Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
β€’added 2021/07/31 9:51 p.m.β€’12 views

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to disable any Personal Data module if users visit attacker site. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that Personal data module with id value equal to 1 have been disabled. // PoC.html history.pushState'', '', '/'...

3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/31 9:32 p.m.β€’12 views

Open Redirect in erudika/scoold

✍️ Description There is an open redirect vulnerability in the following URL: https://live.scoold.com/signin?returnto=https://google.com πŸ•΅οΈβ€β™‚οΈ Proof of Concept Step to reproduce 1. open above URL 2. login in the applicaiton 3. you redirect to google.com πŸ’₯ Impact That causes a redirection to an...

0.3AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/07/29 1:35 p.m.β€’12 views

Session Fixation in projectsend/projectsend

✍️ Description Project Send contains a Session Fixation Vulnerability. This vulnerability is one that can allow an attacker to fixate find or set another person’s session identifier. This most commonly happens when session tokens are now refreshed or renewed when they should be. It looks like the...

0.9AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/07/28 8:40 p.m.β€’12 views

Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/26 6:33 p.m.β€’12 views

Cross-Site Request Forgery (CSRF) in changeweb/unifiedtransform

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/24 5:33 p.m.β€’12 views

Business Logic Errors in pimcore/pimcore

✍️ Description Pimcore is vulnerable to Business Logic error through negative products amount. πŸ•΅οΈβ€β™‚οΈ Proof of Concept HTML content: HTML 1. Save the above content into an HTML file. 2. Open the HTML file on the browser and click on Submit button. 3. Check out the total price. PoC video. πŸ’₯ Impact It...

1.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/23 2:55 p.m.β€’12 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug to watch a game πŸ•΅οΈβ€β™‚οΈ Proof of Concept no csrf token checking during watch game.\ Bellow request is vulnerable to csrf attack POST /redirect.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0 Accept:...

Exploits0
Huntr
Huntr
β€’added 2021/07/23 1:32 p.m.β€’12 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug when disabling notice πŸ•΅οΈβ€β™‚οΈ Proof of Concept no csrf token checking during enable/desable notice .\ Bellow request is vulnerable to csrf attack POST /index.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/23 8:59 a.m.β€’12 views

Code Injection in causefx/organizr

✍️ Description The "version": "v6.4.1", is vulnerable to code injection, Affected versions of this package are vulnerable to Arbitrary Code Execution. If the $langpath parameter is passed unfiltered from user input, it can be set to a UNC path, and if an attacker is also able to persuade the serve...

4AI score0.02803EPSS
Exploits0References1
Huntr
Huntr
β€’added 2021/07/21 8:36 a.m.β€’12 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In Bank section the POS part, you don't protect resources from delete with CSRF attacks and then I able to delete/close arbitrary POS cash desk control entities only with knowing their ids. πŸ•΅οΈβ€β™‚οΈ Proof of Concept // PoC.html history.pushState'', '', '/' πŸ’₯ Impact This vulnerability is...

3.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/18 10:45 a.m.β€’12 views

Cross-Site Request Forgery (CSRF) in spiral-project/ihatemoney

✍️ Description CSRF bug to delete project πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. goto https://ihatemoney.org/ and create a new project and project-name is XXXX .\ Now bellow request is vulnerable to csrf attack which will delete the whole project \ https://ihatemoney.org/xxxx/delete πŸ’₯ Impact Attacker can...

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/10 9:52 a.m.β€’12 views

Use of a Broken or Risky Cryptographic Algorithm in boxbilling/boxbilling

✍️ Description The function mtrand is used to generate ticket hashes at the reference shown, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to disclose critical...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/05 8:44 a.m.β€’12 views

Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot

✍️ Description XSS via file upload in profile settings πŸ•΅οΈβ€β™‚οΈ Proof of Concept open chatwoot ,login to your profile , go to profile settings upload SVG file with XSS payload and update profile open the avatar in new page, XSS will be triggered πŸ’₯ Impact custom javascript code is executed...

1.3AI score0.00285EPSS
Exploits0
Huntr
Huntr
β€’added 2021/07/05 6:24 a.m.β€’12 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description I found a stored XSS in your project which is lead by adding Application/Leases notes. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Steps to reproduce: 1. Create a Application/Leases. 2. Enter " in the notes. 3. Save and you will see XSS. πŸ’₯ Impact This vulnerability is capable of stored XSS...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/04 5:25 p.m.β€’12 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

πŸ’₯ BUG csrf to turn off maintanance-mode πŸ’₯ VERSION TESTED latest version as of 4/7/21 πŸ’₯ STEP TO REPRODUCE 1. just visit http://localhost/online-rental/app/admin/ajax-maintenance-mode.php?status=off and it will turn-off maintenance-mode if already enabled.\ Here no csrf token is checking...

