Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/07/10 12:20 a.m.14 views

Use of a Broken or Risky Cryptographic Algorithm in panique/huge

✍️ Description The function mtrand is used to generate password-reset tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate password-reset tokens that...

Exploits0References2
Huntr
Huntr
added 2021/07/08 3:54 p.m.14 views

in ethibox/stacks

✍️ Description Please enter a description of the vulnerability. 1Visit https://github.com/ethibox/stacks/blob/master/wordpress.ymlL47-L50 for the exposed database credentials 💥 Impact This vulnerability is capable of database getting compromised...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/07/05 2:34 p.m.14 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description Stored xss bug using a xss payload in the Hypothesis when adding a new Research 🕵️‍♂️ Proof of Concept Goto http://localhost/leancanvas/simpleCanvas and click on add new and copy paste the following xss payload javascript " Click on safe and see the xss popup with the cookie. 💥...

7AI score
Exploits0
Huntr
Huntr
added 2021/07/02 3:0 p.m.14 views

Cross-site Scripting (XSS) - Stored in projectsend/projectsend

✍️ Description section parameter at Line 331 of email-templates.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in email-templates.php at line 331 🕵️‍♂️ Proof of Concept Data enters in application...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/07/02 2:5 p.m.14 views

Cross-site Scripting (XSS) - Stored in devcode-it/openstamanager

✍️ Description Stored xss through file upload via anagrafiche 🕵️‍♂️ Proof of Concept Go to an existing Anagrafiche or create a new one. Upload a .svg file with the following content: javascript alertdocument.cookie; give a name you want ending with .svg store-xss.svg for example. when you click on...

7AI score
Exploits0
Huntr
Huntr
added 2021/06/27 2:28 p.m.14 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

✍️ Description The /app/admin/pageDeleteMember.php?memberID= does not have a CSRF protection. This could be used by attackers to trick the admin to delete a member from their invoice system. 🕵️‍♂️ Proof of Concept For this attack to work, a logged in admin, should visit the POC page...

2.3AI score
Exploits0References1
Huntr
Huntr
added 2021/06/26 6:0 p.m.14 views

OS Command Injection in falconchristmas/fpp

✍️ Description Application is reading invalidated user input at Line 44 through: $plugin = $pluginInfo'repoName';. Line 57 in plugin.php calls system to execute a command. This might allow an attacker to inject malicious commands. 🕵️‍♂️ Proof of Concept SCREENSHOT:...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/06/25 6:18 p.m.14 views

in alovoa/alovoa

✍️ Description Random.setSeed should not be called with a constant integer argument. If a Random object is seeded with a specific value, the values returned by Random.nextInt and similar methods which return or assign values are predictable. 🕵️‍♂️ Proof of Concept Vulnerable code of:...

1AI score
Exploits0
Huntr
Huntr
added 2021/06/19 12:41 p.m.14 views

Heap-based Buffer Overflow in squell/id3

✍️ Description While testing id3 built from commit 0de713 with Clang 13 +ASan on Ubuntu 20.04.2, we discovered a POC which triggers a heap-buffer-overflow in tag::unbinarize. This particular flaw was discovered with the help of honggfuzz. 🕵️‍♂️ Proof of Concept echo...

Exploits0
Huntr
Huntr
added 2021/05/29 8:27 p.m.14 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Hi, there are 2 potential reflected XSS in https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/restartRemoteFPPD.phpL16 : php $ip = $GET'ip'; // if isset$GET'mode' echo "Setting FPPD mode @ $ip\n"; // echo "Restarting FPPD @ $ip\n"; The ip...

6.2AI score
Exploits0
Huntr
Huntr
added 2021/05/19 8:34 a.m.14 views

Improper Privilege Management in dolibarr/dolibarr

💥 BUG unprivileged user can see all details of a product 💥 STEP TO REPRODUCE 1. From admin account add user B as normal user .\ Now dont give any permission for Product module for user B .\ So, user B should not see any product details .\ \ 2. Now from admin create a product .\ \ 3. Finally goto...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/05/16 7:31 a.m.14 views

Cross-site Scripting (XSS) - Stored in phplist/phplist3

✍️ Description Stored xss 🕵️‍♂️ Proof of Concept see this recorded video https://drive.google.com/file/d/1EUTevCQWPK4txY6jqQ-MAcXyDO7Zx2q/view?usp=sharing 💥 Impact Xss bug...

