Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
β€’added 2022/06/13 8:50 a.m.β€’11 views

Generation of Error Message Containing Sensitive Information

Description The software generates an error message that includes sensitive information about its environment, users, or associated data. Proof of Concept 1. The forgot password feature will tell you whether or not a username exists which is a vulnerability since it can be paired with the lack of...

0.3AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/06/13 4:39 a.m.β€’11 views

Stored XSS in Supplier Company Name

Description The application inventree is vulnerable to Stored XSS in supplier company name field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/1KDrwbWkftO-cNrd-4XSoNh27Z3vqiMR/view?usp=sharing...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2022/06/10 9:45 a.m.β€’11 views

Reflected XSS in param 'activetab' and param 'code'

Description We can insert XSS payload at http://localhost/facturascripts/ListAlbaranProveedor, the 'activetab' parameter. Proof of Concept GET...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2022/06/08 3:18 a.m.β€’11 views

UI Redressing

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept 1. Go to this URL:...

0.6AI score
Exploits0References2
Huntr
Huntr
β€’added 2022/06/08 2:39 a.m.β€’11 views

Weak Password Policy

Description This page is using a weak password. Acunetix was able to guess the credentials required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such ...

0.2AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/05/25 5:22 p.m.β€’11 views

proxying Big files leads to potential DOS [/proxy]

Description consider following script and put drawiodockerinstace your address and also bigfileaddress should be serve a big image file 250 MB exploit.py python from multiprocessing import Process import requests def fun: try:...

7.1AI score
Exploits0
Huntr
Huntr
β€’added 2022/05/21 6:40 p.m.β€’11 views

Cross-site Scripting (XSS) - Reflected

Description I find Relected XSS in search function. Proof of Concept 1.Login with admin or teacher account 2.Access this url:...

0.2AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/05/18 8:16 a.m.β€’11 views

xss bypass

Description xss check bypassed Proof of Concept The fix for this bug https://huntr.dev/bounties/2adf903d-cab1-4ca8-8236-b6315f0fdaba/ can be bypassed using bellow payload jAvAsCriPt://sadas.com/%0aalert11;//...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2022/05/15 4:25 p.m.β€’11 views

SSRF via IPv6 address 2

Description While searching online, I found that https://stackoverflow.com/questions/53764109/is-there-a-java-api-that-will-identify-the-ipv6-address-fd00-as-local-private also states fc00 / fd00 are also private IPv6 range that are weirdly not covered by INetAddress, meaning that it has to be do...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2022/05/12 3:7 a.m.β€’11 views

Cross-site scripting and open redirect vulnerability on Rock RMS Login Page

Description The Rock RMS login page has a returnUrl parameter that is used to set window.location.href when the user has successfully logged in. An attacker can include a malicious JavaScript payload using a link crafted with the payload in the returnUrl parameter, such as 'javascript:...', that ...

0.6AI score
Exploits0References2
Huntr
Huntr
β€’added 2022/05/09 2:9 a.m.β€’11 views

Cross-site Scripting (XSS) - Reflected

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept 1.Login as admin administrator / administrator. 2.Access this URL...

1AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/04/30 10:55 a.m.β€’11 views

Cross-site scripting - Reflected via upload `.xml` file

Description When user upload a file with .xml extension and direct access this file, the server response with Content-type: text/html lead to processing XML as HTML file. Proof of Concept POST /facturascripts/EditAttachedFile?code=1&action=save-ok HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0...

0.1AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/04/28 8:58 a.m.β€’11 views

Thirdparty site authorization header leak

Description mechanize library is used to manipulate the URL of web pages and crawl the contents of web pages. mechanize does not filter the request header after redirecting. It will also transfer the authentication and cookie request header of the first request to the service after redirecting,...

1.5AI score
Exploits0
Huntr
Huntr
β€’added 2022/04/23 2:51 a.m.β€’11 views

Cross-site scripting - Reflected via mime-type file upload

Description When user upload file with extension not in white-list, server will throw error attach with mime-type of file upload user can controll without sanitize. Proof of Concept POST /rosariosis/Modules.php?modname=SchoolSetup/PortalNotes.php&modfunc=update HTTP/1.1 Host: localhost:8080...

7AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/04/17 10:21 a.m.β€’11 views

Relative Path Traversal vulnerability in StaticDir server

Description There is a relative path traversal vulnerability in the serve module of the extra crate. An attacker can simply request a relative path and access files outside of the configured directory root. Proof of Concept With a static folder in the project directory: rs // main.rs use...

1.5AI score
Exploits0
Huntr
Huntr
β€’added 2022/04/12 7:24 p.m.β€’11 views

Open Redirect

Description An Open Redirect vulnerability enables attacker to redirect the victims/users to malicious websites. The bug exists due to improper fix of https://huntr.dev/bounties/bac0b763-730c-4c4b-8b20-eb4926928cf3/. By using double / it is possible to bypass the check for http at the beggining o...

0.4AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/04/04 8:7 a.m.β€’11 views

Cross Site Scripting via Improper Input Validation (Based on CRLF)

Description The parse-url The 6.0.0 version of the parser does not remove \r, \n characters between protocols. This causes spoofing of the javascript protocol itself. Proof of Concept javascript const parseUrl = require"parse-url"; const express = require'express'; const app = express; parsed =...

0.8AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/04/03 6:25 a.m.β€’11 views

Stored XSS

Description Stored XSS via domain argument : Proof of Concept run this command ./GoogleDorker.py -d '"' visit created file...

2.2AI score
Exploits0
Huntr
Huntr
β€’added 2022/03/29 8:12 p.m.β€’11 views

Use of cryptographically weak random number generator for password generation

Description Umbraco has a GeneratePassword function that is used to generate passwords that should be unpredictable, this function uses the .NET Random class which isn't cryptographically secure. Impact This vulnerability is capable of allowing attackers to predict generated passwords and use the...

3.1AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/03/14 9:31 p.m.β€’11 views

The microweber application allows large characters to insert in the input field "SKU" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber

Go to add post http://site.com/admin/product/create click on create new product There will a option called SKU Fill the input field with huge characters, more than 1 lakh Copy the below payload and put it in the input fields and click on continue. You will see the application accepts large...

2.2AI score0.03421EPSS
Exploits0References1
Huntr
Huntr
β€’added 2022/03/13 10:46 a.m.β€’11 views

Malicious usage of '+' in protocol can lead to whitelist bypasses

Description Malicious usage of '+' in protocol can lead to whitelist bypasses. Proof of Concept The following PoC shows how if parse-url is used to check the resource of a URL against a whitelist, we can bypass a whitelist check for google.com, and then convince the standard HTTP client in NodeJS...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2022/02/17 12:30 p.m.β€’11 views

in microweber/microweber

Description There is no input field length in update username where any user can able to add large number of characters like imagine we can add more 5000+ character on to the update name field . Steps to Reproduce Visit the particular URL Vulnerable-link Where there is a functionality to update o...

1.1AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/02/17 10:0 a.m.β€’11 views

Heap-based Buffer Overflow in gpac/gpac

Description Heap-based Buffer Overflow in gpac Proof of Concept Version: MP4Box - GPAC version 1.1.0-DEV-rev1762-g90a145735-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929...

7.1AI score
Exploits0
Huntr
Huntr
β€’added 2022/02/10 5:4 p.m.β€’11 views

in snipe/snipe-it

Description unprivileged user can get supplier Proof of Concept 1. Create regular user and set DENY to all permissions in asset and supplier models.\ 2. Login as the user and sent bellow request to get supplier await fetch"https://demo.snipeitapp.com/api/v1/suppliers/selectlist?page=1",...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2022/02/08 7:7 a.m.β€’11 views

Cross-site Scripting (XSS) - Reflected in effgarces/bookedscheduler

Setup the Booked Scheduler locally.URL like the following. http://192.168.5.5/phpsch/ Attcker 2. Login as valid user. 3. Make an reservation from the dashboard. 4. Open the information you reserved.URL like the following http://192.168.5.5/Web/reservation.php?rn=62020af2eee4d833634703 5. The...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2022/02/03 6:43 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in alanaktion/phproject

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. Then, the vulnerability can be triggered when the user previews the documentΒ΄s content. Proof of Concept login and navigate task Dependencies This task depends on: This task is a...

