Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/05/16 12:53 p.m.40 views

Infinite recursive function calls result in stack overflow

Description When providing certain input, the program will enter an infinite loop where it continually calls: getexprregister - cmdlinehandlebackslashkey - getcmdline - getcmdlineint - cmdlinehandlebackslashkey - getexprregister - etc. GDB shell Thread debugging using libthreaddb enabled Using ho...

4.3CVSS0.5AI score0.01159EPSS
Exploits1
Huntr
Huntr
added 2022/04/06 3:10 p.m.40 views

FULL read SSRF

Description there is two bypass method for previous fixes of SSRF in gogs The first is to utilize SSRF attack with a DNS rebinding feature. The second is to use redirection to a localhost URL. Proof of Concept 1- go to the webhooks section and create a gogs webhook. 2- enter an URL that redirects...

4.3CVSS6.6AI score0.01193EPSS
Exploits1
Huntr
Huntr
added 2022/03/11 3:27 p.m.40 views

Remote Command Execution in uploading repository file

Description When uploading a file to the repository in Gogs, the treepath parameter is not been validated. The attacker can set treepath=/.git/ to upload file into the .git directory. Rewrite .git/config file and set core.sshCommand, which leads to remote command execution vulnerability. Proof of...

6.5CVSS0.5AI score0.65237EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/07 2:41 p.m.40 views

NULL Pointer Dereference

Description There is a NULL Pointer Dereference in mrbvmexec vm.c:1929. This bug has been found on mruby lastest commit hash c2f7ed514dfa0fcae2e7e72d51f25be3d3d6d72c on Ubuntu 20.04 for x8664/amd64. Proof of Concept 1- Clone repo and build with ASAN using MRUBYCONFIG=buildconfig/clang-asan.rb rak...

7.1CVSS0.3AI score0.00814EPSS
Exploits1
Huntr
Huntr
added 2022/02/17 8:30 p.m.40 views

Authorization Bypass Through User-Controlled Key

Description url-parse is unable to find the correct hostname when no port number is provided in the url. Payload: http://example.com: Proof of Concept javascript var Url = require'url-parse'; var PAYLOAD = "http://example.com:"; // Expected hostname: example.com // Actual hostname by url-parse:...

6.4CVSS0.01827EPSS
Exploits1
Huntr
Huntr
added 2022/01/16 8:0 p.m.40 views

Static Code Injection in playframework/play-samples

Description "play-samples" project uses the vulnerable log4j library 2.17.0. This can cause potential RCE vulnerability on the project. Vulnerability: CVE-2021-44832 Remote Code Execution. Another reference from Apache for CVE-2021-44832. You should upgrade the log4j library to latest version...

3.8AI score0.97906EPSS
Exploits9
Huntr
Huntr
added 2021/12/27 10:16 a.m.40 views

Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot

Steps To Reproduce: 1. 1. Navigate to the campaigns section 2. 2. Click on "Create a ongoing campaign" 3. 3. Fill title, message, inbox and URL 4. 4. Then click on "Create" and intercept it 5. 5. Change your url's value to javascript:alert1 for example "url" : "https://google.com" to "url" :...

4.3CVSS6AI score0.0085EPSS
Exploits1
Huntr
Huntr
added 2021/12/20 8:43 p.m.40 views

Command Injection in parse-community/parse-server

Description This is a Remote Code Execution vulnerability in the Parse Server. This vulnerability affects the Parse Server in the default configuration with MongoDB, probably a similar attack can affect the PostgreSQL storage as well. The main weakness that leads to RCE is the Prototype Pollution...

7.5CVSS0.2AI score0.49081EPSS
Exploits1References3
Huntr
Huntr
added 2021/11/02 2:6 a.m.40 views

OS Command Injection in ohmyzsh/ohmyzsh

Description In Oh My Zsh, there is a function called omzurldecode, which is used to decode URLs. Since this function is using eval with user inputs without any sanitization, it's possible to inject arbitrary commands into the eval context, which allows an attacker to achieve the command injection...