1.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/03 5:3 p.m.β€’12 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored XSS in anonymous user name due to improper sanitization of user input πŸ•΅οΈβ€β™‚οΈ Proof of Concept Steps to reproduce: 1. Go to http://192.168.43.130:8081/app//admin/pageSettings.php and click on pre-configured users. 2. Edit anonymous username to xss" 3. Save it and visit...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/03 9:3 a.m.β€’12 views

Improper Privilege Management in bigprof-software/online-rental-property-manager

πŸ’₯ BUG privilege escalation bug to add residenceandrental to a applicant . πŸ’₯ IMPACT unprivileged user can add residenceandrental to a applicant πŸ’₯ STEP TO REPRODUCE 1. From admin account goto http://localhost/online-rental/app/admin/pageViewMembers.php and add new user called user-B .\ Now revoke...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/03 2:11 a.m.β€’12 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

πŸ’₯ BUG xss via Applications/Leases πŸ’₯ VERSION TESTED latest version as of 1/7/21 πŸ’₯ IMPACT xss allow to execute arbitary javascript in vicitm account πŸ’₯ STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/applicationsleasesview.php and create a new application .\ During creation put bellow...

2.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/06/29 1:57 p.m.β€’12 views

in w7corp/easywechat

✍️ Description The method encryptsensitiveinformation in BaseClient.php uses the RSA algorithm without OAEP padding, thereby making the encryption weak. In order to use RSA securely, the OAEP padding mode Optimal Asymmetric Encryption Padding must be used. This category was derived from the Cigita...

0.3AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/06/25 9:32 a.m.β€’12 views

OS Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Command Injection due to unsanitized variable named algo πŸ•΅οΈβ€β™‚οΈ Proof of Concept πŸ’₯ Impact CI with the highest privilege...

3AI score
Exploits0
Huntr
Huntr
β€’added 2021/06/24 8:25 p.m.β€’12 views

in phpservermon/phpservermon

✍️ Description The program creates a cookie without setting the secure flag to true. Modern web browsers support a secure flag for each cookie. If the flag is set, the browser will only send the cookie over HTTPS. Sending cookies over an unencrypted channel can expose them to network sniffing...

0.2AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/06/23 2:49 p.m.β€’12 views

in phpservermon/phpservermon

✍️ Description The random number generator implemented by mtrand cannot withstand a cryptographic attack. Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates...

0.4AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/06/23 7:41 a.m.β€’12 views

Heap-based Buffer Overflow in rup0rt/pcapfix

Description A heap over flow was found in pcapfix in function fixpcapng in pcapng.c at line 216 Test version : 1.1.6 2fe168e Test env: gcc 9.3.0 ubuntu 20.04 x86-64 Proof of Concept CFLAGS="-fsanitize=address" make ./pcapfix poc poc is attatched in reference link c ==603793==ERROR:...

7.1AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/06/16 5:33 a.m.β€’12 views

Cross-site Scripting (XSS) - Stored in thoughtbot/administrate

πŸ’₯ BUG Stored xss using unsanitize url πŸ’₯ IMPACT There is no url scheme sanitization, allow to provide javascript protocol in url which cause xss πŸ’₯ PAYLOAD javascript:alertdocument.domain πŸ’₯ STEP TO REPRODUCE tested in demo version https://administrate-demo.herokuapp.com/admin.\ 1. Plz check this 1...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/06/14 3:0 a.m.β€’12 views

Cross-site Scripting (XSS) - Stored in polonel/trudesk

πŸ’₯ BUG Stored xss using ticket content in markdown πŸ’₯ IMPACT There is no xss filter present . Using this stored xss external user can attack admin and can execute arbitary javascript code in vicitm account . TESTED VERSION ========== trudesk 1.1.5 πŸ’₯ STEP TO REPRODUCE 1. First goto...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/06/11 7:12 a.m.β€’12 views

in flarum/framework

✍️ Description Avatar URL from OAuth registration is passed to Intervention Image's ImageManager::make function without any validation on URL. Since ImageManager::make allows relative path to read file, it is possible to inject arbitrary inputs like storage/somefile.jpg or even absolute paths like...

