Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/06/26 6:0 p.m.14 views

OS Command Injection in falconchristmas/fpp

✍️ Description Application is reading invalidated user input at Line 44 through: $plugin = $pluginInfo'repoName';. Line 57 in plugin.php calls system to execute a command. This might allow an attacker to inject malicious commands. 🕵️‍♂️ Proof of Concept SCREENSHOT:...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/06/25 6:18 p.m.14 views

in alovoa/alovoa

✍️ Description Random.setSeed should not be called with a constant integer argument. If a Random object is seeded with a specific value, the values returned by Random.nextInt and similar methods which return or assign values are predictable. 🕵️‍♂️ Proof of Concept Vulnerable code of:...

1AI score
Exploits0
Huntr
Huntr
added 2021/06/19 12:41 p.m.14 views

Heap-based Buffer Overflow in squell/id3

✍️ Description While testing id3 built from commit 0de713 with Clang 13 +ASan on Ubuntu 20.04.2, we discovered a POC which triggers a heap-buffer-overflow in tag::unbinarize. This particular flaw was discovered with the help of honggfuzz. 🕵️‍♂️ Proof of Concept echo...

Exploits0
Huntr
Huntr
added 2021/05/29 8:27 p.m.14 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Hi, there are 2 potential reflected XSS in https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/restartRemoteFPPD.phpL16 : php $ip = $GET'ip'; // if isset$GET'mode' echo "Setting FPPD mode @ $ip\n"; // echo "Restarting FPPD @ $ip\n"; The ip...

6.2AI score
Exploits0
Huntr
Huntr
added 2021/05/19 8:34 a.m.14 views

Improper Privilege Management in dolibarr/dolibarr

💥 BUG unprivileged user can see all details of a product 💥 STEP TO REPRODUCE 1. From admin account add user B as normal user .\ Now dont give any permission for Product module for user B .\ So, user B should not see any product details .\ \ 2. Now from admin create a product .\ \ 3. Finally goto...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/05/16 7:31 a.m.14 views

Cross-site Scripting (XSS) - Stored in phplist/phplist3

✍️ Description Stored xss 🕵️‍♂️ Proof of Concept see this recorded video https://drive.google.com/file/d/1EUTevCQWPK4txY6jqQ-MAcXyDO7Zx2q/view?usp=sharing 💥 Impact Xss bug...

0.6AI score
Exploits0References3
Huntr
Huntr
added 2021/05/12 2:59 p.m.14 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/shutdownRemoteFPP.phpL15 a user input is directly echo-ed in the page without sanitization : php $ip = $GET'ip'; echo "Shutting down FPP system @ $ip\n"; 🕵️‍♂️ Proof of Concept Visit :...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/04/19 12:57 a.m.14 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through search request. It is possible to set the HTTP referer header to javascript:. 🕵️‍♂️ Proof of Concept Execute the following command localhost: shell curl -H 'Referer: javascript:alert'...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/03/28 2:14 p.m.14 views

Code Injection in flitbit/json-ptr

✍️ Description json-ptr is a complete implementation of JSON Pointer RFC 6901 for nodejs and modern browsers. JsonPointer.get that is designed to get the target object's value at the pointer's location is vulnerable to arbitrary code injection and exection, mainly due to the lack of sanitizing for...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/02/06 12:0 a.m.14 views

Cross-site Scripting (XSS) - Generic in rilyzhang/dy-server

Description Cross Site Scripting in dy-server2 Proof of Concept 1. Install package from npm: npm i -g dy-server2 2. Create folder or file with name: 3. Start server: dy-server2 -p 8888 4. Open website and the code will execute...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/01/10 12:0 a.m.14 views

Prototype Pollution in quernest/arr-flatten-unflatten

Description arr-flatten-unflatten is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var arrFlattenUnflatten = require"arr-flatten-unflatten" console.log"Before : " + .polluted; arrFlattenUnflatten.unflatten'protopolluted': 'Yes! Its Polluted';...

7.5CVSS2.1AI score0.01916EPSS
Exploits1
Huntr
Huntr
added 2021/01/07 12:0 a.m.14 views

Code Injection in archivy/archivy

Description Archivy is a self-hosted knowledge repository that allows you to safely preserve useful content that contributes to your knowledge bank. Vulnerability description Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Run exploit.py python import os...

1.7AI score
Exploits0References1
Huntr
Huntr
added 2020/12/21 12:0 a.m.14 views

Code Injection in tensorflow/models

Description Arbitrary Code Excecution in Tensorflow/Models.The TensorFlow Model Garden is a repository with a number of different implementations of state-of-the-art SOTA models and modeling solutions for TensorFlow users. We aim to demonstrate the best practices for modeling so that TensorFlow...