0.6AI score
Exploits0References3
Huntr
Huntr
added 2021/05/12 2:59 p.m.14 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/shutdownRemoteFPP.phpL15 a user input is directly echo-ed in the page without sanitization : php $ip = $GET'ip'; echo "Shutting down FPP system @ $ip\n"; 🕵️‍♂️ Proof of Concept Visit :...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/04/19 12:57 a.m.14 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through search request. It is possible to set the HTTP referer header to javascript:. 🕵️‍♂️ Proof of Concept Execute the following command localhost: shell curl -H 'Referer: javascript:alert'...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/03/28 2:14 p.m.14 views

Code Injection in flitbit/json-ptr

✍️ Description json-ptr is a complete implementation of JSON Pointer RFC 6901 for nodejs and modern browsers. JsonPointer.get that is designed to get the target object's value at the pointer's location is vulnerable to arbitrary code injection and exection, mainly due to the lack of sanitizing for...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/02/06 12:0 a.m.14 views

Cross-site Scripting (XSS) - Generic in rilyzhang/dy-server

Description Cross Site Scripting in dy-server2 Proof of Concept 1. Install package from npm: npm i -g dy-server2 2. Create folder or file with name: 3. Start server: dy-server2 -p 8888 4. Open website and the code will execute...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/01/10 12:0 a.m.14 views

Prototype Pollution in quernest/arr-flatten-unflatten

Description arr-flatten-unflatten is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var arrFlattenUnflatten = require"arr-flatten-unflatten" console.log"Before : " + .polluted; arrFlattenUnflatten.unflatten'protopolluted': 'Yes! Its Polluted';...

7.5CVSS2.1AI score0.01916EPSS
Exploits1
Huntr
Huntr
added 2021/01/07 12:0 a.m.14 views

Code Injection in archivy/archivy

Description Archivy is a self-hosted knowledge repository that allows you to safely preserve useful content that contributes to your knowledge bank. Vulnerability description Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Run exploit.py python import os...

1.7AI score
Exploits0References1
Huntr
Huntr
added 2020/12/21 12:0 a.m.14 views

Code Injection in tensorflow/models

Description Arbitrary Code Excecution in Tensorflow/Models.The TensorFlow Model Garden is a repository with a number of different implementations of state-of-the-art SOTA models and modeling solutions for TensorFlow users. We aim to demonstrate the best practices for modeling so that TensorFlow...

3.9AI score
Exploits0References1
Huntr
Huntr
added 2020/12/21 12:0 a.m.14 views

Code Injection in zqpei/deep_sort_pytorch

Description Arbitrary Code Excecution in deepsort built on pytorch. MOT tracking using deepsort and yolov3 with pytorch. Technical Description This package was vulnerable to Arbitrary code execution due to a use of a known vulnerable function load in yaml. All the scripts importing utils/parser.p...

1.8AI score
Exploits0References1
Huntr
Huntr
added 2020/12/17 12:0 a.m.14 views

Prototype Pollution in asaianudeep/deep-override

Description deep-override is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var deepOverride = require"deep-override" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted; deepOverrideobj,...

2.1AI score
Exploits0
Huntr
Huntr
added 2020/12/17 12:0 a.m.14 views

Cross-Site Request Forgery (CSRF) in strider-cd/strider

Description Strider is an Open Source Continuous Deployment / Continuous Integration platform. It is written in Node.js and Ember.js and uses MongoDB as a backing store. This platform is vulnerable to Cross-Site Request Forgery CSRF. It allowes an attacker to takeover accounts, privillege...

0.7AI score
Exploits0
Huntr
Huntr
added 2020/10/22 12:0 a.m.14 views

Prototype Pollution in sonnyp/json8

Description json8-patch is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var json8Patch = require"json8-patch" var obj = const pat...

1.3AI score
Exploits0
Huntr
Huntr
added 2020/09/15 12:0 a.m.14 views

Prototype Pollution in liriliri/licia

Description licia package is vulnerable to prototype pollution issue files can be found in https://github.com/liriliri/licia/blob/master/src/e/extendDeep.js & https://github.com/liriliri/licia/blob/master/src/s/safeSet.jsL46 Proof of Concept 1. Creating poc filed js var utils = require'licia'; va...

1.1AI score
Exploits0
Huntr
Huntr
added 2020/08/23 12:0 a.m.14 views

Code Injection in ionicabizau/git-stats

Overview git-stats is a js package for local git statistics including GitHub-like contributions calendars. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in any of the options.start or options.end values...

3.1AI score
Exploits0
Huntr
Huntr
added 2020/07/20 12:0 a.m.14 views

Command Injection in 1000ch/install-package

Overview install-package is a package that installs node modules from JavaScript. This package is vulnerable to Command Injection, the argument options can be controlled by users without any sanitization giving attackers the ability to execute malicious code. POC var root =...

