and output encoding mechanisms, which fail to adequately sanitize and encode...

6.5AI score
Exploits0
Huntr
Huntr
added 2023/06/19 2:56 p.m.14 views

Confidential information provided to user with no permissions

Description Unauthorized users are able to obtain sensitive information about the system's runtime environment, features they have no permissions to access, etc. Proof of Concept 1. create a new user without any permissions attached 2. do NOT assign any permissions to the user 2. do NOT add any...

4CVSS6.4AI score0.00551EPSS
Exploits1
Huntr
Huntr
added 2023/06/08 6:35 p.m.14 views

Stored XSS vulnerability

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept 1 Step1: The user has the right to access and perform the creation of surveys, with the payload...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/05/27 5:43 a.m.14 views

Reflected XSS Vulnerability at `_detail/?lang` parameter

Description Reflected XSS vulnerability allows attackers to exploit the trust placed by a web application in user-supplied input, such as query parameters or form fields. In this case, the vulnerability was found in the following URL: https://www.dokuwiki.org/detail/?lang=1"alertdocument.domain...

6.3AI score
Exploits0References1
Huntr
Huntr
added 2023/05/26 9:13 a.m.14 views

NULL Pointer Dereference in function xml_sax_append_string

Description NULL Pointer Dereference In utils/xmlparser.c:963 Environment No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal Version MP4Box - GPAC version 2.3-DEV-rev293-g56eed04c2-master c 2000-2023 Telecom Paris distributed under LG...

4.3CVSS6.6AI score0.00375EPSS
Exploits1References1
Huntr
Huntr
added 2023/05/07 8:48 p.m.14 views

Potential XSS in content script via StackOverflow about_me

Description Alby has a feature called "batteries", which makes tipping on third party sites easier, e.g. by detecting lightning network addresses and so donating using the extensions becomes easy. One of those sites is stackoverflow. The alby extension will use the stackoverflow/stackexchange API...

6.3AI score
Exploits0
Huntr
Huntr
added 2023/04/09 9:9 p.m.14 views

SQL injection in SegmentAssignmentController.php

Description An administrator user can use the inheritableSegments feature to execute his own blind SQL queries. Proof of Concept The vulnerable php code is in src/Controller/Admin/SegmentAssignmentController.php, on method inheritableSegments: The parameter type is not escaped and is added on the...

5.8CVSS7.9AI score0.00935EPSS
Exploits1
Huntr
Huntr
added 2023/03/29 5:45 p.m.14 views

AWS credentials exposure

Description app.diagrams.net allow the insertion of PlantUML objects. This feature is using an old and misconfigured version of PlantUML 1.2022.6, therefore, it is possible to exploit dangerous functions such as %getenv to read environment variables in the machine where PlantUML is running. I was...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/03/26 6:18 a.m.14 views

XSS in Quantity Value of Data Objects module in Settings

Description pimcore is vulnerable to XSS at Abbreviation and Longname fields in Quantity Value of Data Objects module in Settings. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left menu bar, go to Settings - Data Objects - Quantity Value. 3.In the...

4.9CVSS5.7AI score0.00403EPSS
Exploits1
Huntr
Huntr
added 2023/03/21 1:20 p.m.14 views

IDOR Vulnerability Allow the owner of one Organization can update anyother organization

1 first, we create two organizations: org1 and org2. The owner of them is user1 and user2 corresponding. 2 we login as user1 and update the org1, then we use burpsuit to get the post. 3 The first post will check user and we forward it. 4 The second post will edit content of organization and can b...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/03/13 1:52 a.m.14 views

Cross Site Scripting (XSS) in Assets

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.3CVSS5.9AI score0.00556EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/20 10:32 p.m.14 views

XSS on external links bypass filters

Description I recently found a bypass for external links that allows an attacker to inject javascript into external links Proof of Concept As an admin user Go to /front/link.form.php?id=1 Using a special character before the javascript:alert1 this bypasses the filters and the protocol still works...

6.7AI score
Exploits0References1
Huntr
Huntr
added 2023/02/03 7:34 a.m.14 views

Phar Deserialization of Untrusted Data

Description snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitra...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2023/01/23 11:32 p.m.14 views

stored HTML-Injection throuth the Question Form

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan [email protected] and I were able to identify another stored HTML-Injection Vulnerability in the Question Form. The Process of the...

7.5CVSS9AI score0.00886EPSS
Exploits0References1
Huntr
Huntr
added 2023/01/18 12:48 p.m.14 views

CSRF leading to delete a user

Description The deleting a user functionality is vulnerable to a CSRF attack. The cause is same with the deleting a domain functionality. Proof of Concept 1. Login as admin. 1. Create a user to be deleted. E.g. the user ID is 2. 1. Open the following file in the browser. html history.pushState'',...

