Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
β€’added 2021/09/04 7:52 p.m.β€’11 views

Path Traversal in lampnick/doctron

✍️ Description doctron is a golang tool that helps conversion of HTML to PDF or image. The input doesn't validate if it's a valid web URL. Trying to access local files using file:/// work. This allows getting a screenshot/PDF of the sensitive files on the system. πŸ•΅οΈβ€β™‚οΈ Proof of Concept A demo...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/09/04 9:53 a.m.β€’11 views

Improper Authorization in imran300/inventory

✍️ Description A General manager user can edit/add other group PERMISSIONS LIST with IDOR. πŸ•΅οΈβ€β™‚οΈ Proof of Concept go to this url when logging in as a General manager. http://localhost:8000/inventory/index.php/generals/addgroup and then you can see that Permissions can be bypassed. πŸ’₯ Impact This...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/31 8:4 p.m.β€’11 views

Cross-site Scripting (XSS) - DOM in forkcms/forkcms

✍️ Description The underlying library needs to get the charset in lowercase but fork is passing it in uppercase causing some of the XSS protections to fail πŸ•΅οΈβ€β™‚οΈ Proof of Concept Go to...

1.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/31 12:24 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in zikula-modules/content

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites πŸ•΅οΈβ€β™‚οΈ Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/content/page/edit/PAGEID?slug=pages/content-introduction-page 2- inject this...

5.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/29 9:33 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc

✍️ Description online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for XSS πŸ•΅οΈβ€β™‚οΈ Proof of Concept πŸ’₯ Impact This vulnerability is capable of...

1.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/29 9:20 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc

✍️ Description online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for XSS πŸ•΅οΈβ€β™‚οΈ Proof of Concept πŸ’₯ Impact This vulnerability is capable of XSS...

1.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/28 10:36 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php

✍️ Description Attacker able to make copy of any disk with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

1.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/26 3:2 a.m.β€’11 views

SQL Injection in opensourcepos/opensourcepos

✍️ Description The Application is vulnerable to blind SQL Injection πŸ•΅οΈβ€β™‚οΈ Proof of Concept URL: https://dev.opensourcepos.org/itemkits/search?sort=1 Vulnerable Parameter: sort SQLMap POC --- Parameter: sort GET Type: boolean-based blind Title: Boolean-based blind - Parameter replace original value...

0.2AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/08/26 2:29 a.m.β€’11 views

in opensourcepos/opensourcepos

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Image: https://i.ibb.co/cbtVcb1/clickjack.png πŸ’₯ Impact According to PortSwigger references, it is...

0.7AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/08/24 9:52 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

✍️ Description csrf bug to lock a topic πŸ•΅οΈβ€β™‚οΈ Proof of Concept i see everywhere is csrf token checking . But in this case csrf token checking is missing .\ Bellow url is vulnerable to csrf attack to lock a topic . http://localhost/nameless/index.php?route=/forum/lock/&tid=1 πŸ’₯ Impact csrf bug to...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/24 4:26 p.m.β€’11 views

Improper Privilege Management in circuitverse/circuitverse

✍️ Description upvote in any private comment πŸ•΅οΈβ€β™‚οΈ Proof of Concept Bellow request is vulnerable to upvote in any comment of private project POST /commontator/comments/1312/upvote HTTP/2 Host: circuitverse.org Cookie: User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:90.0 Gecko/20100101...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/24 2:11 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description Attacker is able to delete any file on the server if logged in user visits attacker website. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Create a test.txt file under /home/user when you logged in open this POC.html in a browser you can check test.txt deletes. //PoC.html history.pushState'', '', '/'...

1.1AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/08/24 2:33 a.m.β€’11 views

in livehelperchat/livehelperchat

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. πŸ•΅οΈβ€β™‚οΈ Proof of Concept πŸ’₯ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

1.3AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/08/23 6:55 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of users with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

1.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/21 4:45 p.m.β€’11 views

SQL Injection in slackero/phpwcms

✍️ Description Data enters a program from an untrusted source πŸ•΅οΈβ€β™‚οΈ Proof of Concept if$result = mysqliquery$db, 'SELECT FROM '. $phpwcms"dbprepend" ? $phpwcms"dbprepend".'' : ''.'phpwcmsuser' πŸ’₯ Impact A successful attack may result in the unauthorized viewing of user lists, the deletion of entire...