1.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/06/06 8:44 p.m.β€’12 views

Heap-based Buffer Overflow in rup0rt/pcapfix

✍️ Description Whilst testing pcapfix built from commit 5c2965 with Clang 13 +ASan on Ubuntu 20.04.2 LTS, we discovered a PCAPNG file which triggers a heap-buffer-overflow during a memcpy operation. πŸ•΅οΈβ€β™‚οΈ Proof of Concept echo "Cg0NCgAAAADT1MOysvgUAAAAAEpaggAAoPWPsvgUAAAAAAAAAAAA" | base64 -d...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/06/03 1:32 a.m.β€’12 views

Heap-based Buffer Overflow in squell/id3

✍️ Description When running the id3 app built from commit 51e738 with Clang 13 +ASan on Ubuntu 20.04.2 against the test data file encoding.tag, a heap-buffer-overflow is triggered at https://github.com/squell/id3/blob/51e738e7575c54fd7fdd54c931a155b25c3f2d30/id3v2.cL104. static ulong ul4uchar n4...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/30 5:23 p.m.β€’12 views

Stack-based Buffer Overflow in falconchristmas/fpp

✍️ Description Hi, There is a stack based buffer overflow in https://github.com/FalconChristmas/fpp/blob/f4a1621c8be15a41305269830b700a2b5443aa0f/src/fpp.cL177 : c else ifstrcmpargv1,"--log-mask" == 0 && argc 2 char newMask128; strcpynewMask, argv2;//overflow // argv2 is copied into newMask using...

2.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/28 10:5 a.m.β€’12 views

Code Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Multiple Command injection in infogathering.py file due to lack of sanitization. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Payload : id Video: https://drive.google.com/file/d/1uozVKKHL1LSMvFW7ehX3eIoxsWFLCes1/view?usp=sharing πŸ’₯ Impact tools ask for root to run so every command injected will run as root...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/19 8:49 a.m.β€’12 views

Improper Privilege Management in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can modify directory πŸ’₯ STEP TO REPRODUCE 1. From admin account add user B as normal user .\ Now dont give any permission for DMS/ECM module for user B .\ So, user B should not see any DMS/ECM details .\ \ 2. Now from admin account goto...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/15 1:35 p.m.β€’12 views

in utmsigep/member-directory

✍️ Description Entering unintended values during the member creation flow causes unusual database state, unhandled exceptions/stack trace disclosure and denial of service due to continuous page crashes. πŸ•΅οΈβ€β™‚οΈ Proof of Concept - Select a member-status/group - Create New Member - Enter an invalid...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/15 1:34 a.m.β€’12 views

Path Traversal in demon1a/discord-recon

✍️ Description Scanning internal git directories leaks using Improper input validation in truffleHog function urlHost = urlparseargument.netloc if urlHost != "github.com" and urlHost != "gitlab.com": await ctx.send"You're trying to scan unallowed URL, please use a github/gitlab URL." return The...

7AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/13 1:55 a.m.β€’12 views

Heap-based Buffer Overflow in axiomatic-systems/bento4

✍️ Description heap-buffer-overflow πŸ•΅οΈβ€β™‚οΈ Proof of Concept Verification steps: 1.Get the source code of Bento4 2.Compile the Bento4 bash $ cd Bento4 $ mkdir checkbuild && cd checkbuild $ cmake ../ -DCMAKECCOMPILER=clang -DCMAKECXXCOMPILER=clang++ -DCMAKECFLAGS="-fsanitize=address"...

2.2AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/05/12 1:29 p.m.β€’12 views

in cythron/tweango

✍️ Description Django secret key is pushed into Github repository. This is used to sign Json objects, create hashes and generate Csrf tokens. πŸ•΅οΈβ€β™‚οΈ Proof of Concept https://stackoverflow.com/questions/15170637/effects-of-changing-djangos-secret-key/15383766?noredirect=1comment2174349415383766 πŸ’₯...

Exploits0References1
Huntr
Huntr
β€’added 2021/05/12 6:51 a.m.β€’12 views

Cross-site Scripting (XSS) - Reflected in thecoshman/http

✍️ Description The web server is vulnerable to Cross-site scripting. An attacker can host a file with an XSS payload as the file name. When a user visits the web server address, the javascript will be executed in the browser. This is due to improper sanitization. πŸ•΅οΈβ€β™‚οΈ Proof of Concept - Create a...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/07 11:8 p.m.β€’12 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through image name edition. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. With an authenticated user, access http://localhost/private/en/medialibrary/mediaitemindex. 2. Click on New media. 3. Upload any image and then click on Back to overview. 4. With the image...