5.1CVSS0.4AI score0.00598EPSS
Exploits0
Huntr
Huntr
added 2021/10/07 6:16 p.m.40 views

Sensitive Cookie Without 'HttpOnly' Flag in pkp/ojs

✍️ Description HTTPOnly attribute is not set for session cookies "OJSSID" in the application. Proof of Concept Check this for POC: Image Impact When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/09/10 8:8 a.m.40 views

in hestiacp/hestiacp

✍️ Description $SESSION"token" is a csrf token which is a md5 hash generated based on system time. It has been discovered that $SESSION"token" compares with $GET"token" using comparison operator != in file index.php. This might cause unexpected behavior due to type juggling. It is possible to...

7.5CVSS0.7AI score0.01111EPSS
Exploits1References1
Huntr
Huntr
added 2021/09/01 12:18 p.m.40 views

Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack

✍️ Description There is html tag filtration problem in "book page" egit leading to stored XSS. By design "bad" tags and attributes stripped on client side when editing pageobvious bypass by editing request intercepted via burp and on server side addition filter applied, however this filter can be...

3.5CVSS5.5AI score0.0058EPSS
Exploits1
Huntr
Huntr
added 2021/03/17 10:59 a.m.40 views

Prototype Pollution in automattic/mongoose

✍️ Description Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Mongoose supports both promises and callbacks. mongoose.Schema is subject to prototype pollution due to the recursively calling of Schema.prototype.add function to add new items into the...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/02/06 12:0 a.m.40 views

Cross-site Scripting (XSS) - Generic in ciur/papermerge

:book: Description Papermerge is an open source document management system DMS primarily designed for archiving and retrieving your digital documents. Instead of having piles of paper documents all over your desk, office or drawers - you can quickly scan them and configure your scanner to directl...

4.3CVSS6.2AI score0.01527EPSS
Exploits0
Huntr
Huntr
added 2020/10/15 12:0 a.m.40 views

Prototype Pollution in yargs/y18n

Description y18n is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js const y18n = require'y18n'; var obj = console.log"Before : " +...

7.5CVSS1.8AI score0.69062EPSS
Exploits1
Huntr
Huntr
added 2023/09/24 1:24 p.m.39 views

No rate limit on sending magic link to sign-in

Description It was observed that rate limit is not being implemented on sending magic link , which allows an attacker to spam the victims mailbox. Affected URL : https://app.vrite.io/api/v1/auth.sendMagicLink?batch=1 Proof of Concept 1. Visit - https://app.vrite.io/auth 2. select option "continue...

4CVSS6.9AI score0.00544EPSS
Exploits1
Huntr
Huntr
added 2023/03/01 1:52 a.m.39 views

heap-buffer-overflow in utf_ptr2char

Description Heap-buffer-overflow in utfptr2char at mbyte.c:1825. vim version git log commit f0300fc7b81e63c2584dc3a763dedea4184d17e5 grafted, HEAD - master, tag: v9.0.1365, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S poc8hbo.dat -c :qa...

4.4CVSS6.9AI score0.00483EPSS
Exploits1
Huntr
Huntr
added 2023/02/19 1:5 p.m.39 views

Authentication Bypass for users with MD5 password hash

Setup - OS: Ubuntu 22.04.2 LTS - Froxlor: 2.0.12 - PHP: 8.1.2 Description Froxlor still supports logins for passwords that are stored as MD5 hash in the database. The hash comparison is done with "==" instead of "===" which causes a type confusion vulnerability in PHP. For some MD5 hashes it is...

7.5CVSS9AI score0.01073EPSS
Exploits1References4
Huntr
Huntr
added 2023/01/19 8:12 a.m.39 views

File Upload Type Validation Error

Description The application does not properly validate the file type or extension during the upload process, allowing any authenticated user to bypass it . StepsTOReproduce - Navigate to this URL:https://demo.bumsys.org/settings/shop-list/ - Click on action button to edit the Profile - Click on...

6.5CVSS8.6AI score0.05748EPSS
Exploits5References1
Huntr
Huntr
added 2022/09/06 10:15 p.m.39 views

XSS at app.diagrams.net

Description The application allows the "use" tag to pass on dompurify, which leads to XSS. A strange behaviour bypasses the csp on app.diagrams.net when it has a "?" before the "U" import. Proof of Concept POC diagram: use...

