Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
β€’added 2021/10/04 9:33 p.m.β€’14 views

Cross-Site Request Forgery (CSRF) in snipe/snipe-it

Description I found some low/medium level CSRFs on nice snipe-it application Proof of Concepts change the state of Requestable Assets : // PoC.html history.pushState'', '', '/' restore a hardware : // PoC.html history.pushState'', '', '/'...

6.8CVSS1.6AI score0.00526EPSS
Exploits1
Huntr
Huntr
β€’added 2021/10/02 4:6 a.m.β€’14 views

Session Fixation in pheditor/pheditor

Description PHPEditor session are not regenerated after every login leading to possible session fixation attacks local attack vector Proof of Concept 1. Open two browsers Browser 1: Attacker, Browser 2: Victim 2. Visit https://PHP-EDITOR/phpeditor.php server and copy cookie from Browser 1 3. Past...

1.4AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/30 5:22 a.m.β€’14 views

Improper Access Control in collectiveaccess/pawtucket2

Description An attacker can join any user group in the Pawtucket2 interface as the URLs are not being randomised Proof of Concept Any attacker can join the Administrator group using: http://PAWTUCKETURL/pawtucket/index.php/LoginReg/joinGroup/groupid/2 An attacker can join any group by incrementin...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/29 1:10 a.m.β€’14 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in blair2004/nexopos-4x

Description Session cookie nexopossession is not marked as Secure Proof of Concept 1. Open demo page https://v4.nexopos.com/sign-in using firefox; login using demo account 2. Go to Developer tool - Storage - Cookie and see that nexopossession has Secure = False...

0.1AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/09/27 6:45 a.m.β€’14 views

in flarum/framework

Description Sensitive Data can be exposed even after logouting the application due to ui wrong action Proof of Concept 1 login to the application dashboard as admin https://demo.flarum.site/admin/ 2 Goto Any pages dashboard,permissions etc 3 Click logout 4 Click browser back button 5 Will Re-ente...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/25 10:7 a.m.β€’14 views

Open Redirect in jonschoning/espial

Description Open Redirect at add url with parameter ?next= Proof of Concept // PoC.request POST /api/add HTTP/2 Host: esp.ae8.org Cookie:...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/24 12:13 a.m.β€’14 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description Attacker is able to run staff commands. Proof of Concept When you logged in open this POC.html in a browser. You can run staff only tools. history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging user to unintentional run staff only tools...

1.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/22 5:43 p.m.β€’14 views

Cross-site Scripting (XSS) - Generic in tsolucio/corebos

Description Generic XSS in RSS content allows for the arbitrary execution of JavaScript Proof of Concept // PoC Request Add RSS Feed POST /corebos/index.php?module=Rss&action=RssAjax&file=Popup&directmode=ajax&rssurl=http://127.0.0.1:9999/rss.xml HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0...

0.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/20 1:43 p.m.β€’14 views

in osticket/osticket

Description The URL parser incorrectly parses the URL given IFrame src attributes. An attacker is able to inject iframe elements linking to arbitrary domains which can be viewed by admins, bypassing the embedded domain whitelist. Proof of Concept will render malicious-server site rather than...

6.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/20 5:31 a.m.β€’14 views

Open Redirect in zikula/core

Description Open Redirect on Login with parameter ?returnUrl= Proof of Concept POST /login?returnUrl=https://google.com HTTP/2 Host: demo.ziku.la Cookie: zsid=b6g4qa64983t2tg073uh1e1rjm User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/16 3:58 a.m.β€’14 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ledgersmb/ledgersmb

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1ESnBKwFef8D42A2VD3W59vXMLdWhCxS9/view?usp=sharing Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP...

4CVSS0.00941EPSS
Exploits1References1
Huntr
Huntr
β€’added 2021/09/14 3:48 p.m.β€’14 views

Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin

Description Stored xss via name Proof of Concept 1. First goto https://v6.thinkadmin.top/admin.html/admin/base.html?type=datea&spm=m-2-4-8 and edit a data and put bellow xss payload in Data name field . xss"' Now see xss is executed VIEDO...

3AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/14 3:11 p.m.β€’14 views

Cross-site Scripting (XSS) - DOM in mineweb/minewebcms

✍️ Description A malicious actor is able to add a malicious payload as a new Navigation Bar Link Title, and after every time any users visit the main root page of the website, the XSS payload is executed and the session of whoever visits the site is compromised. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1; Create a...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/13 6:54 a.m.β€’14 views

Cross-Site Request Forgery (CSRF) in e107inc/e107

✍️ Description Attacker or malicious user is able to change URL configuration if a logged in user visits attacker website. because lack of CSRF token πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally your search URL changed form /search.php...

0.5AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/09/11 10:14 p.m.β€’14 views

Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Delete users with PoC.html πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html 3.after visiting...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/09 10:51 a.m.β€’14 views

in hestiacp/hestiacp

✍️ Description External Control of File Name or Path is a type of security flaw in which users can access resources from restricted locations on a file system. It is commonly called path traversal. If an attacker performs a path traversal attack successfully, they could potentially view sensitive...

2.2AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/09/09 10:0 a.m.β€’14 views

Path Traversal in pokeapi/pokeapi

✍️ Description A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with β€œdot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...

0.9AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/09/09 8:2 a.m.β€’14 views

Cross-site Scripting (XSS) - Reflected in universaloj/uoj-system

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.2AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/09/05 1:51 p.m.β€’14 views

None in fisharebest/webtrees

✍️ Description Sensitive data including username and email address is passed as query strings through GET request during registration. When the given email or username exists the database at the time of user registration, The application passes the given username and email address through GET...

1.8AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/09/02 2:1 p.m.β€’14 views

Inefficient Regular Expression Complexity in nervjs/taro

✍️ Description A ReDoS regular expression denial of service flaw was found in the @tarojs/helper package. An attacker that is able to provide crafted input as url may cause an application to consume an excessive amount of CPU. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Create the following poc.mjs // PoC.mjs import...

7.8CVSS1.6AI score0.01222EPSS
Exploits1
Huntr
Huntr
β€’added 2021/09/02 9:30 a.m.β€’14 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description A malicious actor is able to add "new board" with a malicious payload to any target, and upon opening the research menu, the XSS payload is being executed. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1; Log in with a proper roled user 2; Add a new board to the system at research menu on the left 3;...

1.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/01 12:30 a.m.β€’14 views

Command Injection in yogeshojha/rengine

✍️ Description RCE via the proxy feature of Rengine. Proxies can be added in Rengine for executables like httpx to use in a scan. This functionality can be used to inject a command and run arbitrary code. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Add this as the only proxy in the proxy list in the Proxy settings:...

0.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/31 1:48 p.m.β€’14 views

Cross-site Scripting (XSS) - Stored in yogeshojha/rengine

✍️ Description A malicious actor is able to add "To-do" with a malicious payload to any target, and upon opening the target's summary, the XSS payload is being executed. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1; Create a scan with any domain 2; Start scanning the target 3; Add a "To-do" with any title and with the...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/28 5:47 a.m.β€’14 views

Path Traversal in os4ed/opensis-classic

✍️ Description The module.php modname parameter in OpenSIS 8.0 is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.; πŸ•΅οΈβ€β™‚οΈ Proof of Concept // Modules.php GET /Modules.php?modname=../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 302...

2.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/24 10:40 p.m.β€’14 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

✍️ Description Attacker able to reset any profile banner with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

1.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/23 7:1 p.m.β€’14 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of customers with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In...

