Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/07/06 2:38 p.m.11 views

Improperly Configured rack_attack.rb does not prevent rate limit attacks

Description The lobsters repository depends upon rackattack.rb to prevent rate limit attacks against the /login or the /login/setnewpassword endpoint, allowing for only 4 requests in a minute. However, this can be bypassed by simply appending some strings like /login.turtles to the endpoint. Proo...

1AI score
Exploits0References3
Huntr
Huntr
added 2022/07/05 9:46 a.m.11 views

Password Reset Allows For User Email Enumeration

Description The password reset function at the login page responds to valid and invalid emails in the application. Submitting an invalid email result in "The e-mail address is not assigned to any user account." A valid response results in a message stating an email has been sent. Proof of Concept...

0.7AI score
Exploits0References2
Huntr
Huntr
added 2022/07/05 9:35 a.m.11 views

Weak Password Change Mechanism

Description When setting a new user password, commafeeddoes not require knowledge of the original password or using another form of authentication. Proof of Concept 1. Log in as a regular user 2. Go to the profile settings link 3. Select Set Password 4. Enter any 6-character password string this...

1.6AI score
Exploits0References3
Huntr
Huntr
added 2022/07/04 5:32 p.m.11 views

Improper handling of parameter lead to listing any directory

Description In file-manager/list API, the server does not handling path parameters properly lead to allow listing any directory. To exploit, use double URL encoding to bypass filter. Proof of Concept GET /demo/api/file-manager/list?path=%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/07/02 2:3 p.m.11 views

Stored XSS via Editing config

Description Hello, I'm reporting several Stored XSS vulnerabilities in same report because huntr.dev now want us to do this. Please consider the vulnerabilities independently. Vuln one : It's possible to inject javascript code in "URL of your FAQ" parameter in admin's edit config form. The...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/07/01 9:28 p.m.11 views

unprivileged user can get document details

Description unprivileged user can see document details of any document . Proof of Concept 1. From admin account add a new user called user-B as member role .\ \ 2. Now from admin account create a private collection and dont share it with any member .Set bellow permisiion for this collection...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/06/28 7:23 a.m.11 views

Arbitrary template creation leading to Authenticated Remote Code Execution

Description Arbitrary File Write Reproduction Steps: 1. As a low privileged user, Create a new recipe and click on the "+" to add a New Asset. 2. Select a file, then proxy the request that will create the asset. 3. Update the values in the POST request to the ones shown below: POST...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/06/16 9:49 a.m.11 views

Inefficient Regular Expression Complexity potentially leads to Denial of Service

Description Inefficient Regular Expression Complexity of url regex could lead to a denial of service attack. This report bypasses the fix in issue 300 by a well-formed payload '//a.b' + 'c1'.repeati + 'a'. With only 36 characters payload could take 18672 ms time execution. Proof of Concept js //...

1.9AI score
Exploits0References1
Huntr
Huntr
added 2022/06/13 8:50 a.m.11 views

Generation of Error Message Containing Sensitive Information

Description The software generates an error message that includes sensitive information about its environment, users, or associated data. Proof of Concept 1. The forgot password feature will tell you whether or not a username exists which is a vulnerability since it can be paired with the lack of...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2022/06/13 4:39 a.m.11 views

Stored XSS in Supplier Company Name

Description The application inventree is vulnerable to Stored XSS in supplier company name field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/1KDrwbWkftO-cNrd-4XSoNh27Z3vqiMR/view?usp=sharing...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/06/10 9:45 a.m.11 views

Reflected XSS in param 'activetab' and param 'code'

Description We can insert XSS payload at http://localhost/facturascripts/ListAlbaranProveedor, the 'activetab' parameter. Proof of Concept GET...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/06/08 3:18 a.m.11 views

UI Redressing

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept 1. Go to this URL:...

