Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/08/28 8:23 p.m.14 views

SQL INJECTION

Summary The user can submit an SQL query directly to the database, gaining access without providing appropriate credentials. Attackers can then view, export, modify, and delete confidential information; change passwords and other authentication information; and possibly gain access to other syste...

5AI score
Exploits0
Huntr
Huntr
added 2022/08/03 4:25 p.m.14 views

Lack of Maximum Characters Length Validation on `Assignment Title` Input

Hello, Description The Assignment Title input is not being validated against a large number of characters added in it's value. This allows to initiate large number of characters and very big text inside the page. Proof of Concept 1. Navigate to Assignments section:...

7AI score
Exploits0References1
Huntr
Huntr
added 2022/08/02 5:52 p.m.14 views

IDOR leads to delete messages in Message Center of others.

Description I observed that users can delete messages in other's Message Center by changing deleteid parameter to deleteid value of message which belongs to other. Step: - Login with Physician account and determine deleteid of messages in Physician's Message Center - Login with Clinician account....

1AI score
Exploits0
Huntr
Huntr
added 2022/08/02 1:47 p.m.14 views

No password brute-force protection on login page

Description The login page doesn't have any protection against a brute-force password attack, which allows an attacker to try every possible password combination without any restriction. Proof of Concept 1. 1 - Send a login request of the target user POST http://localhost:3000/api/access-tokens...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/07/27 11:31 a.m.14 views

UnAuthenticated SQL Injection

Proof of Concept POC: Vendor Domain Print version: https://yeswiki.net/?AccueiL/rss&id=1%27+and+extractvalue0x0a,concat0x0a,select+version--+- Print Database: https://yeswiki.net/?AccueiL/rss&id=1%27+and+extractvalue0x0a,concat0x0a,select+database--+- Print User:...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/07/21 3:40 p.m.14 views

Cross-site Scripting via link creation bypass filter javascript scheme

Description The markdown's link creation feature allows inserting paths containing javascript scheme bypass filter javascript scheme via add https scheme prefix, so this flaw lead to XSS vulnerability. The payload used is the following: Proof of Concept Step to reproduct 1. Create new document 2...

6.2AI score
Exploits0References1
Huntr
Huntr
added 2022/07/11 9:6 a.m.14 views

Cross-Site Request Forgery (CSRF)

Description An attacker is able to download data from a user via the CSV Export function. The export will include all the books on your shelves, books you have reviewed, and books with reading activity. Vulnerable URL https://bookwyrm.social/preferences/export/file Proof of Concept...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/07/06 2:3 a.m.14 views

Email enumeration via Reset password page

Description Through the Reset password page, an attacker can know that if an email exists or not; just by observing the notification in the response page. So, once the attacker knows that an email exists, he can launch a brute force attack against it. If an email exists: The notification will be ...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/07/02 4:58 p.m.14 views

Stored XSS in profile settings.

Description Stored XSS via "Website" box in Profile Settings. Proof of Concept Go to profile settings, put the following payload in the "website" box : google.com" Save, and see the xss triggered !...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/06/28 12:13 a.m.14 views

Reflected XSS in type url parameter

Description The application has a reflected xss vulnerability in the url parameter type. Proof of Concept // PoC.js var payload = "alertdocument.cookie...

1.6AI score
Exploits0References1
Huntr
Huntr
added 2022/06/14 8:38 a.m.14 views

Multiple user creation with the same email Id via existing verification bypass

Hello team, while i was checking on the nakama dashboard as an Administrator i noticed that we can bypass the existing verification and create multiple user with same email id Steps to reproduce: 1. Open the dashboard as an adminuser and go to the user management form http://site.com//users 2...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2022/06/14 1:31 a.m.14 views

Stored Cross-site Scripting (XSS) via SVG file upload in courses.

Description An attacker can upload and store a malicious SVG file in work forms and execute client side JavaScript code when opened. Replication Steps and Proof of Concept We create a file named file.svg containing the following: // We upload the file in an active work assignment inside any cours...

2.5AI score
Exploits0
Huntr
Huntr
added 2022/05/12 6:57 a.m.14 views

Register users in spite of Allow User Registration disabled

Description Attacker can register a user in spite of the Allow User Registration is disable by default. Proof of Concept 1. Go to /captcha, get the captcha value and cookie. 2. Send POST request to /api/v1/public/account/create with the value of captcha and cookie in step 1. //POST...

1.3AI score
Exploits0
Huntr
Huntr
added 2022/04/30 5:35 p.m.14 views

Cross-site Scripting (XSS) - Reflected

Description The listmonk application is vulnerable to reflected XSS in Partial SQL expression to query subscriber attributes. Proof of Concept 1.Go to "Subscribers" - "All subscribers" - "Advanced" 2.Put this payload: " in the input filed. 3.Now click on Query then XSS will pop-up Video POC...