1.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/23 11:35 a.m.β€’14 views

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

5.2AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/08/19 2:5 p.m.β€’14 views

Cross-site Scripting (XSS) - Stored in imran300/inventory

✍️ Description Stored xss bug using a xss payload in the employee name when adding a new employee πŸ•΅οΈβ€β™‚οΈ Proof of Concept Goto http://localhost/inventory/employees/addemployee and click on add employee and copy paste the following xss payload and paste it in the EMP NAME javascript " Click on safe...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/13 3:22 p.m.β€’14 views

Cross-site Scripting (XSS) - Stored in ampache/ampache

✍️ Description This is a stored XSS in the mp3 management library. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Mark the album as favorite 1 and then open "Informations" - "Favorites" 2: πŸ’₯ Impact By uploading an mp3 with javascript...

1.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/12 3:52 p.m.β€’14 views

Cross-site Scripting (XSS) - Stored in circuitverse/circuitverse

✍️ Description CircuitVerse is a free, open-source platform which allows users to construct digital logic circuits online this app is vulnerable for XSS thru creating Assignments πŸ•΅οΈβ€β™‚οΈ Proof of Concept πŸ’₯ Impact This vulnerability is capable of stealing cookies for group members...

2.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/10 8:50 a.m.β€’14 views

Cross-site Scripting (XSS) - Reflected in erudika/scoold

✍️ Description It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser. πŸ•΅οΈβ€β™‚οΈ Proof of Concept...

0.7AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/08/05 3:14 p.m.β€’14 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

✍️ Description Attacker able to delete any Sales Order with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know...

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/05 2:10 a.m.β€’14 views

Cross-site Scripting (XSS) - Reflected in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through the search form πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. Go to http://site.com/search?form=search&qwidget=%22%3E%3Csvg/onload=alertdocument.domain%3E 2. XSS payload will be executed πŸ’₯ Impact An attacker can execute JavaScript code in the website...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/30 5:37 p.m.β€’14 views

Cross-Site Request Forgery (CSRF) in sergix44/xbackbone

✍️ Description following endpoint vulnerable to CSRF: /omeka/system/deleteOrphanFiles Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. πŸ•΅οΈβ€β™‚οΈ Proof of Concept //...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/29 3:56 p.m.β€’14 views

Cross-site Scripting (XSS) - Stored in apostrophecms/apostrophe

✍️ Description : An attacker could upload a specially crafted SVG image containing malicious scripting code. When following a link to this image, the code would be executed. πŸ•΅οΈβ€β™‚οΈ Proof of Concept : // PoC.js var payload = ... Link POC using Demo --...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/29 7:50 a.m.β€’14 views

in yiisoft/yii2

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates weak random numbers is mtrand in CaptchaAction.php at line 217. πŸ•΅οΈβ€β™‚οΈ Proof of Concept ?php...

5CVSS5.6AI score0.017EPSS
Exploits1References3
Huntr
Huntr
β€’added 2021/07/23 7:3 p.m.β€’14 views

in alovoa/alovoa

✍️ Description Affected versions of this package are vulnerable to XML External Entity XXE Injection via the SAML2AssertionValidator method. Access to external entities was not disabled in XML parsing. πŸ•΅οΈβ€β™‚οΈ Proof of Concept org.springframework.security spring-security-oauth2-client...

4.3AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/07/23 1:14 p.m.β€’14 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug when creating game πŸ•΅οΈβ€β™‚οΈ Proof of Concept no csrf token checking during gamecreate .\ Bellow request is vulnerable to csrf attack POST /gamecreate.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/19 3:9 a.m.β€’14 views

Cross-site Scripting (XSS) - DOM in alovoa/alovoa

✍️ Description It is possible to run JavaScript code in the webpage by DOM unsanitized properties. The function onChangeLocal sets the value of window.location.search directly from the URL, without previous checks. πŸ•΅οΈβ€β™‚οΈ Proof of Concept // Vulnerable function in file fragments.html:139 function...

7AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/07/10 12:20 a.m.β€’14 views

Use of a Broken or Risky Cryptographic Algorithm in panique/huge

✍️ Description The function mtrand is used to generate password-reset tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate password-reset tokens that...