0.6AI score
Exploits0References2
Huntr
Huntr
added 2022/06/08 2:39 a.m.11 views

Weak Password Policy

Description This page is using a weak password. Acunetix was able to guess the credentials required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such ...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2022/05/25 5:22 p.m.11 views

proxying Big files leads to potential DOS [/proxy]

Description consider following script and put drawiodockerinstace your address and also bigfileaddress should be serve a big image file 250 MB exploit.py python from multiprocessing import Process import requests def fun: try:...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/05/21 6:40 p.m.11 views

Cross-site Scripting (XSS) - Reflected

Description I find Relected XSS in search function. Proof of Concept 1.Login with admin or teacher account 2.Access this url:...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2022/05/18 8:16 a.m.11 views

xss bypass

Description xss check bypassed Proof of Concept The fix for this bug https://huntr.dev/bounties/2adf903d-cab1-4ca8-8236-b6315f0fdaba/ can be bypassed using bellow payload jAvAsCriPt://sadas.com/%0aalert11;//...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/05/15 4:25 p.m.11 views

SSRF via IPv6 address 2

Description While searching online, I found that https://stackoverflow.com/questions/53764109/is-there-a-java-api-that-will-identify-the-ipv6-address-fd00-as-local-private also states fc00 / fd00 are also private IPv6 range that are weirdly not covered by INetAddress, meaning that it has to be do...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/05/12 3:7 a.m.11 views

Cross-site scripting and open redirect vulnerability on Rock RMS Login Page

Description The Rock RMS login page has a returnUrl parameter that is used to set window.location.href when the user has successfully logged in. An attacker can include a malicious JavaScript payload using a link crafted with the payload in the returnUrl parameter, such as 'javascript:...', that ...

0.6AI score
Exploits0References2
Huntr
Huntr
added 2022/05/09 2:9 a.m.11 views

Cross-site Scripting (XSS) - Reflected

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept 1.Login as admin administrator / administrator. 2.Access this URL...

1AI score
Exploits0References1
Huntr
Huntr
added 2022/04/30 10:55 a.m.11 views

Cross-site scripting - Reflected via upload `.xml` file

Description When user upload a file with .xml extension and direct access this file, the server response with Content-type: text/html lead to processing XML as HTML file. Proof of Concept POST /facturascripts/EditAttachedFile?code=1&action=save-ok HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2022/04/28 8:58 a.m.11 views

Thirdparty site authorization header leak

Description mechanize library is used to manipulate the URL of web pages and crawl the contents of web pages. mechanize does not filter the request header after redirecting. It will also transfer the authentication and cookie request header of the first request to the service after redirecting,...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/04/23 2:51 a.m.11 views

Cross-site scripting - Reflected via mime-type file upload

Description When user upload file with extension not in white-list, server will throw error attach with mime-type of file upload user can controll without sanitize. Proof of Concept POST /rosariosis/Modules.php?modname=SchoolSetup/PortalNotes.php&modfunc=update HTTP/1.1 Host: localhost:8080...

7AI score
Exploits0References1
Huntr
Huntr
added 2022/04/17 10:21 a.m.11 views

Relative Path Traversal vulnerability in StaticDir server

Description There is a relative path traversal vulnerability in the serve module of the extra crate. An attacker can simply request a relative path and access files outside of the configured directory root. Proof of Concept With a static folder in the project directory: rs // main.rs use...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/04/12 7:24 p.m.11 views

Open Redirect

Description An Open Redirect vulnerability enables attacker to redirect the victims/users to malicious websites. The bug exists due to improper fix of https://huntr.dev/bounties/bac0b763-730c-4c4b-8b20-eb4926928cf3/. By using double / it is possible to bypass the check for http at the beggining o...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2022/04/04 8:7 a.m.11 views

Cross Site Scripting via Improper Input Validation (Based on CRLF)

Description The parse-url The 6.0.0 version of the parser does not remove \r, \n characters between protocols. This causes spoofing of the javascript protocol itself. Proof of Concept javascript const parseUrl = require"parse-url"; const express = require'express'; const app = express; parsed =...

0.8AI score
Exploits0References1
Huntr
Huntr
added 2022/04/03 6:25 a.m.11 views

Stored XSS

Description Stored XSS via domain argument : Proof of Concept run this command ./GoogleDorker.py -d '"' visit created file...

2.2AI score
Exploits0
Huntr
Huntr
added 2022/03/29 8:12 p.m.11 views

Use of cryptographically weak random number generator for password generation

Description Umbraco has a GeneratePassword function that is used to generate passwords that should be unpredictable, this function uses the .NET Random class which isn't cryptographically secure. Impact This vulnerability is capable of allowing attackers to predict generated passwords and use the...