1.8AI score
Exploits0
Huntr
Huntr
added 2022/04/29 7:13 a.m.14 views

Improper Access Control (IDOR)

Description Any user even user without account can view any student photos through student's id. Proof of Concept Access this URL https://www.rosariosis.org/demonstration/assets/StudentPhotos/2021/studentid.jpg - Attacker can see a student personal photo even without school's account student's id...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/04/27 5:42 p.m.14 views

Cross-site scripting - Stored via upload ".cad" file

Description When user upload file with .cad extension in white-list, server will stored .cad file at userfiles/media/default/, so we can direct access. Becase when access this file, server not reponse with Content-type header, so this file can execute javascript code as Content-type: text/html...

7.3AI score
Exploits0References1
Huntr
Huntr
added 2022/04/27 4:26 a.m.14 views

Cross-site Scripting (XSS) - Stored via htm file upload

Description rosariosis is vulnerable to Stored XSS in the File upload in Assignments by uploading an htm file with the javascript code inside. Proof-of-Concept phish.htm Test Upload File Test upload alert1 Step to reproduce From attacker side student 1.Login to the demo environment by student...

6.1AI score
Exploits0
Huntr
Huntr
added 2022/04/26 6:55 p.m.14 views

Insecure Storage of Sensitive Information

Description When the user uploads his profile picture, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of Scoold users like their Geolocation, their Device information like Device Name, Version, Software & Software version used,...

0.2AI score0.01961EPSS
Exploits1References5
Huntr
Huntr
added 2022/04/22 2:29 p.m.14 views

Remote access to another's conversation based on their email address

System: - Chatwoot 2.4.1, self-hosted - User identity validation is enabled - Each client has a unique identifier and a corresponding valid hmac Description User B can impersonate User A and access his chat history by filling in user A's email address in the setUser despite that the two users do...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/04/20 3:30 p.m.14 views

no spoofing protection on email domain (No Valid SPF Records.)

What Is SPF/TXT Records? An SPF record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain. Checking...

7AI score
Exploits0References2
Huntr
Huntr
added 2022/04/13 1:47 a.m.14 views

librenms alert-rules Stored XSS

Description Please enter a description of the vulnerability. 1 . Go to http://SERVER/device-group and Create New-device Group 2 . Input Name parameter following XSS payload and save payload 1 3 . Go to http://SERVER/alert-rules and add Rule. You can choose the Device group that contains XSS paylo...

5.8CVSS5AI score0.00519EPSS
Exploits0References1
Huntr
Huntr
added 2022/04/11 9:40 a.m.14 views

libde265 1.0.8, was discovered to contain a heap-use-after-free in put_qpel_fallback

Description libde265 1.0.8, was discovered to contain a heap-use-after-free in putqpelfallback fallback-motion.cc ENV - Version : 1.0.8 - Commit : 45904e5667c5bf59c67fcdc586dfba110832894c - OS : Ubuntu 18.04 - Configure : cmake -DCMAKEBUILDTYPE=Debug -DCMAKECXXCOMPILER=clang++-10...

7.4AI score
Exploits0
Huntr
Huntr
added 2022/03/26 7:29 p.m.14 views

Open Redirect (Bypass Of #59d7c660-744c-4fee-88b7-6117b6846aea)

Description Hello everyone, I found an Open Redirect on linkding on remove a bookmark functionality, it is a bypass of a previously submitted report, when users are tricked into visiting the vulnerable link, they will immediately redirected to arbitrary hosts. Proof of Concept - Just visit the...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/03/19 12:22 p.m.14 views

ReDoS in is-it-check

✍️ Description It allows causing a denial of service when checking crafted invalid URLs. 🕵️‍♂️ Proof of Concept // PoC.js var isItCheck = require"is-it-check" isItCheck.url'H'+'.A8'.repeat40...

2.8AI score
Exploits0
Huntr
Huntr
added 2022/03/08 5:45 p.m.14 views

Untrusted Search Path

Description A current working directory type of DLL hijacking vulnerability is found in all executbales in ventoy-1.0.70-windows.zip, including: 1 Ventoy2Disk.exe 2 VentoyPlugson.exe 3 VentoyVlnk.exe Proof of Concept Step 1 : Craft a malicious x86 dll named as "TextShaping.dll" and place in the...