Exploits0References2
Huntr
Huntr
β€’added 2021/07/08 3:54 p.m.β€’14 views

in ethibox/stacks

✍️ Description Please enter a description of the vulnerability. 1Visit https://github.com/ethibox/stacks/blob/master/wordpress.ymlL47-L50 for the exposed database credentials πŸ’₯ Impact This vulnerability is capable of database getting compromised...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/05 2:34 p.m.β€’14 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description Stored xss bug using a xss payload in the Hypothesis when adding a new Research πŸ•΅οΈβ€β™‚οΈ Proof of Concept Goto http://localhost/leancanvas/simpleCanvas and click on add new and copy paste the following xss payload javascript " Click on safe and see the xss popup with the cookie. πŸ’₯...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/02 3:0 p.m.β€’14 views

Cross-site Scripting (XSS) - Stored in projectsend/projectsend

✍️ Description section parameter at Line 331 of email-templates.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in email-templates.php at line 331 πŸ•΅οΈβ€β™‚οΈ Proof of Concept Data enters in application...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/02 2:5 p.m.β€’14 views

Cross-site Scripting (XSS) - Stored in devcode-it/openstamanager

✍️ Description Stored xss through file upload via anagrafiche πŸ•΅οΈβ€β™‚οΈ Proof of Concept Go to an existing Anagrafiche or create a new one. Upload a .svg file with the following content: javascript alertdocument.cookie; give a name you want ending with .svg store-xss.svg for example. when you click on...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/06/27 2:28 p.m.β€’14 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

✍️ Description The /app/admin/pageDeleteMember.php?memberID= does not have a CSRF protection. This could be used by attackers to trick the admin to delete a member from their invoice system. πŸ•΅οΈβ€β™‚οΈ Proof of Concept For this attack to work, a logged in admin, should visit the POC page...

2.3AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/06/26 6:0 p.m.β€’14 views

OS Command Injection in falconchristmas/fpp

✍️ Description Application is reading invalidated user input at Line 44 through: $plugin = $pluginInfo'repoName';. Line 57 in plugin.php calls system to execute a command. This might allow an attacker to inject malicious commands. πŸ•΅οΈβ€β™‚οΈ Proof of Concept SCREENSHOT:...

0.2AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/06/25 6:18 p.m.β€’14 views

in alovoa/alovoa

✍️ Description Random.setSeed should not be called with a constant integer argument. If a Random object is seeded with a specific value, the values returned by Random.nextInt and similar methods which return or assign values are predictable. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Vulnerable code of:...

1AI score
Exploits0
Huntr
Huntr
β€’added 2021/06/19 12:41 p.m.β€’14 views

Heap-based Buffer Overflow in squell/id3

✍️ Description While testing id3 built from commit 0de713 with Clang 13 +ASan on Ubuntu 20.04.2, we discovered a POC which triggers a heap-buffer-overflow in tag::unbinarize. This particular flaw was discovered with the help of honggfuzz. πŸ•΅οΈβ€β™‚οΈ Proof of Concept echo...

Exploits0
Huntr
Huntr
β€’added 2021/05/29 8:27 p.m.β€’14 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Hi, there are 2 potential reflected XSS in https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/restartRemoteFPPD.phpL16 : php $ip = $GET'ip'; // if isset$GET'mode' echo "Setting FPPD mode @ $ip\n"; // echo "Restarting FPPD @ $ip\n"; The ip...

6.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/19 8:34 a.m.β€’14 views

Improper Privilege Management in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can see all details of a product πŸ’₯ STEP TO REPRODUCE 1. From admin account add user B as normal user .\ Now dont give any permission for Product module for user B .\ So, user B should not see any product details .\ \ 2. Now from admin create a product .\ \ 3. Finally goto...

0.8AI score
Exploits0
Total number of security vulnerabilities4072