1.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/19 3:8 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in slackero/phpwcms

✍️ Description Stored xss πŸ•΅οΈβ€β™‚οΈ Proof of Concept Plz check this 1 minute video https://drive.google.com/file/d/1ycKDrN3ot623c-iYTaJYFNCjxCXChNx1/view?usp=sharing πŸ’₯ Impact xss bug...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/17 8:4 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any File & Doc with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

1.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/17 6:14 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description Stored xss bug using a xss payload in the todo name when adding a todo item πŸ•΅οΈβ€β™‚οΈ Proof of Concept Goto http://localhost/tickets/showKanban and add a todo item and copy paste the following xss payload in the todo-name javascript " Click on safe and go to the My Timesheets tab and see...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/14 5:6 p.m.β€’11 views

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in devcode-it/openstamanager

✍️ Description A user without access to the software can inject a portion of HTML code in access logs. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Simulate login with a crafter Client-IP header like this: curl -H 'Client-IP: INJECT' -d 'username=&password=&op=login' 'http://localhost//?op=login' The result is: πŸ’₯ Impact...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/13 3:19 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in ampache/ampache

✍️ Description This is a stored XSS in the mp3 management library. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Vote an album 1 and then open "Informations" - "Most rated" 2: πŸ’₯ Impact By uploading an mp3 with javascript code into meta...

1.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/05 3:19 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

✍️ Description Attacker able to delete any contact with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the I...

1.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/04 3:48 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

✍️ Description Attacker is able to change a user profile state to public if a logged in user visits attacker website. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check your profile state changed form private to public history.pushState'', '', '/'...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/04 9:52 a.m.β€’12 views

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to modify any menu with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/04 8:29 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

✍️ Description csrf bug to mass delete item price πŸ•΅οΈβ€β™‚οΈ Proof of Concept bellow request is vulnerable to csrf attack. here csrf token checking, no refferrer checking . There is nothing to prevent csrf attack . POST /online-invoicing-system/app/itempricesview.php HTTP/1.1 Host: localhost User-Agent:...

Exploits0
Huntr
Huntr
β€’added 2021/08/04 8:26 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

✍️ Description csrf bug to mass delete client πŸ•΅οΈβ€β™‚οΈ Proof of Concept bellow request is vulnerable to csrf attack. here csrf token checking, no refferrer checking . There is nothing to prevent csrf attack . POST /online-invoicing-system/app/clientsview.php HTTP/1.1 Host: localhost User-Agent:...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/02 11:26 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in alanaktion/phproject

✍️ Description Attacker able to delete any user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

1.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/08/01 3:19 p.m.β€’11 views

in erudika/scoold

✍️ Description Bypass rate limit and sent unlimited email to any email address. πŸ’₯ Impact Attacker can sent unlimited email to any mail address . Many email service provider has limited email sending like 10000 email per month . If you exeed that limit then you will be extra charged . So, using thi...

Exploits0
Huntr
Huntr
β€’added 2021/07/31 9:51 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to create any Personal Data if users visit attacker site. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that Personal data with Denomination aaa have been created. // PoC.html history.pushState'', '', '/' input type="hidden" name="e...

2.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/31 9:51 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to delete any Document management if users visit attacker site. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check Document management with idrecord value equal to 1 have been created. // PoC.html history.pushState'', '', '/'...

3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/30 2:13 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

✍️ Description Attacker able to delete any customer if knows the customer ids parameter value. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the customer with id 2 has been deleted. //PoC.html...

2.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/28 8:40 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/24 8:39 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/24 8:34 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/24 8:29 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.4AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/23 2:58 p.m.β€’11 views

in kestasjk/webdiplomacy

✍️ Description According to previous explanation about weak cryptographic tokens, you also send the same weak token to users that forgot their passwords. here an attacker can also do Bruteforce attacks to take control of users accounts. πŸ•΅οΈβ€β™‚οΈ Proof of Concept...

0.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/22 4:1 a.m.β€’11 views

in janeczku/calibre-web

✍️ Description A user can see the name of another user's private shelf through a forbidden error. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. As user 1, try to add a book to a user 2's shelf: GET /shelf/add/2/2 2. See the returned error: Sorry you are not allowed to add a book to the the shelf: shelf test2 This is...

