Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/09/29 1:17 a.m.12 views

Exposure of Sensitive Information to an Unauthorized Actor in blair2004/nexopos-4x

Description Unhandled exception leads to exposure of server side and sql query information. Proof of Concept 1. Go to demo page http://v4.nexopos.com and login using demo account 2. Go to Customer - Create coupon and try to create a coupon without entering coupon code leave it empty 3. See that t...

7.3AI score
Exploits0
Huntr
Huntr
added 2021/09/28 1:38 p.m.12 views

Open Redirect in fisharebest/webtrees

Description OpenRedirect at login with parameter &url= Proof of Concept // PoC.request POST /demo-stable/index.php?route=%2Fdemo-stable%2Flogin%2Fdemo HTTP/2 Host: dev.webtrees.net Cookie: Secure-WT-ID=ekks8678620p55do7do21jd4p1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...

Exploits0
Huntr
Huntr
added 2021/09/27 7:39 a.m.12 views

in kcal-app/kcal

Description Sensitive Data can be exposed even after logouting the application due to ui wrong action Proof of Concept 1 login to the application dashboard http://demo.kcal.cooking/ 2 Goto Any pages recipes,foods 3 Click logout 4 Click browser back button Application structure exposed we can stil...

Exploits0
Huntr
Huntr
added 2021/09/26 6:2 p.m.12 views

in kcal-app/kcal

Description Weak password implementation Proof of Concept step 1: login into account goto http://demo.kcal.cooking/users/kcal/edit step 2: change password kcal to 12 and save changes step 3: we can see updated message application is allowing to set weak password. poc of image in below link...

7AI score
Exploits0References1
Huntr
Huntr
added 2021/09/25 6:55 p.m.12 views

Cross-Site Request Forgery (CSRF) in galette/galette

Description Attacker is able to execute an CSRF attack when a user visits a malicious page Proof of Concept // PoC.html history.pushState'', '', '/' Impact This vulnerability is capable of allowing an attacker to submit CSRF through a crafted malicious page...

3.1AI score
Exploits0References1
Huntr
Huntr
added 2021/09/25 1:59 p.m.12 views

Cross-Site Request Forgery (CSRF) in attendize/attendize

Description Attacker is able to make an event live. Proof of Concept When you logged in open this POC.html in a browser. history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging user to unintentional mark an event live. Test Tested on Safari. Fix You...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/09/24 6:0 p.m.12 views

Cross-site Scripting (XSS) - Stored in collectiveaccess/providence

Description stored xss via event name Proof of Concept Plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1iMDosuZYYmFyJEVxXo7KB09TghKPs-7/view?usp=sharing \ Here i uses bellow xss payload xss2"'onmouseover=prompt;// Impact Stored xss...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/09/23 5:21 p.m.12 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description Attacker is able to change a torrents featured state to un-featured if a logged in user visits attacker website. Proof of Concept When you logged in open this POC.html in a browser. You can check the torrents state changed to un-featured. history.pushState'', '', '/'...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/09/23 3:19 p.m.12 views

Inefficient Regular Expression Complexity in trentm/python-markdown2

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in markdown2. The ReDoS vulnerability is mainly due to the sub-pattern with quantified overlapping adjacency and can be exploited with the following code. Proof of Concept // PoC.py import markdown2 from...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/09/22 3:8 p.m.12 views

Inefficient Regular Expression Complexity in cronvel/terminal-kit

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in terminal-kit. It allows cause a denial of service when calling function markupWidth. The ReDoS vulnerability is mainly due to the regex /^^|^./g and can be exploited with the following code. Proof...

2AI score
Exploits0
Huntr
Huntr
added 2021/09/22 6:58 a.m.12 views

Cross-site Scripting (XSS) - Stored in unclebob/fitnesse

Description Stored XSS in FileName allows for arbitrary execution of JavaScript Proof of Concept // PoC Request POST /files/ HTTP/1.1 Host: localhost:8081 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/09/19 2:50 p.m.12 views

Cross-site Scripting (XSS) - Stored in causefx/organizr

Description When creating a new Tab, the name of the tab can store JavaScript. This also happens, when editing the name of an existing Tab. - I tested it with docker image for Organizr hash 7fb764ccd226. organizr/organizr latest 7fb764ccd226 4 weeks ago 73.3MB - Branch is v2-master. Proof of...

7.1AI score
Exploits0
Huntr
Huntr
added 2021/09/18 8:44 p.m.12 views

Cross-site Scripting (XSS) - Reflected in zikula/core

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC.js POST /categories/admin/category/contextMenu HTTP/2 Host: demo.ziku.la Cookie: zsid=a9b37grip4in2kp0j6kaugdvrh...

5.4AI score
Exploits0
Huntr
Huntr
added 2021/09/16 7:36 p.m.12 views

Stack-based Buffer Overflow in gwsw/less

Description The less utility is a pager used by many applications and setups. One such setup is access to log files. If permissions are not sufficient for regular users, less can be called with sudo. LESSSECURE=1 can be set to disable many dangerous operations which a regular user should not be...

