Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/07/23 2:55 p.m.12 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug to watch a game 🕵️‍♂️ Proof of Concept no csrf token checking during watch game.\ Bellow request is vulnerable to csrf attack POST /redirect.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0 Accept:...

Exploits0
Huntr
Huntr
added 2021/07/23 1:32 p.m.12 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug when disabling notice 🕵️‍♂️ Proof of Concept no csrf token checking during enable/desable notice .\ Bellow request is vulnerable to csrf attack POST /index.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/07/23 8:59 a.m.12 views

Code Injection in causefx/organizr

✍️ Description The "version": "v6.4.1", is vulnerable to code injection, Affected versions of this package are vulnerable to Arbitrary Code Execution. If the $langpath parameter is passed unfiltered from user input, it can be set to a UNC path, and if an attacker is also able to persuade the serve...

4AI score0.02803EPSS
Exploits0References1
Huntr
Huntr
added 2021/07/21 8:36 a.m.12 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In Bank section the POS part, you don't protect resources from delete with CSRF attacks and then I able to delete/close arbitrary POS cash desk control entities only with knowing their ids. 🕵️‍♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This vulnerability is...

3.1AI score
Exploits0
Huntr
Huntr
added 2021/07/18 10:45 a.m.12 views

Cross-Site Request Forgery (CSRF) in spiral-project/ihatemoney

✍️ Description CSRF bug to delete project 🕵️‍♂️ Proof of Concept 1. goto https://ihatemoney.org/ and create a new project and project-name is XXXX .\ Now bellow request is vulnerable to csrf attack which will delete the whole project \ https://ihatemoney.org/xxxx/delete 💥 Impact Attacker can...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/07/10 9:52 a.m.12 views

Use of a Broken or Risky Cryptographic Algorithm in boxbilling/boxbilling

✍️ Description The function mtrand is used to generate ticket hashes at the reference shown, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to disclose critical...

7AI score
Exploits0
Huntr
Huntr
added 2021/07/05 8:44 a.m.12 views

Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot

✍️ Description XSS via file upload in profile settings 🕵️‍♂️ Proof of Concept open chatwoot ,login to your profile , go to profile settings upload SVG file with XSS payload and update profile open the avatar in new page, XSS will be triggered 💥 Impact custom javascript code is executed...

1.3AI score0.00285EPSS
Exploits0
Huntr
Huntr
added 2021/07/05 6:24 a.m.12 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description I found a stored XSS in your project which is lead by adding Application/Leases notes. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a Application/Leases. 2. Enter " in the notes. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/07/04 5:25 p.m.12 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

💥 BUG csrf to turn off maintanance-mode 💥 VERSION TESTED latest version as of 4/7/21 💥 STEP TO REPRODUCE 1. just visit http://localhost/online-rental/app/admin/ajax-maintenance-mode.php?status=off and it will turn-off maintenance-mode if already enabled.\ Here no csrf token is checking...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/07/03 5:3 p.m.12 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored XSS in anonymous user name due to improper sanitization of user input 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Go to http://192.168.43.130:8081/app//admin/pageSettings.php and click on pre-configured users. 2. Edit anonymous username to xss" 3. Save it and visit...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/07/03 9:3 a.m.12 views

Improper Privilege Management in bigprof-software/online-rental-property-manager

💥 BUG privilege escalation bug to add residenceandrental to a applicant . 💥 IMPACT unprivileged user can add residenceandrental to a applicant 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/online-rental/app/admin/pageViewMembers.php and add new user called user-B .\ Now revoke...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/07/03 2:11 a.m.12 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG xss via Applications/Leases 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/applicationsleasesview.php and create a new application .\ During creation put bellow...

2.9AI score
Exploits0
Huntr
Huntr
added 2021/06/29 1:57 p.m.12 views

in w7corp/easywechat

✍️ Description The method encryptsensitiveinformation in BaseClient.php uses the RSA algorithm without OAEP padding, thereby making the encryption weak. In order to use RSA securely, the OAEP padding mode Optimal Asymmetric Encryption Padding must be used. This category was derived from the Cigita...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2021/06/25 9:32 a.m.12 views

OS Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Command Injection due to unsanitized variable named algo 🕵️‍♂️ Proof of Concept 💥 Impact CI with the highest privilege...

