Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/09/26 6:52 p.m.14 views

Bypassing application logic to set a blank password

Description As you many observe that rdiffweb strictly has a password policy where it prompts out that the password should be between 8 and 128 characters . But the application does not filter blank spaces used in a password Proof of Concept 1 Go to https://rdiffweb-demo.ikus-soft.com/prefs/gener...

4CVSS0.2AI score0.00566EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/24 7:38 a.m.14 views

Stored Cross-Site Scripting (XSS) in the parameters "host", "desc", "group" and "newgroup" of the section "Webmin Servers Index"

Description In Webmin version 2.001 it was identified in the "Webmin Servers Index" section that the data collected from the user in the "host", "desc", "group" and "newgroup" parameters is not properly sanitized thus allowing potential attackers to insert JavaScript code that enables exploitatio...

1.4AI score
Exploits0
Huntr
Huntr
added 2022/09/21 6:20 p.m.14 views

Stored Cross-Site Scripting (XSS)

Description There is insufficient input validation in the pop-up notifications. Proof of Concept Steps to reproduce: 1. Log in to an admin account 2. Click on Ports - Manage Groups 3. Create a new Port Group with the Name alertdocument.location and an arbitrary Description 4. The XSS is triggered...

4.3CVSS0.8AI score0.93343EPSS
Exploits0
Huntr
Huntr
added 2022/09/20 1:41 p.m.14 views

Secure token is missed when ivalid URL is entered

Description The cookie sessionid does not have secure attribute when the URL is invalid Proof of Concept 1.Login into the application. 2.Send the request https://rdiffweb-demo.ikus-soft.com/browse/admin/MyWindowsLaptop/D/TC3080/test...

5CVSS0.7AI score0.00396EPSS
Exploits1
Huntr
Huntr
added 2022/08/28 8:23 p.m.14 views

SQL INJECTION

Summary The user can submit an SQL query directly to the database, gaining access without providing appropriate credentials. Attackers can then view, export, modify, and delete confidential information; change passwords and other authentication information; and possibly gain access to other syste...

5AI score
Exploits0
Huntr
Huntr
added 2022/08/03 4:25 p.m.14 views

Lack of Maximum Characters Length Validation on `Assignment Title` Input

Hello, Description The Assignment Title input is not being validated against a large number of characters added in it's value. This allows to initiate large number of characters and very big text inside the page. Proof of Concept 1. Navigate to Assignments section:...

7AI score
Exploits0References1
Huntr
Huntr
added 2022/08/02 5:52 p.m.14 views

IDOR leads to delete messages in Message Center of others.

Description I observed that users can delete messages in other's Message Center by changing deleteid parameter to deleteid value of message which belongs to other. Step: - Login with Physician account and determine deleteid of messages in Physician's Message Center - Login with Clinician account....

1AI score
Exploits0
Huntr
Huntr
added 2022/08/02 1:47 p.m.14 views

No password brute-force protection on login page

Description The login page doesn't have any protection against a brute-force password attack, which allows an attacker to try every possible password combination without any restriction. Proof of Concept 1. 1 - Send a login request of the target user POST http://localhost:3000/api/access-tokens...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/07/27 11:31 a.m.14 views

UnAuthenticated SQL Injection

Proof of Concept POC: Vendor Domain Print version: https://yeswiki.net/?AccueiL/rss&id=1%27+and+extractvalue0x0a,concat0x0a,select+version--+- Print Database: https://yeswiki.net/?AccueiL/rss&id=1%27+and+extractvalue0x0a,concat0x0a,select+database--+- Print User:...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/07/21 3:40 p.m.14 views

Cross-site Scripting via link creation bypass filter javascript scheme

Description The markdown's link creation feature allows inserting paths containing javascript scheme bypass filter javascript scheme via add https scheme prefix, so this flaw lead to XSS vulnerability. The payload used is the following: Proof of Concept Step to reproduct 1. Create new document 2...

6.2AI score
Exploits0References1
Huntr
Huntr
added 2022/07/11 9:6 a.m.14 views

Cross-Site Request Forgery (CSRF)

Description An attacker is able to download data from a user via the CSV Export function. The export will include all the books on your shelves, books you have reviewed, and books with reading activity. Vulnerable URL https://bookwyrm.social/preferences/export/file Proof of Concept...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/07/06 2:3 a.m.14 views

Email enumeration via Reset password page

Description Through the Reset password page, an attacker can know that if an email exists or not; just by observing the notification in the response page. So, once the attacker knows that an email exists, he can launch a brute force attack against it. If an email exists: The notification will be ...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/07/02 4:58 p.m.14 views

Stored XSS in profile settings.