3.9AI score
Exploits0References1
Huntr
Huntr
added 2020/12/17 12:0 a.m.14 views

Prototype Pollution in asaianudeep/deep-override

Description deep-override is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var deepOverride = require"deep-override" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted; deepOverrideobj,...

2.1AI score
Exploits0
Huntr
Huntr
added 2020/12/17 12:0 a.m.14 views

Cross-Site Request Forgery (CSRF) in strider-cd/strider

Description Strider is an Open Source Continuous Deployment / Continuous Integration platform. It is written in Node.js and Ember.js and uses MongoDB as a backing store. This platform is vulnerable to Cross-Site Request Forgery CSRF. It allowes an attacker to takeover accounts, privillege...

0.7AI score
Exploits0
Huntr
Huntr
added 2020/10/22 12:0 a.m.14 views

Prototype Pollution in sonnyp/json8

Description json8-patch is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var json8Patch = require"json8-patch" var obj = const pat...

1.3AI score
Exploits0
Huntr
Huntr
added 2020/09/15 12:0 a.m.14 views

Prototype Pollution in liriliri/licia

Description licia package is vulnerable to prototype pollution issue files can be found in https://github.com/liriliri/licia/blob/master/src/e/extendDeep.js & https://github.com/liriliri/licia/blob/master/src/s/safeSet.jsL46 Proof of Concept 1. Creating poc filed js var utils = require'licia'; va...

1.1AI score
Exploits0
Huntr
Huntr
added 2020/08/23 12:0 a.m.14 views

Code Injection in ionicabizau/git-stats

Overview git-stats is a js package for local git statistics including GitHub-like contributions calendars. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in any of the options.start or options.end values...

3.1AI score
Exploits0
Huntr
Huntr
added 2020/07/20 12:0 a.m.14 views

Command Injection in 1000ch/install-package

Overview install-package is a package that installs node modules from JavaScript. This package is vulnerable to Command Injection, the argument options can be controlled by users without any sanitization giving attackers the ability to execute malicious code. POC var root =...

4.9AI score
Exploits0References1
Huntr
Huntr
added 2020/06/16 12:0 a.m.14 views

Code Injection in eugeneware/windows-edge

Overview windows-edge allows you to launch a new Microsoft Edge tab on Windows The issue occurs because a user input is formatted inside a command that will be executed without any check...

4.6AI score
Exploits0References1
Huntr
Huntr
added 2026/03/17 1:2 a.m.13 views

Pickle deserialization RCE via pd.read_pickle() bypasses CVE-2024-24590 fix

Summary The fix for CVE-2024-24590 only hardened the type == "pickle" deserialization branch in Artifact.get. A parallel code path for type == "pandas" with contenttype == "application/pickle" calls pd.readpickle without any integrity or safety check. An attacker who uploads a malicious pickle...

8.8CVSS6.6AI score0.02452EPSS
Exploits9
Huntr
Huntr
added 2026/02/26 3:6 p.m.13 views

CWE-346: CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat`

This report is not public...

8.8CVSS6.4AI score0.00197EPSS
Exploits1
Huntr
Huntr
added 2026/02/25 6:56 a.m.13 views

Path Traversal via Prefix Match Bypass in `_get_os_path`

This report is not public...

5.8AI score
Exploits0
Huntr
Huntr
added 2026/02/20 6:3 p.m.13 views

Hardcoded trust_remote_code=True in Model Implementations Bypasses User Security Control

This report is not public...

8.8CVSS5.8AI score0.00747EPSS
Exploits0
Huntr
Huntr
added 2025/05/13 1:27 p.m.13 views

IDOR Vulnerability in Template Creation via `projectId` Manipulation

Description An Insecure Direct Object Reference IDOR vulnerability exists in the POST /v1/templates endpoint of the Lunary API. This allows an authenticated user to create templates in another user’s project by modifying the projectId query parameter. This occurs due to a lack of server-side...

7.7CVSS6.7AI score0.00217EPSS
Exploits0
Huntr
Huntr
added 2024/11/09 4:40 a.m.13 views

Remote Code Execution via Model Deserialization on /api/v2/models/install API

Summary I have identified a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This...

9.8CVSS10AI score0.05342EPSS
Exploits5
Huntr
Huntr
added 2023/10/12 6:39 p.m.13 views

CSRF in Cancel Reviewer and Reinstate Reviewer

Description CSRF in Cancel Reviewer and Reinstate Reviewer Proof of Concept Link Poc I attach the Poc link below. Thank You. https://drive.google.com/drive/folders/1QA5Kz6w2AgYdFDoDX2hHWK0zHAPoWt?usp=sharing...