5.1AI score
Exploits0
Huntr
Huntr
β€’added 2022/02/03 12:47 p.m.β€’11 views

Improper Access Control in mautic/mautic

Description I couldn't find a suitable vulnerability type for this kind of issue, so this may be incorrect the default .htaccess file has some restrictions in the access to PHP files. Deny access via HTTP requests to all PHP files. Order deny,allow Deny from all ... Except those whitelisted bello...

7.4AI score
Exploits0
Huntr
Huntr
β€’added 2022/02/01 6:32 p.m.β€’11 views

in gpac/gpac

Description Null Pointer Dereference in afrtboxread Proof of Concept echo AAAAEW1ldGFzXSAAAABkaXIAAAAAYWZydHRzdnB5dG/oAwBtAGwAAm0= | base64 -d poc gdb output bash pwndbg r -bt poc Starting program: /run/shm/gpac/bin/gcc/MP4Box -bt poc ERROR: Could not find ELF base! Thread debugging using...

1AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/01/30 12:2 p.m.β€’11 views

Cross-site Scripting (XSS) - Reflected in navigatecms/navigate-cms

Description Cross-Site Scripting is vulnerability which allows attackers to execute arbitrary javascript code in the browser of victim. Proof of Concept Parameter: id Payload: alertdocument.cookie Affected endpoints: On Firefox browser, visit: 1...

1.1AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/01/29 9:37 p.m.β€’11 views

in microweber/microweber

Description In the Microweber CMS, there are two endpoints that can be used together to get local file inclusion vulnerability. 1. /api/BackupV2/upload?src=/etc/passwd 2. /api/BackupV2/download?file=passwd When logged in as administrator, we can upload any readable file from the operating system...

7.2AI score
Exploits0
Huntr
Huntr
β€’added 2022/01/26 9:42 p.m.β€’11 views

Use of a Broken or Risky Cryptographic Algorithm in x360ce/x360ce

Description The password-generation algorithm used in the function NewPassword simply adds bias to the output password instead of making it easier to remember. Proof of Concept - Use the NewPassword function a large amount of times and store the output. - Look at the frequency of each character o...

0.8AI score
Exploits0
Huntr
Huntr
β€’added 2022/01/26 9:33 p.m.β€’11 views

in x360ce/x360ce

Description x360ce uses the .NET Random and Guid classes to generate random numbers/bytes that are used for sensitive purposes . Proof of Concept None provided. Impact This vulnerability is capable of allowing attackers to predict sensitive information on x360ce's backend see the 'occurances'...

3.6AI score
Exploits0
Huntr
Huntr
β€’added 2022/01/20 7:37 a.m.β€’11 views

None in gpac/gpac

Description Use After Free in gpac Proof of Concept Version: MP4Box - GPAC version 1.1.0-DEV-rev1647-gb6f68145e-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

Exploits0
Huntr
Huntr
β€’added 2022/01/20 6:50 a.m.β€’11 views

Stack-based Buffer Overflow in gpac/gpac

Description Stack-based Buffer Overflow in gpac Proof of Concept MP4Box -bt POC3 POC3is here gdb Program received signal SIGABRT, Aborted. 0x0000000000b68d4b in raise LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA...

1.5AI score
Exploits0
Huntr
Huntr
β€’added 2022/01/15 10:40 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in cyrisxd/love-lock-card

Description Currenty, adding a "+ to the password, or a DOM element to the title, you can inject scripts into HA. I know that this library is meant to be not-secure by design, as stated in the README, and that if someone can update the Lovelance dashboard he can probably execute JS code in other...

