Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/09/21 7:22 p.m.13 views

Multiple Authenticated Remote Code Execution Vulnerabilities in Admin Panel

Description An attacker with administrative privileges in the openEMR application can execute arbitrary code on the server remote code execution RCE. This was tested in openEMR version 7.0.0 1 but also affects previous versions of openEMR. Proof of Concept First of all, start a netcat listener on...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/09/19 1:36 p.m.13 views

User can get details of the comments that were deleted

Description When a user creates a new record he can add a comment on it. The user is also able to delete the comments after which the user wont be having access to that comment like replying, checking what the comment was. This vulnerability allows any user to see what the deleted comment was and...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/09/14 3:41 a.m.13 views

Bypass IP detection to brute-force password in ikus060/rdiffweb

Description In login API, by default, the IP address will be blocked when the user tries to login incorrectly more than 5 times but we can bypass this mechanism by abuse X-Forwarded-For header to bypass IP dectection and perform password brute-force. Proof of Concept POST /login/ HTTP/1.1 Host:...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2022/08/22 1:48 p.m.13 views

Reflected XSS via "stufftype" parameter

Description The value for the stufftype parameter is reflected in the web context without proper filtering in place resulting in possibility to execute malicious javascript code. Testing Environment 1. Windows OS 2. Firefox Browser Proof of Concept 1. Visit...

1AI score
Exploits0
Huntr
Huntr
added 2022/08/07 3:29 p.m.13 views

Unauthenticated reading list item deletion

Description A unauthenticated user can delete any book item of any user reading list in the system without any authentication or authorization verification, via the /api/readinglist/delete-item API endpoint. Proof of Concept 1 - Send the following request, where x is the target readingListId and ...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/06/23 7:20 p.m.13 views

Cross-site Scripting ( XSS) - Reflected

Description Please enter a description of the vulnerability. File pts-core/phoromatic/publichtml/public.php line 258 of public.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. Proof of Concept GET /test"alert1 HTTP/1.1 Host: localhost:8670...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/06/11 8:59 a.m.13 views

Stored XSS in Part Revision

Description The application inventree is vulnerable to Stored XSS in part revision field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/1ZobGHiFXbhPG0agsH8mcg8VMsrjSuUP/view?usp=sharing...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/05/25 5:14 p.m.13 views

Unvalidated Follow redirects

Description There is some kind of vulnerability class in the following redirect feature, And Guzzle is also affected by this kind of vulnerability. If the developer wants to get a URL from a third-party host and the third-party URL is also redirected to another URL, then the first crafted cookies...

Exploits0
Huntr
Huntr
added 2022/05/25 7:23 a.m.13 views

Null pointer dereference at chafa-pixops.c:95

Description Null pointer dereference in hpjansson/chafa at chafa-pixops.c:95. Build export CFLAGS="-g -O0 -lpthread -fsanitize=address" export CXXFLAGS="-g -O0 -lpthread -fsanitize=address" export LDFLAGS="-fsanitize=address" ./autogen.sh ./configure --disable-shared make POC ./chafa POC POC ASAN...

7AI score
Exploits0References1
Huntr
Huntr
added 2022/05/24 11:42 a.m.13 views

SQL Injection

Description A SQL Injection in rqlite store Proof of Concept use example code go package main import "io" "log" "net/http" "github.com/alexedwards/scs/rqlitestore" "github.com/alexedwards/scs/v2" "github.com/rqlite/gorqlite" var sessionManager scs.SessionManager func main // Establish connection ...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/05/22 7:58 p.m.13 views

Subdomain Takeover of https://test.diagrams.net/

First of all, I apologize for reporting it here because I noticed that they have a program with huntr but only for DrawIO source code. Since I discovered this vulnerability I decided to ethically disclose it here instead of leaving it vulnerable. I found a subdomain of diagrams.net that was...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/05/11 8:50 p.m.13 views

Account Takeover

Description In this case i found that api endpoint Leaking password and username. Proof of Concept 1. An Admin add a new secretary with access to providers 2. Secretary send a post request to https://demo.easyappointments.org/index.php/backendapi/ajaxgetcalendarappointments endpoint 3. If selecte...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/05/07 8:17 p.m.13 views

Authenticated RCE through /admin/settings/email endpoint

Description Craftcms is vulnerable to Command Injection on the email settings, on the /admin/settings/email endpoint. An attacker can send a POST request with a specially crafted transportTypescraft\mail\transportadapters\Sendmailcommand= parameter to inject arbitrary commands that will be execut...