1.5AI score
Exploits0References1
Huntr
Huntr
added 2021/09/14 5:20 a.m.12 views

Cross-site Scripting (XSS) - Stored in dmpop/mejiro

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.3AI score
Exploits0References2
Huntr
Huntr
added 2021/09/13 8:19 a.m.12 views

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in tildeclub/site

✍️ Description The file signup-handler.php creates a user by accepting input from request parameters username, email, interest, sshkey. The affected parameter is sshkey. It does not sanitizes special characters and only checks if the first 4 character of the input is ssh- which allows the signup...

2.4AI score
Exploits0
Huntr
Huntr
added 2021/09/12 11:23 p.m.12 views

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

✍️ Description Attacker able to Add any number of subscriber with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/09/10 1:26 p.m.12 views

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Hello dear glpi team I found one more CSRF vulnerability. 🕵️‍♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here pdf plugin will be installed after clicking on submit...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/09/09 7:58 a.m.12 views

Cross-site Scripting (XSS) - Reflected in vfleaking/uoj

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.2AI score
Exploits0References1
Huntr
Huntr
added 2021/09/07 4:54 a.m.12 views

Cross-site Scripting (XSS) - Reflected in th3-822/rapidleech

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.4AI score
Exploits0References1
Huntr
Huntr
added 2021/09/07 12:29 a.m.12 views

Cross-site Scripting (XSS) - Reflected in cujanovic/ssrf-testing

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2AI score
Exploits0References1
Huntr
Huntr
added 2021/09/02 9:56 a.m.12 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description A malicious actor is able to add "new Retrospective" with a malicious payload, and upon opening the research menu, the XSS payload is being executed. 🕵️‍♂️ Proof of Concept - 1; Log in with a proper roled user - 2; Add a new board to the system at Retrospective menu on the left - 3;...

2.2AI score
Exploits0
Huntr
Huntr
added 2021/09/02 8:38 a.m.12 views

in apolloconfig/apollo

✍️ Description The Application does not have control set in password complexity. It is possible to add a user with a single character password in the application. 🕵️‍♂️ Proof of Concept Adding the user. POST /users HTTP/1.1 Host: xxx.xxx.xxx.xxx Content-Length: 63 Accept: application/json,...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2021/09/02 3:8 a.m.12 views

Sensitive Cookie Without 'HttpOnly' Flag in flatpressblog/flatpress

✍️ Description HTTPOnly attribute is not set for session cookies in the application. 🕵️‍♂️ Proof of Concept 💥 Impact When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session cookies that can...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2021/09/01 10:19 a.m.12 views

Forced Browsing in slackero/phpwcms

✍️ Description Image cache can be flushed by any authenticated, low privileged user. 🕵️‍♂️ Proof of Concept - Register a low privileged user without any administrator access. - Log in with the low privileged user - Open the following URL:...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/08/29 3:54 p.m.12 views

Cross-site Scripting (XSS) - Generic in forkcms/library

✍️ Description Please enter a description of the vulnerability. XSS is possible when the option allowHTML was set to true for text inputs and textfields 🕵️‍♂️ Proof of Concept http://demo.fork-cms.com/en/search?form=search&qwidget=%22%3E%3Csvg/onload=alertdocument.domain%3E 💥 Impact XSS attacks can...

7AI score
Exploits0
Huntr
Huntr
added 2021/08/29 2:39 p.m.12 views

Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc

✍️ Description Stored xss bug allow to execute arbitary javascript code in vicitm account 🕵️‍♂️ Proof of Concept 1. First create a document and put bellow xss payload inside document content .\ xss"''\ 2. Now any user view this document project then xss is executed VIDEO POC --...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/08/26 2:25 a.m.12 views

in opensourcepos/opensourcepos

✍️ Description The giftcards/view/ POST request can be hijacked so that the information will be sent to another page, by modifying the login page URL. 🕵️‍♂️ Proof of Concept Change the login page URL to https://mydomain.com/giftcards/view/anotherpagehere Then the form action in the webpage will be...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/08/25 12:53 p.m.12 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in froxlor/froxlor

✍️ Description The secure flag is not set for PHPSESSID session cookie in the application. 🕵️‍♂️ Proof of Concept 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2021/08/24 10:31 p.m.12 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

✍️ Description Attacker able to disable any module with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/08/24 8:48 p.m.12 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

✍️ Description Stored xss via rolename 🕵️‍♂️ Proof of Concept 1. First goto https://demo.livehelperchat.com/siteadmin/permission/roles and create a role with xss payload xss"'' and save it .\ 2. now try to edit this role using url like...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/08/24 6:35 p.m.12 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

✍️ Description Stored Xss on smtp/Sender address 🕵️‍♂️ Proof of Concept Step To Reproduce: 1. Go to system/smtp 2. add the payload: " on "Sender address" or "Default from e-mail address" or "Default from name" all the 3 params are vulnerable to xss 3. save it and you can see that the xss fires poc...