3AI score
Exploits0
Huntr
Huntr
added 2021/06/24 8:25 p.m.12 views

in phpservermon/phpservermon

✍️ Description The program creates a cookie without setting the secure flag to true. Modern web browsers support a secure flag for each cookie. If the flag is set, the browser will only send the cookie over HTTPS. Sending cookies over an unencrypted channel can expose them to network sniffing...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/06/23 2:49 p.m.12 views

in phpservermon/phpservermon

✍️ Description The random number generator implemented by mtrand cannot withstand a cryptographic attack. Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates...

0.4AI score
Exploits0References2
Huntr
Huntr
added 2021/06/23 7:41 a.m.12 views

Heap-based Buffer Overflow in rup0rt/pcapfix

Description A heap over flow was found in pcapfix in function fixpcapng in pcapng.c at line 216 Test version : 1.1.6 2fe168e Test env: gcc 9.3.0 ubuntu 20.04 x86-64 Proof of Concept CFLAGS="-fsanitize=address" make ./pcapfix poc poc is attatched in reference link c ==603793==ERROR:...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2021/06/16 5:33 a.m.12 views

Cross-site Scripting (XSS) - Stored in thoughtbot/administrate

💥 BUG Stored xss using unsanitize url 💥 IMPACT There is no url scheme sanitization, allow to provide javascript protocol in url which cause xss 💥 PAYLOAD javascript:alertdocument.domain 💥 STEP TO REPRODUCE tested in demo version https://administrate-demo.herokuapp.com/admin.\ 1. Plz check this 1...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/06/14 3:0 a.m.12 views

Cross-site Scripting (XSS) - Stored in polonel/trudesk

💥 BUG Stored xss using ticket content in markdown 💥 IMPACT There is no xss filter present . Using this stored xss external user can attack admin and can execute arbitary javascript code in vicitm account . TESTED VERSION ========== trudesk 1.1.5 💥 STEP TO REPRODUCE 1. First goto...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/06/11 7:12 a.m.12 views

in flarum/framework

✍️ Description Avatar URL from OAuth registration is passed to Intervention Image's ImageManager::make function without any validation on URL. Since ImageManager::make allows relative path to read file, it is possible to inject arbitrary inputs like storage/somefile.jpg or even absolute paths like...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/06/06 8:44 p.m.12 views

Heap-based Buffer Overflow in rup0rt/pcapfix

✍️ Description Whilst testing pcapfix built from commit 5c2965 with Clang 13 +ASan on Ubuntu 20.04.2 LTS, we discovered a PCAPNG file which triggers a heap-buffer-overflow during a memcpy operation. 🕵️‍♂️ Proof of Concept echo "Cg0NCgAAAADT1MOysvgUAAAAAEpaggAAoPWPsvgUAAAAAAAAAAAA" | base64 -d...

7AI score
Exploits0
Huntr
Huntr
added 2021/06/03 1:32 a.m.12 views

Heap-based Buffer Overflow in squell/id3

✍️ Description When running the id3 app built from commit 51e738 with Clang 13 +ASan on Ubuntu 20.04.2 against the test data file encoding.tag, a heap-buffer-overflow is triggered at https://github.com/squell/id3/blob/51e738e7575c54fd7fdd54c931a155b25c3f2d30/id3v2.cL104. static ulong ul4uchar n4...

7AI score
Exploits0
Huntr
Huntr
added 2021/05/30 5:23 p.m.12 views

Stack-based Buffer Overflow in falconchristmas/fpp

✍️ Description Hi, There is a stack based buffer overflow in https://github.com/FalconChristmas/fpp/blob/f4a1621c8be15a41305269830b700a2b5443aa0f/src/fpp.cL177 : c else ifstrcmpargv1,"--log-mask" == 0 && argc 2 char newMask128; strcpynewMask, argv2;//overflow // argv2 is copied into newMask using...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/05/28 10:5 a.m.12 views

Code Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Multiple Command injection in infogathering.py file due to lack of sanitization. 🕵️‍♂️ Proof of Concept Payload : id Video: https://drive.google.com/file/d/1uozVKKHL1LSMvFW7ehX3eIoxsWFLCes1/view?usp=sharing 💥 Impact tools ask for root to run so every command injected will run as root...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/05/19 8:49 a.m.12 views

Improper Privilege Management in dolibarr/dolibarr

💥 BUG unprivileged user can modify directory 💥 STEP TO REPRODUCE 1. From admin account add user B as normal user .\ Now dont give any permission for DMS/ECM module for user B .\ So, user B should not see any DMS/ECM details .\ \ 2. Now from admin account goto...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/05/15 1:35 p.m.12 views

in utmsigep/member-directory

✍️ Description Entering unintended values during the member creation flow causes unusual database state, unhandled exceptions/stack trace disclosure and denial of service due to continuous page crashes. 🕵️‍♂️ Proof of Concept - Select a member-status/group - Create New Member - Enter an invalid...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/05/15 1:34 a.m.12 views

Path Traversal in demon1a/discord-recon

✍️ Description Scanning internal git directories leaks using Improper input validation in truffleHog function urlHost = urlparseargument.netloc if urlHost != "github.com" and urlHost != "gitlab.com": await ctx.send"You're trying to scan unallowed URL, please use a github/gitlab URL." return The...

