Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
β€’added 2021/11/15 6:18 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF to FlushOwnGhostPeers Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking users to perform unintended actions...

2.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/11/13 7:8 p.m.β€’11 views

SQL Injection in cacti/cacti

Description SQL Injection vulnerability occurs because the input taken from parameters is not sanitized for SQL Injection statement in useradmin.php useradmin.php:84 updatepolicies function contains sql injection vulnerability getnfilterrequestvar function takes get/post parameter without...

3.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/11/10 4:0 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in eventum/eventum

Description Multiple Stored XSS in Administration at eventum 3.10.8 Proof of Concept // PoC.payload " Step to Reproduct Goto Administration Areas and choose to feature below Manage News Input payload into fieldTitle Manage Status Input payload into fieldTitle Manage Projects Input payload into...

6AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/11/09 12:53 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in code16/sharp

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

6.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/11/03 3:59 p.m.β€’11 views

Heap-based Buffer Overflow in zyantific/zydis

As discussed in the report at https://www.huntr.dev/bounties/96b0a482-7041-45b1-9327-c6a4a8f32d3a/, I am re-opening the report here for proper tracking. Description Hello, we hope you're doing well during these challenging times. Whilst testing zydis built from commit 077b185 with Clang12 + ASan ...

7.5AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/10/29 8:18 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in openpetra/openpetra

Description Multiple Stored XSS at openpetra 2020.10 Proof of Concept // PoC.req POST /api/serverMSponsorship.asmx/TSponsorshipWebConnectorMaintainChild HTTP/1.1 Host: demo.openpetra.org Cookie: ASP.NETSessionId=AEC44A33068E58B5DE583F3E; OpenPetraSessionID=b987029b-104f-45f1-aa29-339a49d0d55a...

Exploits0References1
Huntr
Huntr
β€’added 2021/10/28 1:39 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin

Description In Grav, you can preview the file you uploaded by hovering your mouse to the file and clicking the info icon. The normal preview should be like this: However, I noticed that it is possible to perform XSS on the filename due to the following HTML Code: We can upload a file with a...

3.5CVSS0.2AI score0.0133EPSS
Exploits1
Huntr
Huntr
β€’added 2021/10/24 9:25 a.m.β€’11 views

Session Fixation in kasuganosoras/pigeon

✍️ Description Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn't assign a new sessio...

0.9AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/10/23 6:39 a.m.β€’11 views

in pimcore/pimcore

Description I found unrestricted file upload, to force an image parser to allocate a large volume of memory based on the image headers large file in profile picture, 4250x64250 pixels whole image into memory, it tries to allocate 4128062500 pixels into memory, flooding the memory and causing DoS...

1AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/10/22 5:25 p.m.β€’11 views

SQL Injection in forkcms/forkcms

Description When calling the url for deleting one or more tags, the parameter id is vulnerable for SQL injection. Proof of Concept Call an URL like this one as an authenticated user. http://forkcms.site/private/de/tags/massaction?token=n93e05rj0l&id=3;insert into usersemail,password,isgod values...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/10/22 4:52 p.m.β€’11 views

Business Logic Errors in simplcommerce/simplcommerce

Description SimplCommerce allows negative product allowing one to get products for free The fix here https://github.com/simplcommerce/SimplCommerce/issues/971 does not work because client-side controls can by bypassed by modifying the POST request Proof of Concept 1: Add one $75 and $25 item in...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/10/19 9:7 p.m.β€’11 views

SQL Injection in yeswiki/yeswiki

Description A boolean-based SQL Injection vulnerability has been found in the email parameter of the registration form. When a new user registers, the application first checks if the email exists through the emailExistsInDB function located in line 999 of the User.class.php. As you can see, it do...

Exploits0References1
Huntr
Huntr
β€’added 2021/10/19 12:57 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in msaari/relevanssi

Description Good afternoon. Beginning on 12 October 2021, our XSS catcher started receiving callbacks from a group of sites that are using the Relevanssi plugin for Wordpress. It appears to us that the software is not properly filtering Unsuccessful searches before displaying the information to t...

5.9AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/10/16 1:20 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

Description More CSRF endpoints in delete webhooks Proof of Concept /index.php?route=/panel/core/hooks/&action=delete&id=2 Impact This vulnerability is capable of tricking admin users to deleting webhooks...

2.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/10/16 1:12 p.m.β€’11 views

in robotichead/nearbeach

Description Sensitive data on the application can be exposed after the user logout Proof of Concept 1 Login to the application https://demo.nearbeach.app/ 2 Goto page like My Account , or Any other page 3 Click logout 4 Click browser back button Impact When a user logs out without closing the...