3.1AI score
Exploits0References1
Huntr
Huntr
added 2022/03/29 2:46 p.m.11 views

Auth bypass via unproper use of getRequestURL()

Description The wgcloud uses getRequestURL improperly, an attacker could craft an URL that bypasses the auth of wgcloud Normally, when browsering http://ip:9999/wgcloud/dash/main with no auth, you will be redirected to /wgcloud/login/toLogin, but this vuln could bypass this. Proof of Concept curl...

1.1AI score
Exploits0References1
Huntr
Huntr
added 2022/03/14 9:31 p.m.11 views

The microweber application allows large characters to insert in the input field "SKU" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber

Go to add post http://site.com/admin/product/create click on create new product There will a option called SKU Fill the input field with huge characters, more than 1 lakh Copy the below payload and put it in the input fields and click on continue. You will see the application accepts large...

2.2AI score0.03421EPSS
Exploits0References1
Huntr
Huntr
added 2022/03/13 10:46 a.m.11 views

Malicious usage of '+' in protocol can lead to whitelist bypasses

Description Malicious usage of '+' in protocol can lead to whitelist bypasses. Proof of Concept The following PoC shows how if parse-url is used to check the resource of a URL against a whitelist, we can bypass a whitelist check for google.com, and then convince the standard HTTP client in NodeJS...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/02/17 12:30 p.m.11 views

in microweber/microweber

Description There is no input field length in update username where any user can able to add large number of characters like imagine we can add more 5000+ character on to the update name field . Steps to Reproduce Visit the particular URL Vulnerable-link Where there is a functionality to update o...

1.1AI score
Exploits0References1
Huntr
Huntr
added 2022/02/17 10:0 a.m.11 views

Heap-based Buffer Overflow in gpac/gpac

Description Heap-based Buffer Overflow in gpac Proof of Concept Version: MP4Box - GPAC version 1.1.0-DEV-rev1762-g90a145735-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/02/10 5:4 p.m.11 views

in snipe/snipe-it

Description unprivileged user can get supplier Proof of Concept 1. Create regular user and set DENY to all permissions in asset and supplier models.\ 2. Login as the user and sent bellow request to get supplier await fetch"https://demo.snipeitapp.com/api/v1/suppliers/selectlist?page=1",...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/02/08 7:7 a.m.11 views

Cross-site Scripting (XSS) - Reflected in effgarces/bookedscheduler

Setup the Booked Scheduler locally.URL like the following. http://192.168.5.5/phpsch/ Attcker 2. Login as valid user. 3. Make an reservation from the dashboard. 4. Open the information you reserved.URL like the following http://192.168.5.5/Web/reservation.php?rn=62020af2eee4d833634703 5. The...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/02/03 6:43 p.m.11 views

Cross-site Scripting (XSS) - Stored in alanaktion/phproject

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. Then, the vulnerability can be triggered when the user previews the document´s content. Proof of Concept login and navigate task Dependencies This task depends on: This task is a...

5.1AI score
Exploits0
Huntr
Huntr
added 2022/02/03 12:47 p.m.11 views

Improper Access Control in mautic/mautic

Description I couldn't find a suitable vulnerability type for this kind of issue, so this may be incorrect the default .htaccess file has some restrictions in the access to PHP files. Deny access via HTTP requests to all PHP files. Order deny,allow Deny from all ... Except those whitelisted bello...

7.4AI score
Exploits0
Huntr
Huntr
added 2022/02/01 6:32 p.m.11 views

in gpac/gpac

Description Null Pointer Dereference in afrtboxread Proof of Concept echo AAAAEW1ldGFzXSAAAABkaXIAAAAAYWZydHRzdnB5dG/oAwBtAGwAAm0= | base64 -d poc gdb output bash pwndbg r -bt poc Starting program: /run/shm/gpac/bin/gcc/MP4Box -bt poc ERROR: Could not find ELF base! Thread debugging using...

1AI score
Exploits0References1
Huntr
Huntr
added 2022/01/30 12:2 p.m.11 views

Cross-site Scripting (XSS) - Reflected in navigatecms/navigate-cms

Description Cross-Site Scripting is vulnerability which allows attackers to execute arbitrary javascript code in the browser of victim. Proof of Concept Parameter: id Payload: alertdocument.cookie Affected endpoints: On Firefox browser, visit: 1...