7.2AI score0.00264EPSS
Exploits1
Huntr
Huntr
added 2023/09/30 7:44 a.m.13 views

CSRF edit Blacklist settings( YES to NO)

Description CSRF edit Blacklist settings Proof of Concept 1 .For example, the data fields in the Blacklist settings are all set to: YES. 2 .The attacker sends a fake form to the user: history.pushState'', '', '/'; document.forms0.submit; 3 .User Clicked, changed the setting to NO, which the user...

7.1AI score
Exploits0
Huntr
Huntr
added 2023/09/23 5:47 a.m.13 views

Store XSS at Label sets list in (Version 6.2.7)

Description First of all, I apologize for reporting back. I noticed, the latest current version is 6.2.7. XSS vulnerabilities still exist Proof of Concept Detail: 1 .Login and access Label sets list 2 .Create new label set 3 . Insert payload in to Title haido" onclick="alert1 4 .Click save ==...

6.4AI score
Exploits0
Huntr
Huntr
added 2023/08/20 6:37 a.m.13 views

RCE via TranformGraph().to_dot_graph function

Description Due to improper input validation a malicious user can provide a command or a script file as a value to savelayout argument, which will be placed as the first value in a list of arguments passed to subprocess.Popen. Although an error will be raised, the command or script will be execut...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/08/14 2:11 p.m.13 views

Arbitrary file upload

Description Due to lack of file extension validation, privileged user administrator can upload arbitrary files with "update logo" and "update icon" features. The application uses the extension provided in the filename parameter. Proof of Concept POST /admin/default/jqadm/save/settings?locale=en...

7AI score
Exploits0References1
Huntr
Huntr
added 2023/08/09 7:38 a.m.13 views

Store XSS via Upload Photos in album

Description The application does not check the file upload and content file extension. This results in an attacker being able to upload a malicious file that leads to xss. Proof of Concept Video POC: https://drive.google.com/file/d/1QZSCvgrmdXaZb7xoD-eA0iLlL7vDPKYw/view?usp=sharing Payload...

4.9CVSS6.9AI score0.00438EPSS
Exploits1References1
Huntr
Huntr
added 2023/07/17 1:50 a.m.13 views

Reflected XSS at upload file

Description 1/ Access to the demo website and login at this case I used user admin 2/ At function upload photo to an album, try upload a file with the name is payload XSS. 3/ The payload will be triggered at error content. Proof of Concept Video PoC:...

7AI score
Exploits0
Huntr
Huntr
added 2023/07/11 12:41 p.m.13 views

XSS in webmention.js

Description webmention.js has a XSS vulnerability here. Comment name has not escaped. https://github.com/PlaidWeb/webmention.js/blob/9457e71433c0d2430bbe767ecc5b5837140d0ee4/static/webmention.jsL330 Proof of Concept 1. 1 Put a webmention.js on your site 2. 2 Send a webmention that includes XSS...

5.8CVSS6.4AI score0.00428EPSS
Exploits1
Huntr
Huntr
added 2023/06/27 5:32 p.m.13 views

Exposure version installed on the system

Description Users can check the version of Admidio installed on the system. Proof of Concept Go to http:///admprogram/modules/preferences/updatecheck.php?mode=2 Acknowledge Tran Van Nhan from bl4ckh0l3 of GalaxyOne...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/06/23 11:44 a.m.13 views

DOM Cross Side Scripting

Description Hello team, Recently i found that, DOM XSS on profile language field there is a DOM XSS Proof of Concept Video poc: https://screencast-o-matic.com/watch/c01067VBWlV Step: 1. Login as simple user 2. Click on settings and select profile tab. 3. Click on change language as 'english' and...

4.9CVSS6.2AI score0.00514EPSS
Exploits1
Huntr
Huntr
added 2023/06/03 10:45 p.m.13 views

HTML Injection / Possible XSS

Description In pimcore I was able to identify a Unauthenticated HTML Injection / XSS Possible. Conditions: 2 factor authentication must not set before Vulnerable Endpoint: http://localhost/admin/login/2fa-setup Vulnerable Param: error= How it works, So basically any admin, who has not setup 2...

7.5AI score
Exploits0References1
Huntr
Huntr
added 2023/05/18 5:57 a.m.13 views

OOB Read segfault

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Release: n/a Codename: bookworm Version I checked against the latest release as of 05/18/23 the current master branch at commit a6ae93532ea5615c876c81a6580badbfa01d4383 . Description This AddressSanitizer output is...