5.8CVSS5.7AI score0.00518EPSS
Exploits1References1
Huntr
Huntr
added 2022/07/06 4:38 p.m.39 views

Heap-based buffer overflow in function ins_compl_add

Description Heap-based buffer overflow in function inscompladd at insexpand.c:751 Version commit b8329db36a886355e6e9cb9986a3668fef78c438 HEAD - master, tag: v9.0.0044 Proof of Concept guest@elk:/trung$ valgrind ./vimlatest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc42min -c :qa!...

6.8CVSS0.01225EPSS
Exploits1
Huntr
Huntr
added 2022/06/28 7:1 a.m.39 views

Multiple Reflected XSS Vulnerabilities in error handlers

Description Multiple routing error handlers are vulnerable to reflected XSS. Proof of Concept Deploy trilium server and access to these endpoint will execute the alert js function. http://localhost:8080/custom/%3Cscript%3Ealert1%3C/script%3E...

4.3CVSS1.3AI score0.03096EPSS
Exploits1
Huntr
Huntr
added 2022/05/24 2:0 p.m.39 views

Session tokens are not invalidated on logout

Description The session cookie is not invalidated on logout so, it can be used after logout as well. Proof of Concept Login to the Nakama console. Intercept the request. Below is a sample request: http GET /v2/console/user HTTP/1.1 Host: localhost:7351 Accept: application/json, text/plain, /...

5CVSS0.1AI score0.00818EPSS
Exploits1
Huntr
Huntr
added 2022/05/19 8:10 p.m.39 views

SQL injetction

Description SQL injection exists in the camptocamp/terraboard. Among all APIs there is an API routed to /api/search/attribute, whose corresponding method is api.SearchAttribute. In the api.SearchAttribute method, the program takes the request parameters and passes them into the db.SearchAttribute...

6.5CVSS0.1AI score0.0642EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/16 1:43 p.m.39 views

Out-of-bounds write in function vim_regsub_both

Description Out-of-bounds write in function vimregsubboth at regexp.c:1954 vim version git log commit 5a8fad32ea9c075f045b37d6c7739891d458f82b HEAD - master, tag: v8.2.4962, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pocobws.dat -c :qa!...

4.6CVSS7.5AI score0.00489EPSS
Exploits1
Huntr
Huntr
added 2022/04/28 10:33 a.m.39 views

Cross-site Scripting (XSS)

Proof of Concept Steps to reproduce: Naviagate the below URL URL: https://demo.contao.org/contao/" Here Some Image POC Attached...

4.3CVSS0.2AI score0.03795EPSS
Exploits0
Huntr
Huntr
added 2022/04/11 8:0 p.m.39 views

stored xss due to unsantized anchor url

BUG ====== stored xss due to unsantized anchor url SUMMURY ========= using fullpage.js you can create a anchor tag . But when put href in anchor then it does not sanitize the url which allow to break context of anchor element and can add our new element . I see main javascript or other javascript...

3.5CVSS5.9AI score0.00812EPSS
Exploits1
Huntr
Huntr
added 2022/04/06 12:1 a.m.39 views

XSS vulnerability with default `onCellHtmlData` function

Description If you can jam some nasty code into a table-cell, you can force this script to perform arbitrary javascript when someone tries to export the table using this library. An example used against us was: " It looks like, if you don't specify an onCellHtmlData function, the default one is...

3.5CVSS5.9AI score0.00723EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/04 1:14 a.m.39 views

SSRF filter bypass port 80, 433

Description To exploit vulnerability, someone must pass a "base" parameters with a url multi-port to bypass filter check. Proof of Concept GET /index.php/cobrowse/proxycss/1?base=http://evil:8888:80/&css=index.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:99...

5.5CVSS0.6AI score0.00571EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/24 5:31 p.m.39 views

Improper Authorization

Description A low-privilege user I tested it with Editor priv user can create any role in the application. Proof of Concept Make a POST request to /Admin/Roles/Create using low-priv user's cookie and RequestVerificationToken A new role will be created with the specified name. Impact A low-priv us...