4.3CVSS5AI score0.00386EPSS
Exploits1
Huntr
Huntr
added 2023/01/14 2:52 p.m.14 views

HTML Injection in add expense via transaction tab

Steps to reproduce After login into demo account, Go to the transaction page and there your can add or create an expense If your on the write path, while creating or adding an expense there will be description field In the Description field, enter the following payload Y00 and click save Now, you...

0.7AI score
Exploits0
Huntr
Huntr
added 2023/01/02 5:16 p.m.14 views

Stored XSS using two files

Description I uploaded two files first = js , second = html the first was js files with malicious script and get it's url and i added it to the second one as source for the script tag Proof of Concept // test.js alert"xss"; and assume its url = https://demo.usememos.com/o/r/9/test.js // test.html...

7AI score0.00438EPSS
Exploits1
Huntr
Huntr
added 2022/12/29 6:43 p.m.14 views

privilege escalation : Low access user can view Admin PRIVATE POST by using PIN functionality

Description Due to the privilege escalation issue Low access user can view Admin PRIVATE POST by abusing PIN functionality. PIN functionality is used to pin any post in TOP , by using the Low user Attacker can View the other & high privilege user PRIVATE POST , as per the flow its not PINNING any...

6.5CVSS7.1AI score0.00701EPSS
Exploits1
Huntr
Huntr
added 2022/12/26 7:12 p.m.14 views

Stored XSS via title, subtitle, footer and post title and content

Description The site is vulnerable to Stored XSS via Blog title, Blog subtitle and Blog footer. Proof of Concept - Login as Admin - Go to Administration Area - Option Set n the 3 fields a payload like this: alertdocument.domain Now go to the blog, and you'll see that 3 payloads actually fires: Al...

4.3CVSS5.1AI score0.00532EPSS
Exploits1
Huntr
Huntr
added 2022/12/20 3:46 p.m.14 views

Lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection

Description Lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/sshkeys 2 Add SSH key 3 Enter the name evil.com ...

5.8CVSS1.6AI score0.00485EPSS
Exploits1
Huntr
Huntr
added 2022/12/19 4:57 p.m.14 views

Cron execution command field allows attackers with admin privilege to execute OS command as root

Description - Cron execution command value is written into cronfile without any security protection mechanism. - If an attacker gained admin access, he/she can run OS command as root. Proof of Concept 1/ Navigate to http://webserver/froxlor/adminsettings.php?page=overview&part=crond 2/ In the Cro...

1AI score
Exploits0
Huntr
Huntr
added 2022/12/06 6:10 p.m.14 views

Reflected XSS in Advanced Ticket Search

Description Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScrip...

4.9CVSS5.8AI score0.01059EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/14 12:0 p.m.14 views

Agent can get inbox credentials through api

Description user with agent privileges can get access to sensitive inbox details through api Proof of Concept 1. Create normal user with agent privileges 2. get api key for this user 3. use endpoint https://www.chatwoot.com/developers/api/tag/Inboxes/operation/listAllInboxes 4. if inbox is...

Exploits0
Huntr
Huntr
added 2022/09/26 6:52 p.m.14 views

Bypassing application logic to set a blank password

Description As you many observe that rdiffweb strictly has a password policy where it prompts out that the password should be between 8 and 128 characters . But the application does not filter blank spaces used in a password Proof of Concept 1 Go to https://rdiffweb-demo.ikus-soft.com/prefs/gener...

4CVSS0.2AI score0.0055EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/24 7:38 a.m.14 views

Stored Cross-Site Scripting (XSS) in the parameters "host", "desc", "group" and "newgroup" of the section "Webmin Servers Index"

Description In Webmin version 2.001 it was identified in the "Webmin Servers Index" section that the data collected from the user in the "host", "desc", "group" and "newgroup" parameters is not properly sanitized thus allowing potential attackers to insert JavaScript code that enables exploitatio...

1.4AI score
Exploits0
Huntr
Huntr
added 2022/09/21 6:20 p.m.14 views

Stored Cross-Site Scripting (XSS)

Description There is insufficient input validation in the pop-up notifications. Proof of Concept Steps to reproduce: 1. Log in to an admin account 2. Click on Ports - Manage Groups 3. Create a new Port Group with the Name alertdocument.location and an arbitrary Description 4. The XSS is triggered...

4.3CVSS0.8AI score0.93343EPSS
Exploits0
Huntr
Huntr
added 2022/09/20 1:41 p.m.14 views

Secure token is missed when ivalid URL is entered

Description The cookie sessionid does not have secure attribute when the URL is invalid Proof of Concept 1.Login into the application. 2.Send the request https://rdiffweb-demo.ikus-soft.com/browse/admin/MyWindowsLaptop/D/TC3080/test...

5CVSS0.7AI score0.00396EPSS
Exploits1
Total number of security vulnerabilities4072