1.5AI score
Exploits0References2
Huntr
Huntr
added 2022/03/04 11:39 a.m.14 views

protocol spoofing

Description I found a vulnerability that incorrectly parses the protocol when using a javascript scheme. javascript location.href = 'javasript:https://google.com/%0aalert1' First, you can check that the above URL executes the script normally through the above code. txt - node.js ❯ node -e...

Exploits0
Huntr
Huntr
added 2022/02/21 5:28 a.m.14 views

NULL Pointer Dereference

Description NULL Pointer Dereference in MP4BOX Command MP4Box -info POC6 POC6 is here. ASAN result iso file Unknown box type url@ in parent dref iso file Unknown box type traj in parent moov iso file Unknown box type 80rak in parent moov iso file Incomplete box mdat - start 11495 size 901165 iso...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/02/08 12:44 p.m.14 views

in mruby/mruby

Description commit 4e8ab145da52c3cfb0bd4b823df8041dcc52f454 Author: Yukihiro "Matz" Matsumoto Date: Tue Feb 8 13:03:51 2022 +0900 Proof of Concept sh $ echo -ne "e30KWyoqMCxtOjBdBHM9MDYudGl0ZXN7My7+////c3slXSN7W11lYWsKYj17fQpbKiowLG06MF3/...

6.4CVSS2AI score0.01612EPSS
Exploits1
Huntr
Huntr
added 2022/02/05 9:39 a.m.14 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Stored XSS at the Message field in the Personal canned message tab of the User account page. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to User account page https://demo.livehelperchat.com/siteadmin/user/account 2.Switch ...

3.5CVSS5.4AI score0.00607EPSS
Exploits1
Huntr
Huntr
added 2022/02/04 5:16 a.m.14 views

in vim/vim

Description Floating point error in tabstopfromto. commit : 7676c158798a7c90f500cab2c12af0d47bad6026 Proof of Concept $ echo -ne "bm9ybTBvMDD/MDAwMDAwMDAwMDAwMDAwMDAwMApzaWwhbm9ybRZjMDAwCQpmdSBSZXRhYihnLG4p Cm8KZXhlInJldCJhOm4KZW5kZgpjYWwgbCgiIixSZXRhYigwLDQpCnNlIHRhYnN0b3A9NTAwMDAw...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/01/28 5:51 a.m.14 views

Open Redirect in alanaktion/phproject

Description Bypass open redirect protection Proof of Concept patch for this report https://huntr.dev/bounties/1183df1a-5243-42f9-a263-267b92444b03/ easily can be bypassed Bypass url https://demo.phproject.org/login?to=//example.com...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/01/24 3:47 a.m.14 views

Improper Authentication in liukuo362573/yishaadmin

Description Hi there, there is another improper authorization at /admin/SystemManage/LogOperate/GetFormJson, this will allow anyone to view yishaadmin log without logging in. Proof of Concept 1. Access the link http://106.14.124.170/admin/SystemManage/LogOperate/GetFormJson?id=405689053455847424...

1AI score
Exploits0
Huntr
Huntr
added 2022/01/10 4:48 a.m.14 views

Cross-site Scripting (XSS) - Generic in projectsend/projectsend

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/12/30 9:35 a.m.14 views

Cross-site Scripting (XSS) - Stored in convos-chat/convos

Description I found a way to bypass the Stored XSS via uploading File with format .svg when chatting in private conversation. Since you have filtered the content of the svg file as below: state $RULES = svg = qr Steps to Reproduce 1.After login, go to any private conversation. 2.In the chat bar,...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/12/29 7:43 p.m.14 views

Improper Access Control in crater-invoice/crater

Description In recent Crater version faf1ef09 tag: 5.0.6 I discovered, that not authenticated user can download all expense receipts uploaded to any company. Proof of Concept Python import requests for i in range1, 100: r = requests.getf'http://172.17.0.1:8080/expenses/i/download-receipt' if...

5CVSS5.5AI score0.01213EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/23 11:15 a.m.14 views

Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework

Description Stored cross site scripting vulnerability in pimcore app, name and description field field is vulnerable to xss in customer automation rules. Proof of Concept 1 .login to the account 2 .go to customers -- customer automation rules -- Add payload in name field. 3 .payload " Impact This...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/12/11 9:12 a.m.14 views

Improper Privilege Management in patrowl/patrowlmanager

Description Hi there, I would like to report an improper privilege management in PatrowlManager - it's an IDOR. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format of import, for example: import11639213059582.json This filename is...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/12/03 10:1 p.m.14 views

in crater-invoice/crater

Description In recent Crater version ed6268aa tag: 5.0.3 lowest privileged user can upload PHP file instead of avatar. Proof of Concept POST /api/v1/me/upload-avatar HTTP/1.1 Host: 172.17.0.1:8888 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:95.0 Gecko/20100101 Firefox/95.0 Accept: /...