7.1AI score
Exploits0References2
Huntr
Huntr
added 2021/08/23 11:31 a.m.12 views

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

5.4AI score
Exploits0References2
Huntr
Huntr
added 2021/08/17 5:54 p.m.12 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description Stored xss bug using a xss payload in the Ideas area when adding a comment in the discussion area 🕵️‍♂️ Proof of Concept Goto http://localhost/ideas/showBoards and click on add an idea and copy paste the following xss payload in the discussion field javascript " Click on safe and see...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/08/06 10:4 a.m.12 views

in ampache/ampache

Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/08/01 3:16 p.m.12 views

in erudika/scoold

✍️ Description Bypass rate limit and sent unlimited email to any email address. 💥 Impact Attacker can sent unlimited email to any mail address . Many email service provider has limited email sending like 10000 email per month . If you exeed that limit then you will be extra charged . So, using thi...

7.2AI score
Exploits0
Huntr
Huntr
added 2021/07/31 9:51 p.m.12 views

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to disable any Personal Data module if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that Personal data module with id value equal to 1 have been disabled. // PoC.html history.pushState'', '', '/'...

3AI score
Exploits0
Huntr
Huntr
added 2021/07/31 9:32 p.m.12 views

Open Redirect in erudika/scoold

✍️ Description There is an open redirect vulnerability in the following URL: https://live.scoold.com/signin?returnto=https://google.com 🕵️‍♂️ Proof of Concept Step to reproduce 1. open above URL 2. login in the applicaiton 3. you redirect to google.com 💥 Impact That causes a redirection to an...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2021/07/29 1:35 p.m.12 views

Session Fixation in projectsend/projectsend

✍️ Description Project Send contains a Session Fixation Vulnerability. This vulnerability is one that can allow an attacker to fixate find or set another person’s session identifier. This most commonly happens when session tokens are now refreshed or renewed when they should be. It looks like the...

0.9AI score
Exploits0References1
Huntr
Huntr
added 2021/07/28 8:40 p.m.12 views

Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1AI score
Exploits0
Huntr
Huntr
added 2021/07/26 6:33 p.m.12 views

Cross-Site Request Forgery (CSRF) in changeweb/unifiedtransform

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/07/24 5:33 p.m.12 views

Business Logic Errors in pimcore/pimcore

✍️ Description Pimcore is vulnerable to Business Logic error through negative products amount. 🕵️‍♂️ Proof of Concept HTML content: HTML 1. Save the above content into an HTML file. 2. Open the HTML file on the browser and click on Submit button. 3. Check out the total price. PoC video. 💥 Impact It...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/07/23 2:55 p.m.12 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug to watch a game 🕵️‍♂️ Proof of Concept no csrf token checking during watch game.\ Bellow request is vulnerable to csrf attack POST /redirect.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0 Accept:...

Exploits0
Huntr
Huntr
added 2021/07/23 1:32 p.m.12 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug when disabling notice 🕵️‍♂️ Proof of Concept no csrf token checking during enable/desable notice .\ Bellow request is vulnerable to csrf attack POST /index.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/07/23 8:59 a.m.12 views

Code Injection in causefx/organizr

✍️ Description The "version": "v6.4.1", is vulnerable to code injection, Affected versions of this package are vulnerable to Arbitrary Code Execution. If the $langpath parameter is passed unfiltered from user input, it can be set to a UNC path, and if an attacker is also able to persuade the serve...

4AI score0.02803EPSS
Exploits0References1
Huntr
Huntr
added 2021/07/21 8:36 a.m.12 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In Bank section the POS part, you don't protect resources from delete with CSRF attacks and then I able to delete/close arbitrary POS cash desk control entities only with knowing their ids. 🕵️‍♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This vulnerability is...

3.1AI score
Exploits0
Huntr
Huntr
added 2021/07/18 10:45 a.m.12 views

Cross-Site Request Forgery (CSRF) in spiral-project/ihatemoney

✍️ Description CSRF bug to delete project 🕵️‍♂️ Proof of Concept 1. goto https://ihatemoney.org/ and create a new project and project-name is XXXX .\ Now bellow request is vulnerable to csrf attack which will delete the whole project \ https://ihatemoney.org/xxxx/delete 💥 Impact Attacker can...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/07/10 9:52 a.m.12 views

Use of a Broken or Risky Cryptographic Algorithm in boxbilling/boxbilling

✍️ Description The function mtrand is used to generate ticket hashes at the reference shown, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to disclose critical...

7AI score
Exploits0
Huntr
Huntr
added 2021/07/05 8:44 a.m.12 views

Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot

✍️ Description XSS via file upload in profile settings 🕵️‍♂️ Proof of Concept open chatwoot ,login to your profile , go to profile settings upload SVG file with XSS payload and update profile open the avatar in new page, XSS will be triggered 💥 Impact custom javascript code is executed...

1.3AI score0.00285EPSS
Exploits0
Huntr
Huntr
added 2021/07/05 6:24 a.m.12 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description I found a stored XSS in your project which is lead by adding Application/Leases notes. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a Application/Leases. 2. Enter " in the notes. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...

0.9AI score
Exploits0
Total number of security vulnerabilities4072