4CVSS1.7AI score0.00728EPSS
Exploits1
Huntr
Huntr
added 2022/02/12 5:7 p.m.39 views

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

Description The Authorization header leaks from same hostname https-http redirect. If https://example.com redirects to http://example.com, then an attacker who can listen in on the wire or perform a MITM attack will be able to receive the Authorization header due to the use of the insecure HTTP...

6.7AI score0.07443EPSS
Exploits2References1
Huntr
Huntr
added 2022/01/24 10:8 a.m.39 views

Heap-based Buffer Overflow in vim/vim

Description 2 Heap-buffer-overflow on write in vim 1 Heap-buffer-overflow on read in vim Heap-buffer-overflow on write in vim 1 Proof of Concept Steps to reproduce: echo -n cmV0ODAwCnMvXHYvCQpzZSBhaQpzaWwwbm9ybTppDQ== | base64 -d heapowpoc1 vim -u NONE -i NONE -n -X -Z -e -m -s -S heapowpoc1 -c...

6.8CVSS8.3AI score0.01339EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/24 7:55 a.m.39 views

Improper Authentication in liukuo362573/yishaadmin

Description Hi, I would like to report an improper authentication vulnerability in https://www.github.com/liukuo362573/yishaadmin. Endpoint "/admin/OrganizationManage/User/ExportUserJson" does not require any authentication and return xls file contain users data like username, fullname, email,...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/01/11 7:9 p.m.39 views

in log4js-node/log4js-node

BUG ======== any unprivileged user can see log file and sensitive information disclosed SUMMURY ============ log4js create log file to store the log . Log may contain many sentsitive information like username,password,token,api-key etc .\ So, this log file should not accessed by other user .\ But...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/01/08 3:24 p.m.39 views

Heap-based Buffer Overflow in vim/vim

Description Heap-buffer-overflow in vim Command ./vim -u NONE -X -Z -e -s -S minpoc -c :qa! Proof of Concept minpoc is here. bt Program received signal SIGABRT, Aborted. GIraise sig=sig@entry=6 at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or...

6.8CVSS1.2AI score0.01687EPSS
Exploits1
Huntr
Huntr
added 2021/10/24 11:10 p.m.39 views

Heap-based Buffer Overflow in vim/vim

Description Greetings, A Heap-based Buffer Overflow issue was discovered in Vim. The POC file is reduced to the absolute minimum to reproduce the problem. Please see sanitizer output and the "trimmed" POC file link below. System info OS version : Ubuntu 20.04.2 LTS + Clang 12 with ASan Vim Versio...

4.6CVSS7.5AI score0.00601EPSS
Exploits1References1
Huntr
Huntr
added 2021/08/23 11:12 a.m.39 views

Code Injection in namelessmc/nameless

✍️ Description Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. This type of attack exploits poor handling of untrusted data. These types of attacks are usually made possible due to a lack of proper...

1.3AI score
Exploits0References2
Huntr
Huntr
added 2021/08/17 7:9 a.m.39 views

Server-Side Request Forgery (SSRF) in apostrophecms/apostrophe

✍️ Description Rendering Of SVG file causes SSRF 🕵️‍♂️ Proof of Concept /image.jpeg" / upload the svg file with the payload mentioned above change server name and preview it. then check the server for incoming request. 💥 Impact SSRF basic attack - host redirect , further researches of this attack...

1AI score
Exploits0
Huntr
Huntr
added 2021/02/12 12:0 a.m.39 views

Command Injection in sebhildebrandt/systeminformation

Description systeminformation is vulnerable to Command Injection vulnerability. It is possible to send an array containing OS commands, which bypass the filters. Proof of Concept 1. Create a Javascript file with the content below: javascript const si = require'systeminformation'; const command =...

7.5CVSS2AI score0.01854EPSS
Exploits0
Huntr
Huntr
added 2021/01/10 12:0 a.m.39 views

Prototype Pollution in lukeed/dset

Description dset is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var dset = require"dset" var obj = console.log"Before : " + .polluted; dsetobj, 'proto.polluted', 'Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute the following...

7.5CVSS1.8AI score0.02944EPSS
Exploits1
Huntr
Huntr
added 2021/01/06 12:0 a.m.39 views

Prototype Pollution in robinvdvleuten/shvl

Description shvl is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Sensitive Information Disclosure/Denial of ServiceDoS/Remote Code Execution. Proof of...