4.9AI score
Exploits0References1
Huntr
Huntr
added 2026/02/26 3:6 p.m.13 views

CWE-346: CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat`

This report is not public...

8.8CVSS6.4AI score0.00197EPSS
Exploits1
Huntr
Huntr
added 2026/02/25 6:56 a.m.13 views

Path Traversal via Prefix Match Bypass in `_get_os_path`

This report is not public...

5.8AI score
Exploits0
Huntr
Huntr
added 2026/02/20 6:3 p.m.13 views

Hardcoded trust_remote_code=True in Model Implementations Bypasses User Security Control

This report is not public...

8.8CVSS5.8AI score0.00747EPSS
Exploits0
Huntr
Huntr
added 2025/05/13 1:27 p.m.13 views

IDOR Vulnerability in Template Creation via `projectId` Manipulation

Description An Insecure Direct Object Reference IDOR vulnerability exists in the POST /v1/templates endpoint of the Lunary API. This allows an authenticated user to create templates in another user’s project by modifying the projectId query parameter. This occurs due to a lack of server-side...

7.7CVSS6.7AI score0.00217EPSS
Exploits0
Huntr
Huntr
added 2024/11/09 4:40 a.m.13 views

Remote Code Execution via Model Deserialization on /api/v2/models/install API

Summary I have identified a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This...

9.8CVSS10AI score0.05342EPSS
Exploits5
Huntr
Huntr
added 2023/10/12 6:39 p.m.13 views

CSRF in Cancel Reviewer and Reinstate Reviewer

Description CSRF in Cancel Reviewer and Reinstate Reviewer Proof of Concept Link Poc I attach the Poc link below. Thank You. https://drive.google.com/drive/folders/1QA5Kz6w2AgYdFDoDX2hHWK0zHAPoWt?usp=sharing...

7.2AI score0.00264EPSS
Exploits1
Huntr
Huntr
added 2023/09/30 7:44 a.m.13 views

CSRF edit Blacklist settings( YES to NO)

Description CSRF edit Blacklist settings Proof of Concept 1 .For example, the data fields in the Blacklist settings are all set to: YES. 2 .The attacker sends a fake form to the user: history.pushState'', '', '/'; document.forms0.submit; 3 .User Clicked, changed the setting to NO, which the user...

7.1AI score
Exploits0
Huntr
Huntr
added 2023/09/23 5:47 a.m.13 views

Store XSS at Label sets list in (Version 6.2.7)

Description First of all, I apologize for reporting back. I noticed, the latest current version is 6.2.7. XSS vulnerabilities still exist Proof of Concept Detail: 1 .Login and access Label sets list 2 .Create new label set 3 . Insert payload in to Title haido" onclick="alert1 4 .Click save ==...

6.4AI score
Exploits0
Huntr
Huntr
added 2023/08/20 6:37 a.m.13 views

RCE via TranformGraph().to_dot_graph function

Description Due to improper input validation a malicious user can provide a command or a script file as a value to savelayout argument, which will be placed as the first value in a list of arguments passed to subprocess.Popen. Although an error will be raised, the command or script will be execut...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/08/14 2:11 p.m.13 views

Arbitrary file upload

Description Due to lack of file extension validation, privileged user administrator can upload arbitrary files with "update logo" and "update icon" features. The application uses the extension provided in the filename parameter. Proof of Concept POST /admin/default/jqadm/save/settings?locale=en...

7AI score
Exploits0References1
Huntr
Huntr
added 2023/08/09 7:38 a.m.13 views

Store XSS via Upload Photos in album

Description The application does not check the file upload and content file extension. This results in an attacker being able to upload a malicious file that leads to xss. Proof of Concept Video POC: https://drive.google.com/file/d/1QZSCvgrmdXaZb7xoD-eA0iLlL7vDPKYw/view?usp=sharing Payload...

4.9CVSS6.9AI score0.00438EPSS
Exploits1References1
Huntr
Huntr
added 2023/07/24 7:36 p.m.13 views

stored XSS Bypass in the FAQ Fields

Hello, I was able to detect an XSS Payload to bypass the XSS Protections in the FAQ Fields and get a stored XSS which can be used to start further attacks. Thank you for your time and effort...

6.2AI score
Exploits0References5
Huntr
Huntr
added 2023/07/17 1:50 a.m.13 views

Reflected XSS at upload file

Description 1/ Access to the demo website and login at this case I used user admin 2/ At function upload photo to an album, try upload a file with the name is payload XSS. 3/ The payload will be triggered at error content. Proof of Concept Video PoC:...