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/04/30 6:30 a.m.β€’12 views

Improper Privilege Management in chatwoot/chatwoot

✍️ Description Privilege escalation to view all conversation πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. First goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list from admin account and add a user B as agent . 2. now goto https://app.chatwoot.com/app/accounts/4534/settings/inboxes/list and add a...

1.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/03/26 12:57 p.m.β€’12 views

Code Injection in storybookjs/telejson

✍️ Description telejson is a library for teleporting rich data to another place. The telejson.reviver which is used to parse string data back to json structure can be abused to execute arbitrary code when the lazyEval option is set to false i.e., disabled. The root cause is the attackers can...

2.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/02/19 12:0 a.m.β€’12 views

Code Injection in dimodimchev/access-control

Description Access-Control package is vulnerable to Arbitary Code Execution due to insecure yaml desearilization. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept steps to reproduce: python import os os.system'git clone...

1.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/01/30 12:0 a.m.β€’12 views

Code Injection in tensorspeech/tensorflowtts

✍️ Description TensorFlowTTS provides real-time state-of-the-art speech synthesis architectures such as Tacotron-2, Melgan, Multiband-Melgan, FastSpeech, FastSpeech2 based-on TensorFlow 2. With Tensorflow 2, we can speed-up training/inference progress, optimizer further by using fake-quantize awar...

1.6AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/01/26 12:0 a.m.β€’12 views

Prototype Pollution in alexandervu/dot-prop-opt

Description dot-prop-opt is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const set = require'dot-prop-opt' console.log'Before: ' + .polluted set, 'proto.polluted', true console.log'After: ' + .polluted 2. Execute the following commands...

1.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/01/26 12:0 a.m.β€’12 views

Prototype Pollution in a-maged/object-breacher

Description object-breacher is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const set = require'object-breacher' console.log'Before: ' + .polluted set, 'proto.polluted', true console.log'After: '+ .polluted 2. Execute the following...

1.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/01/04 12:0 a.m.β€’12 views

Prototype Pollution in darrenpaulwright/object-agent

Description object-agent is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js import set from 'object-agent'; var obj = console.log"Before : " + .polluted; setobj, 'proto.polluted', 'Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute th...

1.6AI score
Exploits0
Huntr
Huntr
β€’added 2020/09/24 12:0 a.m.β€’12 views

Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr

Description The application is vulnerable to html injection in password reset functionality. PoC CLICK ME...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2020/08/17 12:0 a.m.β€’12 views

Path Traversal in rwson/server-static

Overview server-static is a static file server, this package is vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server. For example, requesting the following URL: /../../etc/passwd would result in /etc/passwd leaking...

4.1AI score
Exploits0References1
Huntr
Huntr
β€’added 2020/08/10 12:0 a.m.β€’12 views

Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. Special characters provided as part of the Referer HTTP header. is reflected within htdocs/user/passwordforgotten.php...

3.5CVSS2.5AI score0.00851EPSS
Exploits1
Huntr
Huntr
β€’added 2020/05/08 12:0 a.m.β€’12 views

Code Injection in vishwanatharondekar/gitlab-cli

Description The git-lab-cli module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Check there aren't files called HACKED 2. Execute the following commands in another terminal: bash npm i git-lab-cli...

2.3AI score
Exploits0
Huntr
Huntr
β€’added 2026/02/19 9:6 a.m.β€’11 views

Path Traversal in NLTK Downloader Package Metadata Allows Arbitrary File Write

Description The NLTK downloader does not validate file paths constructed from package metadata before writing downloaded files. A malicious NLTK data server can specify arbitrary paths via the subdir and id attributes in the package index XML, allowing arbitrary file write outside the intended...

10CVSS6.1AI score0.0079EPSS
Exploits1
Huntr
Huntr
β€’added 2026/02/17 6:0 a.m.β€’11 views

Missing Authorization Validation on MLflow MPU Endpoints Leads to Cross-Resource Artifact Overwrite, Model Poisoning, and Cross-Boundary Command Execution on Model Load

Analyzed version: 5af88dc08a54d40dddfc019da9e7f0fd0fcf34e2 git describe: nightly-2300-g5af88dc08, local mlflow.version: 3.10.1.dev0 In --serve-artifacts mode, MLflow exposes MPU endpoints for large-file multipart uploads. However, its authorization logic only covers the /mlflow-artifacts/artifact...

9CVSS6.1AI score0.00345EPSS
Exploits1
Total number of security vulnerabilities4072