6.4CVSS6.7AI score0.00706EPSS
Exploits1
Huntr
Huntr
added 2023/04/02 2:20 p.m.13 views

Unrestricted File Upload with Dangerous Type to XSS

Description In upload logo website not validate extension and content of file when upload logo. It can upload a svg contain XSS payload\ Allowed file extensions: not have svg Proof of Concept POST /projectsend/options.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x6...

6.2AI score
Exploits0
Huntr
Huntr
added 2023/03/27 7:16 a.m.13 views

IDORs with unpredictable IDs are valid vulnerabilities

1 create two workspace: workspace1 and workspace2, and their admin is admin1 and admin2 2 login as user1 and create project1. 4 Using burpsuit to hijack the reqeust, repalce workspace1's workspaceid as workspace2's workspaceid 5 we can find that project1 has a new proejct, even admin2 is not the...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/03/23 10:39 a.m.13 views

ProjectID is disclosed and can be used for IDOR attack

I find that we click "Settings" button, we can see all the project, even the login user does not belong to the project. Using burpsuit to hijack the reqeust, we can obtain project ids. We can use projectid to perform IDOR attack. 1 create two projects: project1 and project2, and their admin is...

2.8CVSS6.8AI score0.0067EPSS
Exploits1
Huntr
Huntr
added 2023/03/01 8:22 p.m.13 views

SQL Injection in 'core/ajax/ajax_data.php'

Description There exists an SQL injection affecting the edition parameter located in the file core/ajax/ajaxdata.php php $productEditionFilter = isset$GET"edition" and !empty$GET"edition" ? " productedition = '$GET"edition"' " : " producttype != 'Child' "; We see that $GET"edition" is appended...

7.8AI score
Exploits0
Huntr
Huntr
added 2023/02/24 4:32 p.m.13 views

Bypass IP detection lead to perform brute-force attack

Description In login function, by default, the IP address will be blocked when the user tries to login incorrectly more than 3 times but we can bypass this mechanism by abuse X-Forwarded-For header to bypass IP dectection and perform password brute-force. Proof of Concept POST...

7AI score
Exploits0References1
Huntr
Huntr
added 2023/02/22 10:11 a.m.13 views

IDOR on save email configuration leads to account takeover

Description An attacker with a low privileged account on the latest GLPI version could change other user´s email when saving his own user preferences. After that, if "Forgot password" is enabled via email, an attacker will be able to retrieve victim´s forgot password link to the modified email to...

6.6AI score
Exploits0References1
Huntr
Huntr
added 2023/01/24 9:7 p.m.13 views

Stored/Reflected XSS in identities leads chained store XSS in logs

Description The XSS playload injected in the identities to create a new account leads to stored and reflected XSS in identities page and also in the logs page. Steps to Reproduce 1. Go to admin/identities 2.Enter the payload in the username, first name and last name as these fields are not...

4.9CVSS5.2AI score0.00498EPSS
Exploits1
Huntr
Huntr
added 2023/01/12 6:34 p.m.13 views

Path Traversal - Archiving Files to Zip

Description The Tiny File Manager pack files feature is vulnerable to path traversal, which allows an attacker to access files that reside outside the web document root directory. The vulnerability occurs as the "file" parameter is not sanitized properly, thus allowing a malicious user to input...

7.2AI score
Exploits0References1
Huntr
Huntr
added 2023/01/05 1:42 p.m.13 views

Insecure Temporary File

Description transformers package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Functions that create...

1CVSS6.8AI score0.00282EPSS
Exploits1
Huntr
Huntr
added 2022/12/03 5:12 a.m.13 views

No Protection against Bruteforce attacks on Login page

Description Webpage manager does not limit unsuccessful login attempts allowing Brute Forcing. Proof of Concept 1. Register the account. 2. Logout the account and try to login with the different password. 3. Take the request into Burp suite intruder, set the payload list to 30for testing. 4. The...

1.2AI score
Exploits0References1
Huntr
Huntr
added 2022/11/04 10:0 p.m.13 views

CSRF on SSL certificates deletion

📜 Description Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform using form submissions. It allows an attacker to partly circumvent the same origin policy, which is designed to...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/11/02 6:12 p.m.13 views

SQL Injection via lang parameter/RCE when PostgreSQL is used

Description There is a SQL injection vulnerability in the lang parameter of phpmyfaq/ajaxservice.php?action=savefaq endpoint. Vulnerable code starts at ajaxservice.php line 369, specifically the isnull$faqId && !isnull$categories'rubrik' part: php if !isnull$author && !isnull$email &&...

0.2AI score
Exploits0References1
Total number of security vulnerabilities4072