1AI score
Exploits0
Huntr
Huntr
added 2022/05/06 9:9 a.m.13 views

Html Injection

Description https://app.diagrams.net/ is vulnerable to html Injection by uploading a html file Proof of Concept 1. Goto https://app.diagrams.net/ and create a new html file with form field's and add this file in project 2. Now goto fileembedhtml and click on create after that click on preview pag...

7.5AI score
Exploits0
Huntr
Huntr
added 2022/05/04 2:20 p.m.13 views

Cross-site scripting - Stored via upload `.xsig` file

Description When user upload a file with .xsig extension and direct access this file, the server response with Content-type: text/html lead to processing XSIG as HTML file. Proof of Concept POST /facturascripts/EditAttachedFile?code=1&action=save-ok HTTP/1.1 Host: localhost User-Agent: Mozilla/5....

6.9AI score
Exploits0References1
Huntr
Huntr
added 2022/05/02 5:15 a.m.13 views

Improper handling of large integer values

Description In create Fee function, improper handling of large integer values in mount field value. Proof of Concept POST /demonstration/Modules.php?modname=StudentBilling/StudentFees.php HTTP/1.1 Host: www.rosariosis.org Cookie: RosarioSIS=kja39eaq6q73envhk6eo8300vgumn2612c5huvue08vgh66faog1...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2022/04/28 9:10 a.m.13 views

Improper Access Control (IDOR)

Description Improper Access Control IDOR could leak admin information. Proof of Concept 1.Login as admin, edit a role to give permission show a user information - save 2.Login as an user with that role - go to url http://my.facturascripts.site/EditUser?code=admin&action=export&option=PDF - Can se...

Exploits0
Huntr
Huntr
added 2022/04/20 10:40 a.m.13 views

Windows-Specific Relative Path Traversal vulnerability in StaticDir server

Description The fix released in version 0.19.1 does not completely fix the relative path traversal vulnerability on Windows hosts. An attacker can access files outside of the configured directory root. This is due to Windows supporting the \ character as a path separator. Proof of Concept With a...

2.1AI score
Exploits0References1
Huntr
Huntr
added 2022/04/15 4:51 a.m.13 views

Unrestricted Image Upload

Description When testing file upload function in Organizr 2.1.1830, there are improvement on image upload features in Image Manager. But user can bypass it by identify double extension file type method Proof of Concept 1 Login and go to Settings - Image Manager 2 Upload file with double extension...

1.3AI score
Exploits0
Huntr
Huntr
added 2022/04/13 3:57 p.m.13 views

DoS due to unrestricted hashing

Description The application accepts strings of any size as passwords and processes hashes the string to check in the database if the user exists, for example upon login. Being the hashing process resource-intensive, it can be possible to cause Denial of Service without particular processing power...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/03/19 4:25 a.m.13 views

Multiple Idor

Description There are multiple idors i found. In bookmarks//edit, bookmarks//remove, bookmarks//archive, bookmarks//unarchive. It gets the object provided in the bookmarkid without checking if the owner of the object is the current user. Proof of Concept 1. Go to...

1.1AI score
Exploits0
Huntr
Huntr
added 2022/03/14 4:23 p.m.13 views

The microweber application allows large characters to insert in the input field "Leave comment" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in microweber/microweber

Proof of Concept 1. Go to http://site/admin/view:content/action:posts 2. Create a page and enable to add comment option 3. Go to that page and there will a option called "Leave a comment" 4. Copy the below payload and put it in the "Leave a comment" field post a comment 5. Go to...

2.3AI score
Exploits0
Huntr
Huntr
added 2022/02/21 12:52 a.m.13 views

Multiple Open Redirect

Description In the /user/login endpoint, it doesnt check the value of the next parameter when the user is logged in and pass it directly to redirect which result to open redirect. The bug also exist in /user/logout, /user/register, /user/login, /user/resend-activation. Proof of Concept 1. Go to...

5.8CVSS5.2AI score0.0262EPSS
Exploits1
Huntr
Huntr
added 2022/02/19 12:47 p.m.13 views

Uncaught Exception

Description The application is not able to handle errors, leading to expose of internal files paths. Vulnerable POC Url: https://demo.microweber.org/demo/api/saveedit Vulnerable Endpoint: demo/api/saveedit Vulnerable Parameter: database64= Request Method: POST Proof of Concept 1. Send a POST...