7AI score
Exploits0References1
Huntr
Huntr
added 2021/05/13 1:55 a.m.12 views

Heap-based Buffer Overflow in axiomatic-systems/bento4

✍️ Description heap-buffer-overflow 🕵️‍♂️ Proof of Concept Verification steps: 1.Get the source code of Bento4 2.Compile the Bento4 bash $ cd Bento4 $ mkdir checkbuild && cd checkbuild $ cmake ../ -DCMAKECCOMPILER=clang -DCMAKECXXCOMPILER=clang++ -DCMAKECFLAGS="-fsanitize=address"...

2.2AI score
Exploits0References2
Huntr
Huntr
added 2021/05/12 1:29 p.m.12 views

in cythron/tweango

✍️ Description Django secret key is pushed into Github repository. This is used to sign Json objects, create hashes and generate Csrf tokens. 🕵️‍♂️ Proof of Concept https://stackoverflow.com/questions/15170637/effects-of-changing-djangos-secret-key/15383766?noredirect=1comment2174349415383766 💥...

Exploits0References1
Huntr
Huntr
added 2021/05/12 6:51 a.m.12 views

Cross-site Scripting (XSS) - Reflected in thecoshman/http

✍️ Description The web server is vulnerable to Cross-site scripting. An attacker can host a file with an XSS payload as the file name. When a user visits the web server address, the javascript will be executed in the browser. This is due to improper sanitization. 🕵️‍♂️ Proof of Concept - Create a...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/05/07 11:8 p.m.12 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through image name edition. 🕵️‍♂️ Proof of Concept 1. With an authenticated user, access http://localhost/private/en/medialibrary/mediaitemindex. 2. Click on New media. 3. Upload any image and then click on Back to overview. 4. With the image...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/04/30 6:30 a.m.12 views

Improper Privilege Management in chatwoot/chatwoot

✍️ Description Privilege escalation to view all conversation 🕵️‍♂️ Proof of Concept 1. First goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list from admin account and add a user B as agent . 2. now goto https://app.chatwoot.com/app/accounts/4534/settings/inboxes/list and add a...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/03/26 12:57 p.m.12 views

Code Injection in storybookjs/telejson

✍️ Description telejson is a library for teleporting rich data to another place. The telejson.reviver which is used to parse string data back to json structure can be abused to execute arbitrary code when the lazyEval option is set to false i.e., disabled. The root cause is the attackers can...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/02/19 12:0 a.m.12 views

Code Injection in dimodimchev/access-control

Description Access-Control package is vulnerable to Arbitary Code Execution due to insecure yaml desearilization. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept steps to reproduce: python import os os.system'git clone...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/01/30 12:0 a.m.12 views

Code Injection in tensorspeech/tensorflowtts

✍️ Description TensorFlowTTS provides real-time state-of-the-art speech synthesis architectures such as Tacotron-2, Melgan, Multiband-Melgan, FastSpeech, FastSpeech2 based-on TensorFlow 2. With Tensorflow 2, we can speed-up training/inference progress, optimizer further by using fake-quantize awar...

1.6AI score
Exploits0References1
Huntr
Huntr
added 2021/01/26 12:0 a.m.12 views

Prototype Pollution in alexandervu/dot-prop-opt

Description dot-prop-opt is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const set = require'dot-prop-opt' console.log'Before: ' + .polluted set, 'proto.polluted', true console.log'After: ' + .polluted 2. Execute the following commands...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/01/26 12:0 a.m.12 views

Prototype Pollution in a-maged/object-breacher

Description object-breacher is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const set = require'object-breacher' console.log'Before: ' + .polluted set, 'proto.polluted', true console.log'After: '+ .polluted 2. Execute the following...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/01/04 12:0 a.m.12 views

Prototype Pollution in darrenpaulwright/object-agent

Description object-agent is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js import set from 'object-agent'; var obj = console.log"Before : " + .polluted; setobj, 'proto.polluted', 'Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute th...