1.1AI score
Exploits0References1
Huntr
Huntr
added 2022/01/29 9:37 p.m.11 views

in microweber/microweber

Description In the Microweber CMS, there are two endpoints that can be used together to get local file inclusion vulnerability. 1. /api/BackupV2/upload?src=/etc/passwd 2. /api/BackupV2/download?file=passwd When logged in as administrator, we can upload any readable file from the operating system...

7.2AI score
Exploits0
Huntr
Huntr
added 2022/01/26 9:42 p.m.11 views

Use of a Broken or Risky Cryptographic Algorithm in x360ce/x360ce

Description The password-generation algorithm used in the function NewPassword simply adds bias to the output password instead of making it easier to remember. Proof of Concept - Use the NewPassword function a large amount of times and store the output. - Look at the frequency of each character o...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/01/26 9:33 p.m.11 views

in x360ce/x360ce

Description x360ce uses the .NET Random and Guid classes to generate random numbers/bytes that are used for sensitive purposes . Proof of Concept None provided. Impact This vulnerability is capable of allowing attackers to predict sensitive information on x360ce's backend see the 'occurances'...

3.6AI score
Exploits0
Huntr
Huntr
added 2022/01/20 7:37 a.m.11 views

None in gpac/gpac

Description Use After Free in gpac Proof of Concept Version: MP4Box - GPAC version 1.1.0-DEV-rev1647-gb6f68145e-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

Exploits0
Huntr
Huntr
added 2022/01/20 6:50 a.m.11 views

Stack-based Buffer Overflow in gpac/gpac

Description Stack-based Buffer Overflow in gpac Proof of Concept MP4Box -bt POC3 POC3is here gdb Program received signal SIGABRT, Aborted. 0x0000000000b68d4b in raise LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/01/15 10:40 a.m.11 views

Cross-site Scripting (XSS) - Stored in cyrisxd/love-lock-card

Description Currenty, adding a "+ to the password, or a DOM element to the title, you can inject scripts into HA. I know that this library is meant to be not-secure by design, as stated in the README, and that if someone can update the Lovelance dashboard he can probably execute JS code in other...

7.5AI score
Exploits0
Huntr
Huntr
added 2022/01/11 12:42 p.m.11 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description Stored xss Proof of Concept txt onmouseover="alert1"link Video : https://drive.google.com/file/d/1WzArNdgXgjVOS6qsePRvGWIz6ljtxApx/view?usp=sharing Impact Through this vulnerability, an attacker is capable to execute malicious scripts...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/12/29 12:28 a.m.11 views

Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Description Hi there, another CSRF in clearing search items. Proof of Concept 1. Install a local instance of phpmyfaq. 2. Go to this link /phpmyfaq/admin/?action=truncatesearchterms 3. See that all search terms are deleted. Impact This vulnerability is capable of CSRF...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/12/27 3:26 a.m.11 views

Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Description Hi there phpmyfaq team, I would like to report a Cross site request Forgery in phpmyfaq. It is in publishing question. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2021/12/26 10:36 p.m.11 views

in livehelperchat/livehelperchat

Description When updating the geolocation detection configuration, we're given the option to specify a file location of a city database file, this can be used to determine if files exist or not. We are not able to see the contents of the file, but we are indeed able to determine if the file exist...

5CVSS4.8AI score0.00924EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/26 2:54 a.m.11 views

Cross-Site Request Forgery (CSRF) in pheditor/pheditor

Description Hi there, there is a minor CSRF problem in your logout function, this will force the user to logout without their consent. Proof of Concept 1. Install phpeditor on your system 2. Login as admin 3. Go to this link /pheditor/pheditor.php?logout=1 4. See that you are logged out of...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/12/19 3:12 p.m.11 views

Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin

Description grav-plugin-admin 1.10.25 has a Stored-XSS vulnerability that is executed when metadata information of a file whose name contains javascript are shown. Proof of Concept 1 - After installing grav+admin browse to http://127.0.0.1/admin/pages/home. 2 - Create a file named as follows:...

1.2AI score
Exploits0
Total number of security vulnerabilities4072