Description Stored XSS via "Website" box in Profile Settings. Proof of Concept Go to profile settings, put the following payload in the "website" box : google.com" Save, and see the xss triggered !...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/06/28 12:13 a.m.14 views

Reflected XSS in type url parameter

Description The application has a reflected xss vulnerability in the url parameter type. Proof of Concept // PoC.js var payload = "alertdocument.cookie...

1.6AI score
Exploits0References1
Huntr
Huntr
added 2022/06/14 8:38 a.m.14 views

Multiple user creation with the same email Id via existing verification bypass

Hello team, while i was checking on the nakama dashboard as an Administrator i noticed that we can bypass the existing verification and create multiple user with same email id Steps to reproduce: 1. Open the dashboard as an adminuser and go to the user management form http://site.com//users 2...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2022/06/14 1:31 a.m.14 views

Stored Cross-site Scripting (XSS) via SVG file upload in courses.

Description An attacker can upload and store a malicious SVG file in work forms and execute client side JavaScript code when opened. Replication Steps and Proof of Concept We create a file named file.svg containing the following: // We upload the file in an active work assignment inside any cours...

2.5AI score
Exploits0
Huntr
Huntr
added 2022/05/12 6:57 a.m.14 views

Register users in spite of Allow User Registration disabled

Description Attacker can register a user in spite of the Allow User Registration is disable by default. Proof of Concept 1. Go to /captcha, get the captcha value and cookie. 2. Send POST request to /api/v1/public/account/create with the value of captcha and cookie in step 1. //POST...

1.3AI score
Exploits0
Huntr
Huntr
added 2022/04/30 5:35 p.m.14 views

Cross-site Scripting (XSS) - Reflected

Description The listmonk application is vulnerable to reflected XSS in Partial SQL expression to query subscriber attributes. Proof of Concept 1.Go to "Subscribers" - "All subscribers" - "Advanced" 2.Put this payload: " in the input filed. 3.Now click on Query then XSS will pop-up Video POC...

1.8AI score
Exploits0
Huntr
Huntr
added 2022/04/29 7:13 a.m.14 views

Improper Access Control (IDOR)

Description Any user even user without account can view any student photos through student's id. Proof of Concept Access this URL https://www.rosariosis.org/demonstration/assets/StudentPhotos/2021/studentid.jpg - Attacker can see a student personal photo even without school's account student's id...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/04/27 5:42 p.m.14 views

Cross-site scripting - Stored via upload ".cad" file

Description When user upload file with .cad extension in white-list, server will stored .cad file at userfiles/media/default/, so we can direct access. Becase when access this file, server not reponse with Content-type header, so this file can execute javascript code as Content-type: text/html...

7.3AI score
Exploits0References1
Huntr
Huntr
added 2022/04/27 4:26 a.m.14 views

Cross-site Scripting (XSS) - Stored via htm file upload

Description rosariosis is vulnerable to Stored XSS in the File upload in Assignments by uploading an htm file with the javascript code inside. Proof-of-Concept phish.htm Test Upload File Test upload alert1 Step to reproduce From attacker side student 1.Login to the demo environment by student...

6.1AI score
Exploits0
Huntr
Huntr
added 2022/04/26 6:55 p.m.14 views

Insecure Storage of Sensitive Information

Description When the user uploads his profile picture, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of Scoold users like their Geolocation, their Device information like Device Name, Version, Software & Software version used,...

0.2AI score0.01961EPSS
Exploits1References5
Huntr
Huntr
added 2022/04/22 2:29 p.m.14 views

Remote access to another's conversation based on their email address

System: - Chatwoot 2.4.1, self-hosted - User identity validation is enabled - Each client has a unique identifier and a corresponding valid hmac Description User B can impersonate User A and access his chat history by filling in user A's email address in the setUser despite that the two users do...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/04/20 3:30 p.m.14 views

no spoofing protection on email domain (No Valid SPF Records.)

What Is SPF/TXT Records? An SPF record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain. Checking...

7AI score
Exploits0References2
Huntr
Huntr
added 2022/04/13 1:47 a.m.14 views

librenms alert-rules Stored XSS

Description Please enter a description of the vulnerability. 1 . Go to http://SERVER/device-group and Create New-device Group 2 . Input Name parameter following XSS payload and save payload 1 3 . Go to http://SERVER/alert-rules and add Rule. You can choose the Device group that contains XSS paylo...