0.1AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/10/14 10:38 a.m.β€’11 views

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in mineweb/minewebcms

Description Hello, In the password reset it is possible to perform a Host Header Injection, so the victim will receive an email pointing to a third party site. By clicking, the attacker will be able to retrieve the victim's account reset token and use it to access his account. From Portswigger :...

0.3AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/10/14 6:16 a.m.β€’11 views

in flatcore/flatcore-cms

Description The Cookie before & after user login doesn't change. Proof of Concept // PoC 1 Load new website in a new browser 2 Get cookie before login 3 Login to website 4 Get cookie after login Compare those 2 values Impact Through other attack methods such as XSS, the attacker can store the...

2.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/10/13 2:30 p.m.β€’11 views

Heap-based Buffer Overflow in hoene/libmysofa

Description system : ubuntu 20.04 build command cd libmysofa mkdir build cd build CC=clang CXX=clang++ CFLAGS="-fsanitize=address -g" CXXFLAGS="-fsanitize=address -g" cmake ../ make all repro ./mysofa2json -c ./libmyfofamysofacheck Proof of Concept...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/10/13 11:14 a.m.β€’11 views

Cross-site Scripting (XSS) - Reflected in dmpop/mejiro

Description From OWASP : : Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script...

5.6AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/10/13 9:42 a.m.β€’11 views

in fisharebest/webtrees

Description In fix commit https://github.com/fisharebest/webtrees/commit/fc904122e0c1b55f274bc4c8cd883c266176e34e, the fix was to set CSP to script-src in HTML files to none. Webtrees by default has X-Frame-Options headers to prevent clickjacking, but since X-Frame-Options: SAMEORIGIN, it is...

6.8AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/10/13 6:33 a.m.β€’11 views

Cross-site Scripting (XSS) - Reflected in jspark311/buriedunderthenoisefloor

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.3AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/10/09 7:15 p.m.β€’11 views

in thedevdojo/wave

Description: There is no rate limit sent unlimited email victim or any email address. Proof of Concept: There is no rate limit return-password , attacker to send unlimited email to victim or any email address. Impact: Attacker can sent unlimited email to any mail address . Solution: Add 'throttle...

0.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/10/08 10:38 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in i-love-flamingo/flamingo-commerce

Description CSRF in cart related endpoints. This include: - Adding items to cart - Clean cart - Delete item from cart - Update cart This happens because the system use GET request for these actions and thus allows CSRF attacks. Proof of Concept 1. Access this link in a browser...

0.3AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/10/07 1:41 p.m.β€’11 views

Session Fixation in pheditor/pheditor

Description Session Fixation vulnerability found in pheditor in which it doesn't expire the sessions after password update. Proof of Concept // PoC 1. Open normal tab and one private tab 2. Open the pheditor on both of them and log in as a user 3. From private tab change the user password and log...

Exploits0References1
Huntr
Huntr
β€’added 2021/10/05 4:5 a.m.β€’11 views

in yeswiki/yeswiki

Description Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker to inject javascript code via SVG...

0.5AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/10/04 4:8 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Description Attacker able to delete supplier with CSRF attack Proof of Concept //PoC.html history.pushState'', '', '/'...

2.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/10/01 5:36 a.m.β€’11 views

Cross-site Scripting (XSS) - Reflected in part-db/part-db

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.3AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/09/28 4:2 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description Stored XSS in parameter 'msgbody' at 'Write e-mail' allows for the arbitrary execution of JavaScript Proof of Concept // PoC.req POST /demo/admprogram/modules/messages/messagessend.php HTTP/2 Host: www.admidio.org Cookie:...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/27 8:13 a.m.β€’11 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in netdisco/netdisco

Description Session cookie dancer.session is not marked with 'Secure' Proof of Concept 1. Go to demo page https://netdisco2-demo.herokuapp.com, the page will automatically logs in as guest 2. Open Firefox developer and see that the cookie dancer.session is not marked with 'Secure'...

0.5AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/09/26 7:43 p.m.β€’11 views

in gotify/server

Description On OS level, the authorization token of the user is being logged, with the default docker installation. Proof of Concept 1; Install the docker version of the software 2; Log in with any user 3; Observe the logs, and the following row is being displayed: GIN 2021/09/26 - 19:34:52 | 200...

3.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/25 10:41 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in janeczku/calibre-web

Description csrf bug to chnage shelf from private to public Proof of Concept Bellow request is vulnerable to csrf attack document.getElementById"test".click; Impact csrf bug to change anyone shelf status from private to public...

6.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/24 2:14 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF in deleting comments Proof of Concept 1. Logging in using admin/staff account 2. Go to torrent https://unit3d.site/torrents/19comments 3. Access the link https://unit3d.site/comments/delete/5 4 .See that the comment is deleted Impact This vulnerability is capable of deleting...

1AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/23 6:42 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description Attacker is able to disable the form Proof of Concept When you logged in open this POC.html in a browser. You can put the website into maintenance mode. history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of disabling the website...

2.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/20 11:31 a.m.β€’11 views

Inefficient Regular Expression Complexity in pyload/pyload

✍️ Description The pyload package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted HTML comments as input to the comments function of utils/web/purge.py may cause an application to consume an excessive amount of CPU. Below pinned line using...

1AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/20 4:54 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in zikula-modules/content

Description Stored XSS in Content allows for the arbitrary execution of JavaScript Proof of Concept POST /content/admin/page/edit HTTP/2 Host: demo.ziku.la Cookie: zsid=3u8efffphk5430gdmlevluk6fa User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/18 3:43 p.m.β€’11 views

Inefficient Regular Expression Complexity in mochajs/mocha

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in mocha. It allows cause a denial of service when stripping crafted invalid function definition from strs. The ReDoS vulnerability is mainly due to the regex...

1.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/17 6:23 a.m.β€’11 views

Inefficient Regular Expression Complexity in isaacs/minimatch

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in minimatch. It allows cause a denial of service when calling function braceExpand. The ReDoS vulnerability is mainly due to the regex /./ and can be exploited with the following code. Proof of Concept...

2.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/15 8:24 a.m.β€’11 views

Code Injection in zoujingli/thinkadmin

Description remote code execution Proof of Concept Bellow request is vulnerable to arbitary system command injection .\ During file upload it does not properly check file upload which allow to upload php file and this php file will execute system command POST /admin/api.upload/file.html HTTP/2...

1AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/14 7:25 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in pheditor/pheditor

Description Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...

0.9AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/09/14 6:11 a.m.β€’11 views

Open Redirect in sbrl/pepperminty-wiki

Description Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain...

0.2AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/09/13 6:47 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in e107inc/e107

✍️ Description Attacker or malicious user is able to delete all caches if a logged in user visits attacker website. because lack of CSRF token. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally all caches are cleared //POC.html...

1.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/12 11:24 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

✍️ Description Attacker able to Add any Draft with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with visiting a...

1.4AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/12 5:45 p.m.β€’11 views

Inefficient Regular Expression Complexity in clean-css/clean-css

✍️ Description It allows cause a denial of service when calling function isDataUriResource. πŸ•΅οΈβ€β™‚οΈ Proof of Concept // PoC.js var isDataUriResource = require"clean-css/lib/utils/is-data-uri-resource" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = 'data:' +...

3.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/11 7:1 a.m.β€’11 views

Open Redirect in alanaktion/phproject

✍️ Description open-redirect πŸ•΅οΈβ€β™‚οΈ Proof of Concept Bellow url is vulnerable to open redirect after login .\ it will redirect user to any arbitary site . http://localhost/phproject/login?to=http://example.com πŸ’₯ Impact Open redirect to any site...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/04 7:52 p.m.β€’11 views

Path Traversal in lampnick/doctron

✍️ Description doctron is a golang tool that helps conversion of HTML to PDF or image. The input doesn't validate if it's a valid web URL. Trying to access local files using file:/// work. This allows getting a screenshot/PDF of the sensitive files on the system. πŸ•΅οΈβ€β™‚οΈ Proof of Concept A demo...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/04 9:53 a.m.β€’11 views

Improper Authorization in imran300/inventory

✍️ Description A General manager user can edit/add other group PERMISSIONS LIST with IDOR. πŸ•΅οΈβ€β™‚οΈ Proof of Concept go to this url when logging in as a General manager. http://localhost:8000/inventory/index.php/generals/addgroup and then you can see that Permissions can be bypassed. πŸ’₯ Impact This...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/31 8:4 p.m.β€’11 views

Cross-site Scripting (XSS) - DOM in forkcms/forkcms

✍️ Description The underlying library needs to get the charset in lowercase but fork is passing it in uppercase causing some of the XSS protections to fail πŸ•΅οΈβ€β™‚οΈ Proof of Concept Go to...

1.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/31 12:24 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in zikula-modules/content

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites πŸ•΅οΈβ€β™‚οΈ Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/content/page/edit/PAGEID?slug=pages/content-introduction-page 2- inject this...

5.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/29 9:33 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc

✍️ Description online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for XSS πŸ•΅οΈβ€β™‚οΈ Proof of Concept πŸ’₯ Impact This vulnerability is capable of...

1.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/29 9:20 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc

✍️ Description online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for XSS πŸ•΅οΈβ€β™‚οΈ Proof of Concept πŸ’₯ Impact This vulnerability is capable of XSS...

1.6AI score
Exploits0
Total number of security vulnerabilities4072