6.5CVSS0.5AI score0.01474EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/15 5:47 a.m.14 views

in jitsi/jicofo

Description misconfigurations of nginx lead to a path traversal vulnerability. Proof of Concept according to https://github.com/jitsi/jicofo/blob/master/doc/shibboleth.md?plain=1L251 a request to /shibboleth-sp../ can get any file under /usr/share Impact An attacker can access files on the web...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/11/15 2:53 a.m.14 views

Path Traversal in welliamcao/opsmanage

漏洞 README.md文件中的nginx配置存在安全漏洞,导致恶意攻击者可以任意读取项目中的文件。 POC 对于github上的demo地址,一种可行的攻击方式为: http://42.194.214.22:8000/static../ 可以看到读取到整个项目的文件。如果用户对该项目进行过二开,并在init.sql,conf/中写入了一些敏感信息,可能造成较大危害 影响 攻击者可以读取项目目录下任意文件...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/11/08 1:16 p.m.14 views

Cross-site Scripting (XSS) - Stored in patrowl/patrowlmanager

Description PatrOwl is vulnerable to stored XSS. Proof of Concept Impact This vulnerability permit to an authenticate user to execute JavaScript on other users Web Browser...

3AI score
Exploits0References1
Huntr
Huntr
added 2021/10/31 8:46 p.m.14 views

Cross-site Scripting (XSS) - Reflected in tsolucio/corebos

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept. // PoC.js Link --...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/10/17 6:55 p.m.14 views

Cross-Site Request Forgery (CSRF) in kunstmaan/kunstmaanbundlescms

Description There is exist multiple high impact CSRF that attacker can delete many part of applications contents. I provide the full list of CSRFs vulnerable endpoints for you. because the number of endpoints are too many I don't put the PoC.html of all of the vulnerable endpoints...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/10/16 1:12 p.m.14 views

Inefficient Regular Expression Complexity in stylelint/stylelint

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in stylelint. It allows causing a denial of service when calling function isKeyframeSelector. Proof of Concept // PoC.js var isKeyframeSelector = require"stylelint/lib/utils/isKeyframeSelector" forvar i ...

2.9AI score
Exploits0
Huntr
Huntr
added 2021/10/12 6:44 a.m.14 views

in flatcore/flatcore-cms

Description Even with $fcuploadaddons = false, an attacker can still upload files by making the post request Proof of Concept 1 Enable $fcuploadaddons = true. 2 Upload a PHP file, but do not send. 3 Disable $fcuploadaddons = true. 4 Send the file upload request. See that the file is still being...

8.2AI score
Exploits0
Huntr
Huntr
added 2021/10/12 6:6 a.m.14 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

Description Multiple Stored XSS on featuers 'Milestones' , 'Research', 'Retrospective' at Leantime 2.1.8 Proof of Concept // PoC.req POST /leantime/public/tickets/editMilestone/ HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101 Firefox/94.0...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/10/08 11:49 a.m.14 views

Cross-site Scripting (XSS) - Stored in fisharebest/webtrees

Description Stored XSS via upload file .svg allows for arbitrary execution of JavaScript Proof of Concept // PoC.req POST /demo-dev/tree/demo/add-media-file/X9222 HTTP/2 Host: dev.webtrees.net Cookie: Secure-WT-ID=63trarcpiic93psog3t8okts4h User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15;...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/10/08 4:19 a.m.14 views

Cross-Site Request Forgery (CSRF) in kunstmaan/kunstmaanbundlescms

Description Cross site request forgery in Kunstmaan/KunstmaanBundlesCMS Proof of Concept 1. Delete function in "redirects" feature -- vulnarebility is in parameter id document.forms0.submit; Impact In a successful CSRF attack, the attacker causes the victim user to carry out an action...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2021/10/05 2:26 p.m.14 views

Use of a Broken or Risky Cryptographic Algorithm in anonaddy/anonaddy

Description MD5 and SHA-1 are popular cryptographic hash algorithms often used to verify the integrity of messages and other data. Recent advances in cryptanalysis have discovered weaknesses in both algorithms. Consequently, MD5 and SHA-1 should no longer be relied upon to verify the authenticity...

0.2AI score
Exploits0References2
Huntr
Huntr
added 2021/10/05 9:3 a.m.14 views

in erikdubbelboer/phpredisadmin

Description $response is a salted md5 hash generated based on the concatenated hashed of credentials with other parameters. It has been discovered that $response compares with $data'response' using comparison operator != in file login.inc.php. This might cause unexpected behavior due to type...

0.6AI score
Exploits0References1
Total number of security vulnerabilities4072