5.8CVSS5AI score0.00519EPSS
Exploits0References1
Huntr
Huntr
added 2022/04/11 9:40 a.m.14 views

libde265 1.0.8, was discovered to contain a heap-use-after-free in put_qpel_fallback

Description libde265 1.0.8, was discovered to contain a heap-use-after-free in putqpelfallback fallback-motion.cc ENV - Version : 1.0.8 - Commit : 45904e5667c5bf59c67fcdc586dfba110832894c - OS : Ubuntu 18.04 - Configure : cmake -DCMAKEBUILDTYPE=Debug -DCMAKECXXCOMPILER=clang++-10...

7.4AI score
Exploits0
Huntr
Huntr
added 2022/03/26 7:29 p.m.14 views

Open Redirect (Bypass Of #59d7c660-744c-4fee-88b7-6117b6846aea)

Description Hello everyone, I found an Open Redirect on linkding on remove a bookmark functionality, it is a bypass of a previously submitted report, when users are tricked into visiting the vulnerable link, they will immediately redirected to arbitrary hosts. Proof of Concept - Just visit the...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/03/19 12:22 p.m.14 views

ReDoS in is-it-check

✍️ Description It allows causing a denial of service when checking crafted invalid URLs. 🕵️‍♂️ Proof of Concept // PoC.js var isItCheck = require"is-it-check" isItCheck.url'H'+'.A8'.repeat40...

2.8AI score
Exploits0
Huntr
Huntr
added 2022/03/08 5:45 p.m.14 views

Untrusted Search Path

Description A current working directory type of DLL hijacking vulnerability is found in all executbales in ventoy-1.0.70-windows.zip, including: 1 Ventoy2Disk.exe 2 VentoyPlugson.exe 3 VentoyVlnk.exe Proof of Concept Step 1 : Craft a malicious x86 dll named as "TextShaping.dll" and place in the...

1.5AI score
Exploits0References2
Huntr
Huntr
added 2022/03/04 11:39 a.m.14 views

protocol spoofing

Description I found a vulnerability that incorrectly parses the protocol when using a javascript scheme. javascript location.href = 'javasript:https://google.com/%0aalert1' First, you can check that the above URL executes the script normally through the above code. txt - node.js ❯ node -e...

Exploits0
Huntr
Huntr
added 2022/02/21 5:28 a.m.14 views

NULL Pointer Dereference

Description NULL Pointer Dereference in MP4BOX Command MP4Box -info POC6 POC6 is here. ASAN result iso file Unknown box type url@ in parent dref iso file Unknown box type traj in parent moov iso file Unknown box type 80rak in parent moov iso file Incomplete box mdat - start 11495 size 901165 iso...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/02/08 12:44 p.m.14 views

in mruby/mruby

Description commit 4e8ab145da52c3cfb0bd4b823df8041dcc52f454 Author: Yukihiro "Matz" Matsumoto Date: Tue Feb 8 13:03:51 2022 +0900 Proof of Concept sh $ echo -ne "e30KWyoqMCxtOjBdBHM9MDYudGl0ZXN7My7+////c3slXSN7W11lYWsKYj17fQpbKiowLG06MF3/...

6.4CVSS2AI score0.01637EPSS
Exploits1
Huntr
Huntr
added 2022/02/05 9:39 a.m.14 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Stored XSS at the Message field in the Personal canned message tab of the User account page. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to User account page https://demo.livehelperchat.com/siteadmin/user/account 2.Switch ...

3.5CVSS5.4AI score0.00607EPSS
Exploits1
Huntr
Huntr
added 2022/02/04 5:16 a.m.14 views

in vim/vim

Description Floating point error in tabstopfromto. commit : 7676c158798a7c90f500cab2c12af0d47bad6026 Proof of Concept $ echo -ne "bm9ybTBvMDD/MDAwMDAwMDAwMDAwMDAwMDAwMApzaWwhbm9ybRZjMDAwCQpmdSBSZXRhYihnLG4p Cm8KZXhlInJldCJhOm4KZW5kZgpjYWwgbCgiIixSZXRhYigwLDQpCnNlIHRhYnN0b3A9NTAwMDAw...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/01/28 5:51 a.m.14 views

Open Redirect in alanaktion/phproject

Description Bypass open redirect protection Proof of Concept patch for this report https://huntr.dev/bounties/1183df1a-5243-42f9-a263-267b92444b03/ easily can be bypassed Bypass url https://demo.phproject.org/login?to=//example.com...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/01/24 3:47 a.m.14 views

Improper Authentication in liukuo362573/yishaadmin

Description Hi there, there is another improper authorization at /admin/SystemManage/LogOperate/GetFormJson, this will allow anyone to view yishaadmin log without logging in. Proof of Concept 1. Access the link http://106.14.124.170/admin/SystemManage/LogOperate/GetFormJson?id=405689053455847424...