7.5AI score
Exploits0
Huntr
Huntr
β€’added 2022/01/11 12:42 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description Stored xss Proof of Concept txt onmouseover="alert1"link Video : https://drive.google.com/file/d/1WzArNdgXgjVOS6qsePRvGWIz6ljtxApx/view?usp=sharing Impact Through this vulnerability, an attacker is capable to execute malicious scripts...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/12/29 12:28 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Description Hi there, another CSRF in clearing search items. Proof of Concept 1. Install a local instance of phpmyfaq. 2. Go to this link /phpmyfaq/admin/?action=truncatesearchterms 3. See that all search terms are deleted. Impact This vulnerability is capable of CSRF...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/12/27 3:26 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Description Hi there phpmyfaq team, I would like to report a Cross site request Forgery in phpmyfaq. It is in publishing question. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to...

6.9AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/12/26 10:36 p.m.β€’11 views

in livehelperchat/livehelperchat

Description When updating the geolocation detection configuration, we're given the option to specify a file location of a city database file, this can be used to determine if files exist or not. We are not able to see the contents of the file, but we are indeed able to determine if the file exist...

5CVSS4.8AI score0.00924EPSS
Exploits1References1
Huntr
Huntr
β€’added 2021/12/26 2:54 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in pheditor/pheditor

Description Hi there, there is a minor CSRF problem in your logout function, this will force the user to logout without their consent. Proof of Concept 1. Install phpeditor on your system 2. Login as admin 3. Go to this link /pheditor/pheditor.php?logout=1 4. See that you are logged out of...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/12/19 3:12 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin

Description grav-plugin-admin 1.10.25 has a Stored-XSS vulnerability that is executed when metadata information of a file whose name contains javascript are shown. Proof of Concept 1 - After installing grav+admin browse to http://127.0.0.1/admin/pages/home. 2 - Create a file named as follows:...

1.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/12/17 4:22 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description coreBOS is vulnerable to Stored Cross-Site Scripting in the Campaign Type - Campaign Status - Expected Response fields. Request POST /index.php HTTP/1.1 Host: demo.corebos.com User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:95.0 Gecko/20100101 Firefox/95.0 Accept:...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/12/16 2:21 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description I found one more CSRF at Clean cache in the System tab of System configuration via GET request. Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking admin to clear the cache of the system, that can potential lead to a DoS attack. Remediation Use POST request...

6.8CVSS1AI score0.00539EPSS
Exploits1
Huntr
Huntr
β€’added 2021/12/12 5:19 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description Stored XSS via File upload with format .xml in Product module. When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary JavaScript code that was injected into attachment before. Proof of Concept alertdocument.domain;...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/12/11 6:32 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in convos-chat/convos

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' Impact This vulnerability is capable of forging users to unintentional logout. More Detail One way GET could be abused here is that a person competito...

0.4AI score
Exploits0
Huntr
Huntr
β€’added 2021/12/06 6:8 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki

Description DokuWiki is vulnerable to CSRF in enabling / disabling plugin due to missing CSRF token sectok Proof of Concept If a logged-in admin user visits an attacker's website with the following HTML code the LDAP plugin, for example, will be disabled Impact This vulnerability is capable of...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/12/04 1:56 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description Stored XSS via upload File with format .svg when creating Document. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept PoC.svg var...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/11/24 7:6 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description It's possible to inject the script on the field: First Name Which is permanently stored. It'll trigger each time refreshing or copying to the new tab. Proof of Concept POST /index.php HTTP/2 Host: demo.corebos.com Cookie: democoreboscom=2fadf4643e2c92731a5bea4397b2d08b;...

6.6AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/11/23 11:55 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in zmister2016/mrdoc

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

Exploits0
Huntr
Huntr
β€’added 2021/11/18 6:29 a.m.β€’11 views

in tsolucio/corebos

Description There's no bound limit to the number of characters/special characters in "Add Module - Window Title" Add window -- Modules. javascript:chooseType'Module';fnRemoveWindow;setFilterdocument.getElementById'selmoduleid' Steps to reproduce Step 1. Goto -...

0.3AI score
Exploits0
Total number of security vulnerabilities4072