7AI score
Exploits0
Huntr
Huntr
added 2023/07/11 12:41 p.m.13 views

XSS in webmention.js

Description webmention.js has a XSS vulnerability here. Comment name has not escaped. https://github.com/PlaidWeb/webmention.js/blob/9457e71433c0d2430bbe767ecc5b5837140d0ee4/static/webmention.jsL330 Proof of Concept 1. 1 Put a webmention.js on your site 2. 2 Send a webmention that includes XSS...

5.8CVSS6.4AI score0.00428EPSS
Exploits1
Huntr
Huntr
added 2023/06/27 5:32 p.m.13 views

Exposure version installed on the system

Description Users can check the version of Admidio installed on the system. Proof of Concept Go to http:///admprogram/modules/preferences/updatecheck.php?mode=2 Acknowledge Tran Van Nhan from bl4ckh0l3 of GalaxyOne...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/06/23 11:44 a.m.13 views

DOM Cross Side Scripting

Description Hello team, Recently i found that, DOM XSS on profile language field there is a DOM XSS Proof of Concept Video poc: https://screencast-o-matic.com/watch/c01067VBWlV Step: 1. Login as simple user 2. Click on settings and select profile tab. 3. Click on change language as 'english' and...

4.9CVSS6.2AI score0.00514EPSS
Exploits1
Huntr
Huntr
added 2023/06/03 10:45 p.m.13 views

HTML Injection / Possible XSS

Description In pimcore I was able to identify a Unauthenticated HTML Injection / XSS Possible. Conditions: 2 factor authentication must not set before Vulnerable Endpoint: http://localhost/admin/login/2fa-setup Vulnerable Param: error= How it works, So basically any admin, who has not setup 2...

7.5AI score
Exploits0References1
Huntr
Huntr
added 2023/05/18 5:57 a.m.13 views

OOB Read segfault

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Release: n/a Codename: bookworm Version I checked against the latest release as of 05/18/23 the current master branch at commit a6ae93532ea5615c876c81a6580badbfa01d4383 . Description This AddressSanitizer output is...

6.4CVSS6.7AI score0.00706EPSS
Exploits1
Huntr
Huntr
added 2023/04/02 2:20 p.m.13 views

Unrestricted File Upload with Dangerous Type to XSS

Description In upload logo website not validate extension and content of file when upload logo. It can upload a svg contain XSS payload\ Allowed file extensions: not have svg Proof of Concept POST /projectsend/options.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x6...

6.2AI score
Exploits0
Huntr
Huntr
added 2023/03/27 7:16 a.m.13 views

IDORs with unpredictable IDs are valid vulnerabilities

1 create two workspace: workspace1 and workspace2, and their admin is admin1 and admin2 2 login as user1 and create project1. 4 Using burpsuit to hijack the reqeust, repalce workspace1's workspaceid as workspace2's workspaceid 5 we can find that project1 has a new proejct, even admin2 is not the...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/03/23 10:39 a.m.13 views

ProjectID is disclosed and can be used for IDOR attack

I find that we click "Settings" button, we can see all the project, even the login user does not belong to the project. Using burpsuit to hijack the reqeust, we can obtain project ids. We can use projectid to perform IDOR attack. 1 create two projects: project1 and project2, and their admin is...

2.8CVSS6.8AI score0.0067EPSS
Exploits1
Huntr
Huntr
added 2023/03/01 8:22 p.m.13 views

SQL Injection in 'core/ajax/ajax_data.php'

Description There exists an SQL injection affecting the edition parameter located in the file core/ajax/ajaxdata.php php $productEditionFilter = isset$GET"edition" and !empty$GET"edition" ? " productedition = '$GET"edition"' " : " producttype != 'Child' "; We see that $GET"edition" is appended...

7.8AI score
Exploits0
Huntr
Huntr
added 2023/02/24 4:32 p.m.13 views

Bypass IP detection lead to perform brute-force attack

Description In login function, by default, the IP address will be blocked when the user tries to login incorrectly more than 3 times but we can bypass this mechanism by abuse X-Forwarded-For header to bypass IP dectection and perform password brute-force. Proof of Concept POST...

7AI score
Exploits0References1
Huntr
Huntr
added 2023/02/22 10:11 a.m.13 views

IDOR on save email configuration leads to account takeover

Description An attacker with a low privileged account on the latest GLPI version could change other user´s email when saving his own user preferences. After that, if "Forgot password" is enabled via email, an attacker will be able to retrieve victim´s forgot password link to the modified email to...

6.6AI score
Exploits0References1
Total number of security vulnerabilities4072