1AI score
Exploits0
Huntr
Huntr
added 2022/01/10 4:48 a.m.14 views

Cross-site Scripting (XSS) - Generic in projectsend/projectsend

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/12/30 9:35 a.m.14 views

Cross-site Scripting (XSS) - Stored in convos-chat/convos

Description I found a way to bypass the Stored XSS via uploading File with format .svg when chatting in private conversation. Since you have filtered the content of the svg file as below: state $RULES = svg = qr Steps to Reproduce 1.After login, go to any private conversation. 2.In the chat bar,...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/12/29 7:43 p.m.14 views

Improper Access Control in crater-invoice/crater

Description In recent Crater version faf1ef09 tag: 5.0.6 I discovered, that not authenticated user can download all expense receipts uploaded to any company. Proof of Concept Python import requests for i in range1, 100: r = requests.getf'http://172.17.0.1:8080/expenses/i/download-receipt' if...

5CVSS5.5AI score0.01213EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/23 11:15 a.m.14 views

Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework

Description Stored cross site scripting vulnerability in pimcore app, name and description field field is vulnerable to xss in customer automation rules. Proof of Concept 1 .login to the account 2 .go to customers -- customer automation rules -- Add payload in name field. 3 .payload " Impact This...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/12/17 4:39 a.m.14 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description livehelperchat is vulnerable to stored XSS in users profile setting where username, password, repeat password, nickname, name, surname, job title fields are vulnerable to stored XSS. Proof of Concept this.constructor.constructor'alert"foo"' Enter the given payload in the above-mention...

3.5CVSS1.1AI score0.00634EPSS
Exploits1
Huntr
Huntr
added 2021/12/11 9:12 a.m.14 views

Improper Privilege Management in patrowl/patrowlmanager

Description Hi there, I would like to report an improper privilege management in PatrowlManager - it's an IDOR. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format of import, for example: import11639213059582.json This filename is...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/12/03 10:1 p.m.14 views

in crater-invoice/crater

Description In recent Crater version ed6268aa tag: 5.0.3 lowest privileged user can upload PHP file instead of avatar. Proof of Concept POST /api/v1/me/upload-avatar HTTP/1.1 Host: 172.17.0.1:8888 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:95.0 Gecko/20100101 Firefox/95.0 Accept: /...

6.5CVSS0.5AI score0.01474EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/15 7:43 a.m.14 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

Description CSRF in deleting invoice templates Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking admin user to delete invoice templates...

4.3CVSS0.9AI score0.00382EPSS
Exploits1
Huntr
Huntr
added 2021/11/15 5:47 a.m.14 views

in jitsi/jicofo

Description misconfigurations of nginx lead to a path traversal vulnerability. Proof of Concept according to https://github.com/jitsi/jicofo/blob/master/doc/shibboleth.md?plain=1L251 a request to /shibboleth-sp../ can get any file under /usr/share Impact An attacker can access files on the web...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/11/15 2:53 a.m.14 views

Path Traversal in welliamcao/opsmanage

漏洞 README.md文件中的nginx配置存在安全漏洞,导致恶意攻击者可以任意读取项目中的文件。 POC 对于github上的demo地址,一种可行的攻击方式为: http://42.194.214.22:8000/static../ 可以看到读取到整个项目的文件。如果用户对该项目进行过二开,并在init.sql,conf/中写入了一些敏感信息,可能造成较大危害 影响 攻击者可以读取项目目录下任意文件...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/11/08 1:16 p.m.14 views

Cross-site Scripting (XSS) - Stored in patrowl/patrowlmanager

Description PatrOwl is vulnerable to stored XSS. Proof of Concept Impact This vulnerability permit to an authenticate user to execute JavaScript on other users Web Browser...

3AI score
Exploits0References1
Huntr
Huntr
added 2021/10/31 8:46 p.m.14 views

Cross-site Scripting (XSS) - Reflected in tsolucio/corebos

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept. // PoC.js Link --...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/10/17 6:55 p.m.14 views

Cross-Site Request Forgery (CSRF) in kunstmaan/kunstmaanbundlescms

Description There is exist multiple high impact CSRF that attacker can delete many part of applications contents. I provide the full list of CSRFs vulnerable endpoints for you. because the number of endpoints are too many I don't put the PoC.html of all of the vulnerable endpoints...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/10/16 1:12 p.m.14 views

Inefficient Regular Expression Complexity in stylelint/stylelint

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in stylelint. It allows causing a denial of service when calling function isKeyframeSelector. Proof of Concept // PoC.js var isKeyframeSelector = require"stylelint/lib/utils/isKeyframeSelector" forvar i ...

2.9AI score
Exploits0
Total number of security vulnerabilities4072