Exploits0
Huntr
Huntr
added 2022/02/17 5:42 a.m.13 views

Improper Privilege Management in rhizome-conifer/conifer

Description In admincontroller.py file, all APIs will perform user permission checks using adminview function to avoid access from low-level users. However, this does not apply to API /api/v1/admin/defaults. Anonymous users can change maxsize configuration which prevents other users from creating...

1.3AI score
Exploits0
Huntr
Huntr
added 2022/02/14 7:39 a.m.13 views

in mruby/mruby

Description Using out of range pointer occurs in entrydeletedp. commit : ad3ce7b41c4375f818d02a24e6a09cbc790048c9 Proof of Concept $ echo -ne "MC5TJDAsKir9PTAsdjowLHY6MA==" | base64 -d poc ASAN $ ./bin/mruby.asan poc AddressSanitizer:DEADLYSIGNAL...

4.3CVSS2.8AI score0.00914EPSS
Exploits1
Huntr
Huntr
added 2022/01/28 9:16 a.m.13 views

Business Logic Errors in dolibarr/dolibarr

Description Dolibarr is vulnerable to Business Logic Errors in the Weight, Length x Width x Height, Area, Volume fields of a Product since these values can be negative numbers. Proof of Concept 1.After login, in the top menu bar, click Products 2.In the left menu bar, click List to view the list ...

4CVSS1.1AI score0.00914EPSS
Exploits1
Huntr
Huntr
added 2022/01/12 7:46 p.m.13 views

Cross-site Scripting (XSS) - Stored in mautic/mautic

Description When installing Mautic both via UI or CLI the first and last name of the admin account are not sanitised before being stored in the database. This results in a possible stored XSS possibility, as those fields are displayed and re-used without any sanitisation. During install the raw...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/01/12 5:25 a.m.13 views

Exposure of Sensitive Information to an Unauthorized Actor in sscarduzio/elasticsearch-readonlyrest-plugin

Description elasticsearch-readonlyrest-plugin is using TLS. There are many serious vulnerabilities in early TLS that left unaddressed put organizations at risk of being breached. The widespread POODLE and BEAST exploits are just a couple of examples of how attackers have taken advantage of...

1.2AI score
Exploits0References1
Huntr
Huntr
added 2022/01/10 8:37 p.m.13 views

in ionicabizau/parse-url

Description urldomain validation bypass Proof of Concept parse-url not able verify urldomain properly when basic authentication is given .This allow to bypass hostname validation . Lets username is admin and password is password123@ and hostname is 127.0.0.1 . so the url will be...

7.5AI score
Exploits0
Huntr
Huntr
added 2022/01/02 5:38 p.m.13 views

Cross-Site Request Forgery (CSRF) in gunet/openeclass

Description No CSRF is provided when deleting messages. Proof of Concept The attacker could delete a specific message as they are generated consecutively and brute forcing it. history.pushState'', '', '/' or the could just delete all the messages: history.pushState'', '', '/' Impact Combining thi...

2.8AI score
Exploits0
Huntr
Huntr
added 2021/12/31 7:54 p.m.13 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description When editing your profile, you can create social media links. However, the stored XSS vulnerability using the autofocus and onfocus attributes occurs because the double-quote is not URL-encoded in the input value of the social media link. Proof of Concept txt 1. Open the...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/12/21 4:59 a.m.13 views

in gpac/gpac

Description A null pointer dereference was discovered in BDCheckSFTimeOffset. The vulnerability causes a segmentation fault and application crash. Version: ./MP4Box -version MP4Box - GPAC version 1.1.0-DEV-revUNKNOWNREV c 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Pleas...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/12/11 12:42 p.m.13 views

Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/12/11 9:46 a.m.13 views

in patrowl/patrowlmanager

Description Hi there, I would like to report a vulnerability in the way PatrowlManager handle upload files. This is in Finding - Import feature Proof of Concept 1. Install PatrowlManager on you local system 2. Go to Finding - Import and import a file 3. An import request look like this POST...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/12/08 10:18 a.m.13 views

Code Injection in quickbox/qb

Description While this is a theoretical finding the code seems to be vulnerable to Remote Code Execution Proof of Concept Description At line 406 you can see the following code: $process = $GET'serviceenable'; This means we can do /dashboard/inc/config.php?serviceenable=ourvalue Now between line...