1.6AI score
Exploits0
Huntr
Huntr
added 2020/09/24 12:0 a.m.12 views

Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr

Description The application is vulnerable to html injection in password reset functionality. PoC CLICK ME...

0.9AI score
Exploits0
Huntr
Huntr
added 2020/08/17 12:0 a.m.12 views

Path Traversal in rwson/server-static

Overview server-static is a static file server, this package is vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server. For example, requesting the following URL: /../../etc/passwd would result in /etc/passwd leaking...

4.1AI score
Exploits0References1
Huntr
Huntr
added 2020/08/17 12:0 a.m.12 views

in imsobear/node-browser

Overview node-browser is a wrapper webdriver by Node.js, this package is vulnerable to Man in the Middle MitM attacks due to downloading resources over an insecure protocol. Without a secure connection, it is possible for an attacker to intercept this connection and alter the packages received. I...

3.4AI score
Exploits0
Huntr
Huntr
added 2020/08/17 12:0 a.m.12 views

Path Traversal in youngerheart/nodeserver

Overview nodeserver is a Achieve node server's domain name resolution and web application's router, this package is vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server. For example, requesting the following URL: /../../etc/passwd would result in...

4.3AI score
Exploits0References1
Huntr
Huntr
added 2020/08/10 12:0 a.m.12 views

Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. Special characters provided as part of the Referer HTTP header. is reflected within htdocs/user/passwordforgotten.php...

3.5CVSS2.5AI score0.00851EPSS
Exploits1
Huntr
Huntr
added 2020/05/08 12:0 a.m.12 views

Code Injection in vishwanatharondekar/gitlab-cli

Description The git-lab-cli module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Check there aren't files called HACKED 2. Execute the following commands in another terminal: bash npm i git-lab-cli...

2.3AI score
Exploits0
Huntr
Huntr
added 2026/02/19 9:6 a.m.11 views

Path Traversal in NLTK Downloader Package Metadata Allows Arbitrary File Write

Description The NLTK downloader does not validate file paths constructed from package metadata before writing downloaded files. A malicious NLTK data server can specify arbitrary paths via the subdir and id attributes in the package index XML, allowing arbitrary file write outside the intended...

10CVSS6.1AI score0.0079EPSS
Exploits1
Huntr
Huntr
added 2026/02/17 6:0 a.m.11 views

Missing Authorization Validation on MLflow MPU Endpoints Leads to Cross-Resource Artifact Overwrite, Model Poisoning, and Cross-Boundary Command Execution on Model Load

Analyzed version: 5af88dc08a54d40dddfc019da9e7f0fd0fcf34e2 git describe: nightly-2300-g5af88dc08, local mlflow.version: 3.10.1.dev0 In --serve-artifacts mode, MLflow exposes MPU endpoints for large-file multipart uploads. However, its authorization logic only covers the /mlflow-artifacts/artifact...

9CVSS6.1AI score0.00345EPSS
Exploits1
Huntr
Huntr
added 2026/01/16 8:47 a.m.11 views

H2O-3 PostgreSQL Driver RCE - Bypassing CVE-2025-6544 Mitigation

Description A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The current security mitigation implemented in H2O-3 relies on a parameter blacklist mechanism that exclusively targets MySQL JDBC...

9.8CVSS6.9AI score0.00938EPSS
Exploits2
Huntr
Huntr
added 2025/12/23 1:15 a.m.11 views

MLflow Tarfile Path traversal in mlflow/mlflow

Description Vulnerability Report: Unsafe Tar Extraction Path Traversal Due to the lack of path traversal verification in the tar decompression part, it may lead to the possibility of overwriting any file or gaining elevated privileges. This is a non-expected vulnerability. Location File:...

10CVSS7.2AI score0.00587EPSS
Exploits1
Huntr
Huntr
added 2023/10/11 5:1 p.m.11 views

heap-use-after-free in MP4Box

Description heap-use-after-free in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Asan 33mTTML...

7AI score
Exploits0
Huntr
Huntr
added 2023/10/11 9:38 a.m.11 views

heap-buffer-overflow in ac3dmx_process

Description Heap-buffer-overflow in ac3dmxprocess at filters/reframeac3.c:489. version git log commit 5692dc729491805e0e5f55c21d50ba1e6b19e88e HEAD - master, origin/master, origin/HEAD Author: Aurelien David Date: Wed Oct 11 13:24:46 2023 +0200 ac3dmx: add remain size check fixes 2627 ./MP4Box...

6.9AI score
Exploits0
Total number of security vulnerabilities4072