1.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 10:1 p.m.β€’11 views

Improper Access Control in janeczku/calibre-web

✍️ Description A user can edit the title of another user's shelf. πŸ•΅οΈβ€β™‚οΈ Proof of Concept The function editshelf calls directly to createeditshelf sending the queried shelf by the id from the path withouth checking if that shelf is theirs. // shelf.py @shelf.route"/shelf/edit/", methods="GET",...

0.5AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/07/21 9:3 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In Billing | payment section the Customer invoices part, you protect invoice Statuses to any kind of modification from CSRF attacks but if I set CSRF token to nothings then I able to modify arbitrary invoice Statuses only with knowing their ids. In this PoC.html I am able to Validat...

3.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/19 4:57 a.m.β€’11 views

Session Fixation in alovoa/alovoa

✍️ Description When a logged in user changes his password, the session does not expire after the update. πŸ•΅οΈβ€β™‚οΈ Proof of Concept // PasswordController.java does not expire or force to logout the user after the update. @PostMappingvalue = "/change", consumes = "application/json" public void...

0.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/18 7:7 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker can delete any Third Parties for any user with CSRF vulnerability when the Admin or SuperAdmin or an authorized user click on PoC.html file, it is enough to attacker know the Third Parties id on server. I convert the GET...

2.4AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/17 7:4 p.m.β€’11 views

Cross-site Scripting (XSS) - Generic in emoncms/emoncms

✍️ Description Line 94 of theme.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in theme.php at line 94. πŸ•΅οΈβ€β™‚οΈ Proof of Concept $q = ""; if isset$GET'q' $q = $GET'q'; //get in line 16 //print in line...

3.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/17 3:59 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in chevereto/chevereto-free

✍️ Description Stored xss via image upload TESTED VESRION latest github code as of 16/7/21 πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. First download https://github.com/ranjit-git/poc/blob/master/xss%22'%3E%3Cimg%20src%3Dx%20onerror%3Dalert123%3E.jpeg image file in linux . Dont change the file name . This type file...

7.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/16 11:29 p.m.β€’11 views

in ampache/ampache

✍️ Description According to PHP official documents 1 we have for mtrand function an security issue that says "This function does not generate cryptographically secure values, and should not be used for cryptographic purposes" and as we see in permalinks you use the mtrand function for generate...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/09 4:5 p.m.β€’11 views

Heap-based Buffer Overflow in squell/id3

✍️ Description Hello! We compiled id3 from commit 857ac8 with Clang-13 + ASan, and we discovered a crafted file which triggers a negative-size-param and a heap-buffer-overflow with a READ of size 40987248. But for the purposes of this report, we are going to look at the heap-buffer-overflow, as it...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/06 6:20 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in spiral-project/ihatemoney

✍️ Description The //delete/ end point lacks CSRF protection. This could be exploited by attackers to make the admin delete records from database. πŸ•΅οΈβ€β™‚οΈ Proof of Concept For the attack to work, a logged in user should click the link could be performed with JavaScript. /delete/"Click here πŸ’₯ Impact...

2.7AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/07/05 6:22 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description I found a stored XSS in your project which is lead by adding property name which reflects on summary-reports-application-leases-1.php πŸ•΅οΈβ€β™‚οΈ Proof of Concept Steps to reproduce: 1. Create a Property. 2. Enter x''' in the comments. 3. Save and visit...

0.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/04 5:16 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

πŸ’₯ BUG Stored xss 1 πŸ’₯ VERSION TESTED latest version as of 4/7/21 πŸ’₯ IMPACT xss allow to execute arbitary javascript in vicitm account πŸ’₯ STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageSettings.php and click on Sign Up tab.\ put bellow xss payload in Members custom field 1....

2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/03 7:9 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest release. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Step to Reproduce: Go to /itemsview.php and add the payload: ""@x.y as Item Description and add required data and...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/03 4:25 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description here is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest releaset πŸ•΅οΈβ€β™‚οΈ Proof of Concept Step To Reproduce: Visit clientsview.php and click add a new client Add any details add payload: on the Comments...

6AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/03 2:35 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss in membership profile. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the Address field. 4. Update the profile and You will see an alert. πŸ’₯ Impact This vulnerability is capable of stored...

1.3AI score
Exploits0
Total number of security vulnerabilities4072