1.9AI score
Exploits0References1
Huntr
Huntr
added 2021/12/08 4:18 a.m.13 views

Cross-site Scripting (XSS) - Stored in patrowl/patrowlmanager

Description PatrOwl is vulnerable to stored XSS in asset group name. The payload will be triggered when someone try to delete the asset group. Proof of Concept https://drive.google.com/file/d/1F7m9g7s6xp-L5QKy5ACOvndWAj8g20s/view?usp=sharing Impact This vulnerability permit to an authenticate use...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2021/12/05 8:0 a.m.13 views

Open Redirect in openwhyd/openwhyd

Description This vulnerability was discovered in Here by @mdakh404. However, it is not patched properly and I bypassed with a simple trick. diff r.html = mainTemplate.renderWhydPager; // call the adequate renderer - if r.redirect response.redirectr.redirect; + if r.redirect...

5.8CVSS6.3AI score0.00836EPSS
Exploits1
Huntr
Huntr
added 2021/12/02 8:49 a.m.13 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

4.3CVSS0.7AI score0.00427EPSS
Exploits1
Huntr
Huntr
added 2021/11/27 7:6 a.m.13 views

Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis

Description I found XSS in the file upload function of the message function. Proof of Concept Step 1.First, access the latest version of the demo environment. "Https://www.rosariosis.org/demonstration/index.php" 2.Then log in with your student account. Student: username and password “student“...

4.9CVSS5.7AI score0.00767EPSS
Exploits1References2
Huntr
Huntr
added 2021/11/15 6:30 p.m.13 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description More CSRFs, related to warnings feature this time 1: /warnings/id/deactivate 2: /warnings/username/mass-deactivate 3: /warnings/id/restore Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking users to deactivate / restore warnings...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/11/13 2:2 p.m.13 views

SQL Injection in glpi-project/glpi

Description A user with only the following rights on a sub-entity: - Setup General setup Read + Update - Administration Entity Read + Update is authorized to update "UI options" field from "UI customization" tab of an entity's configuration. This customization option is not correctly escaped,...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/11/06 4:14 p.m.13 views

Cross-Site Request Forgery (CSRF) in snipe/snipe-it

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/11/03 7:36 p.m.13 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept Step to Reproduce: 1 Go to http://demo.corebos.com/index.php?module=Users&action=DetailView&record=1&modechk=prefview 2 add the...

6.2AI score
Exploits0
Huntr
Huntr
added 2021/10/27 1:40 p.m.13 views

SQL Injection in eventum/eventum

Description Time-Based Blind SQL Injection in eventum 3.10.7 Proof of Concept // PoC.payload // Advanced Search // Parameter: sortby priority0=0&severity0=0&users0=0&category0=0&status0=0&release0=0&rows=5&sortby=prirank AND SELECT 2168 FROM...

0.9AI score
Exploits0References1
Huntr
Huntr
added 2021/10/26 2:0 a.m.13 views

in bookstackapp/bookstack

Description The image extension validation service for Base64 image extraction in new Bookstack version is flawed as it uses the vulnerable trim function. This allows attackers to upload malicious files with broken extension, such as pngr, and browsers will interpret broken extension hosted on th...

4CVSS1.3AI score0.00646EPSS
Exploits1
Huntr
Huntr
added 2021/10/16 7:19 p.m.13 views

in zmister2016/mrdoc

description Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in Mrdoc allows an attacker to reset arbitrary user‘s password 1、/admin/sendemailvcode/,check email & generate email & send mail def sendemailvcoderequest: if request.method == 'POST': email = request.POST.get'email',No...

Exploits0References2
Huntr
Huntr
added 2021/10/13 5:1 p.m.13 views

Code Injection in flatcore/flatcore-cms

Description Another code injection payload in linkname. Proof of Concept Insert into linkname $sleep 10 Go to http://FLATCORE-IP/flatCore-CMS/content/cache/cachelastedit.php and see that the page has stopped for 10 seconds. $ escapes the string, switches context to OS commands. Impact Blind RCE a...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/10/13 6:37 a.m.13 views

Cross-site Scripting (XSS) - Stored in jspark311/buriedunderthenoisefloor

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

4.9AI score
Exploits0References2
Huntr
Huntr
added 2021/10/05 4:7 p.m.13 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in vuestorefront/vue-storefront

✍️ Description The secure flag is not set for session cookie "vsf-commercetools-token" in the application. Proof of Concept Check this for POC: Image Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection,...

0.4AI score
Exploits0
Total number of security vulnerabilities4072