7.5CVSS1.6AI score0.02944EPSS
Exploits1
Huntr
Huntr
added 2020/06/01 12:0 a.m.39 views

Denial of Service in manolo/gwtupload

Overview com.googlecode.gwtupload:gwtupload is a library for uploading files to web servers, showing a progress bar with real information about the process file size, bytes transferred, etc. Affected versions of this package are vulnerable to Denial of Service DoS. server/UploadServlet.java the...

5CVSS1.9AI score0.01614EPSS
Exploits1References2
Huntr
Huntr
added 2020/02/21 12:0 a.m.39 views

Code Injection in commenthol/safer-eval

Overview safer-eval is a safer approach for eval in node and browser. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError: Maximum call stack size exceeded. Proof of Concept Credit: Jonathan Leitschuh js const theFunction = function const f =...

7.5CVSS1.5AI score0.02574EPSS
Exploits1References3
Huntr
Huntr
added 2026/02/10 7:2 p.m.38 views

Arbitrary File Read via Prompt Tag Source Validation Bypass in CreateModelVersion

The createmodelversion handler in mlflow/server/handlers.py uses a client-controlled tag to decide whether to skip source path validation. When a CreateModelVersion request includes the tag mlflow.prompt.isprompt, the helper ispromptrequest returns True, and the entire source validation block...

7.5CVSS7.3AI score0.00696EPSS
Exploits1
Huntr
Huntr
added 2023/08/17 7:46 a.m.38 views

Heap-use-after-free in function buflist_altfpos in vim

Description Heap-use-after-free in function buflistaltfpos at buffer.c:3703 Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochuaf -c :qa! ==1404==ERROR: AddressSanitizer: heap-use-after-free on address 0x625000011940 at pc 0x0000004a4dbe bp 0x7ffc6204d090 sp 0x7ffc6204d080 READ of...

4.4CVSS7.1AI score0.00537EPSS
Exploits1
Huntr
Huntr
added 2023/04/27 7:52 a.m.38 views

RCE in developer mode

Description Nuxt contains a test-component-wrapper component. This is used to mount a single component for testing. This component has a dynamic import function which accepts arbitrary user input on the server side. This pattern will almost always lead to an RCE bug. Requirements & Notes The serv...

7.5CVSS6.9AI score0.58648EPSS
Exploits2References2
Huntr
Huntr
added 2023/04/19 4:48 p.m.38 views

XSS in Seo & Settings tab of Documents in pimcore/pimcore

Description pimcore is vulnerable to XSS at Title field in SEO & Settings tab of Document. Proof of Concept 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In Documents, go to home - click on SEO & Settings icon to go to this tab. 3.In the SEO & Setting tab, input the payload " into the Titl...

4.9CVSS6.3AI score0.00479EPSS
Exploits1
Huntr
Huntr
added 2023/01/29 2:39 a.m.38 views

Incorrect Calculation of Buffer Size in function yank_copy_line

Description Incorrect Calculation of Buffer Size in function yankcopyline at register.c:1468 vim version git log commit 657aea7fc47fb919ce76fad64ba0ec55a1af80f1 HEAD - master, tag: v9.0.1249, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocnsp01s.dat -c :qa!...

4.4CVSS6.9AI score0.00438EPSS
Exploits1
Huntr
Huntr
added 2022/08/28 2:15 p.m.38 views

Use After Free in Function qf_buf_add_line( )

Description Hello there! How are you doing? I just used the PoC of this previous report as a valid input for fuzzing, and ended up finding what it seems to be a new case of Use After Free, with a slightly different input. The last commit in which I tested it was...

4.4CVSS7.6AI score0.00498EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 8:50 a.m.38 views

Stack-based Buffer Overflow in function spell_dump_compl

Description Stack-based Buffer Overflow in function spelldumpcompl at spell.c:4038 vim version git log commit 75417d960bd17a5b701cfb625b8864dacaf0cc39 HEAD - master, tag: v9.0.0001, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocsbo1s.dat -c :qa!...

6.8CVSS7.8AI score0.01408EPSS
Exploits1
Total number of security vulnerabilities4072