Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/06/04 1:3 p.m.38 views

Cross-site scripting - Reflected XSS caused by error logs in neorazorx/facturascripts

Description There are two fields that can insert the XSS payload by the error log. 1. http://127.0.0.1/facturascripts/EditBalance, the codbalance field 2. http://127.0.0.1/facturascripts/EditSettings, the tipoidfiscal field in Fiscal Id Both fields require 1 and 25 numbers or letters, no spaces,...

3.5CVSS0.3AI score0.00643EPSS
Exploits1
Huntr
Huntr
added 2022/05/19 11:52 p.m.38 views

Bypass Restriction and File Upload Leads to XSS Stored - TXT to HTML

Description Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file, XSS Stored was obtained when uploading the HTML file. Proof of Concept POST /admin/resources/upload HTTP/1.1 Host: demo-publify.herokuapp.com Cookie:...

3.5CVSS5.5AI score0.00715EPSS
Exploits1References3
Huntr
Huntr
added 2022/05/14 1:35 p.m.38 views

The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request

POC: 1. go to signup form: http://127.0.0.1:8118/signup 2. Fill the Full Name input field with huge charactersmore than lakhs or crores 3. After created the account, check the admin panel: http://127.0.0.1:8118/accounts, go to Accounts -- customers 4. The admin panel will be flooded with our...

5CVSS2.4AI score0.00986EPSS
Exploits1References2
Huntr
Huntr
added 2022/04/28 2:42 a.m.38 views

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729

Description NULL Pointer Dereference in function vimregexecstring at regexp.c:2729 allows attackers to cause a denial of service application crash via a crafted input. POC ./vim -u NONE -X -Z -e -s -S ./pocn.dat -c :qa! Segmentation fault pocn.dat GDB ─── Output/messages...

5CVSS1.7AI score0.01518EPSS
Exploits1
Huntr
Huntr
added 2022/04/19 6:25 p.m.38 views

Dom xss leads to account takeover

Description The endpoint of login allows Javascript payload to execute which leads to XSS pop-up Proof of Concept Send this link to admin http://127.0.0.1:2222/login/?redirect=javascript:alertdocument.cookie When he will open it and try to login XSS will popup. Image POC...

5.1CVSS7.3AI score0.01275EPSS
Exploits1
Huntr
Huntr
added 2022/04/10 10:36 a.m.38 views

Stored XSS due to no sanitization in the filename

Description The organizr application doesn't sanitize malicious javascript payload which leads to stored XSS and can also perform to the takeover admin account. Proof of Concept 1.Login with Co-admin account and go to "Settings" - "Image Manager" and upload any small size jpeg image and intercept...

3.5CVSS8.9AI score0.01024EPSS
Exploits1
Huntr
Huntr
added 2022/03/23 6:22 a.m.38 views

Heap Buffer Overflow in parseDragons

Description heap buffer overflow in parseDragons function. ASAN report: ================================================================= ==2541037==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000065578 at pc 0x7f45488bde0d bp 0x7ffc08551b50 sp 0x7ffc085512f8 READ of size 4 at...

5CVSS7.7AI score0.00944EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/20 6:29 p.m.38 views

Obscure Email Vulnerability allow anyone to signup with target email id without proper verification and Allowing malicious domain on username input field leads to business logic error by victim response fetching via email and force a user to download any file hacker want on behalf of [email protected].

Description This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so [email protected] is the same as [email protected] is the same as [email protected]. with this vulnerability attacker ca...

0.4AI score
Exploits0References2
Huntr
Huntr
added 2022/03/14 11:54 a.m.38 views

Stored XSS via File Upload

Description \ Stored XSS via uploading file in .md format. Proof of Concept filename="poc.md" alert1 Steps to Reproduce 1.Login into showdoc.com.cn.\ 2.Navigate to file library https://www.showdoc.com.cn/attachment/index\ 3.In the File Library page, click the Upload button and choose the poc.md...

3.5CVSS5.4AI score0.00725EPSS
Exploits1
Huntr
Huntr
added 2022/03/11 6:12 a.m.38 views

Accounting User Can Download Patient Reports in openemr

Vulnerability Type Insecure Direct Object Reference Affected URL https://localhost/openemr/interface/patientfile/report/customreport.php Affected Parameters “Issue7” Authentication Required? Yes Issue Summary Non-privilege users accounting & front-office can download patient reports containing...

4CVSS0.3AI score0.00865EPSS
Exploits2References1
Huntr
Huntr
added 2022/01/25 12:30 p.m.38 views

Heap-based Buffer Overflow in vim/vim

Description Heap-buffer-overflow on write in vim This issue was created to separate this one and was fixed with Patch 8.2.4218. Proof of Concept Steps to reproduce: echo -n bm9ybTBRgFBTMP8wMDCysDAwMDAwMDAwMDAwMDAw/zD/g7IwMDAwMDAwMDAwjjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAD | base64 -d heapowpoc2 vim ...

6.8CVSS8.2AI score0.01514EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/25 8:57 a.m.38 views

Improper Authorization in janeczku/calibre-web

Description With default settings, low-level users will not have permission to edit the sort order of books in private shelf of another user. However, due to incorrect checking, the application does not work as intended. Proof of Concept - Step 1: Login with admin account and go to...

4CVSS0.00653EPSS
Exploits1
Huntr
Huntr
added 2022/01/03 1:37 p.m.38 views

Improper Authorization in saleor/saleor

Title GraphQL traversal due to missing permission checks Description orders and customers fields allow to access each other via nodes edges. However, connections don't check user's permissions, which allows, for instance, a staff with just Customers permissions get full information about the orde...

4CVSS0.4AI score0.00994EPSS
Exploits1
Huntr
Huntr
added 2022/01/02 12:30 p.m.38 views

Code Injection in microweber/microweber

Description HTML Injection is a vulnerability in which the attacker can inject malicious html content in the webpage. Proof of Concept 1 Admin has enabled Comments module, so that people can comment on a blog post. 2 Attacker post the following comment: SOMETHING+SOMETHING Now, observe the change...

5CVSS1.4AI score0.01555EPSS
Exploits1
Huntr
Huntr
added 2021/12/13 3:10 a.m.38 views

in netristv/ws-scrcpy

Description read file From server Proof of Concept GET /../../../../../../../../../../../../etc/passwd HTTP/1.1 Host: xxxx Impact test on ws-scrcpy-0.7,this is The latest version...

5CVSS1.9AI score0.01227EPSS
Exploits1
Huntr
Huntr
added 2021/12/03 10:41 p.m.38 views

None in vim/vim

✍️ Description When fuzzing vim commit 021ef351c works with latest build and latest commit 04b7b4b per this time of this report v8.2.3728, I discovered a use after free. This crash triggered with only clang 10 and ASan. And I'm testing with clang 13 it doesn't crash so I assume this crash doesn't...

6.8CVSS7.3AI score0.01293EPSS
Exploits1
Huntr
Huntr
added 2021/11/23 10:16 p.m.38 views

Heap-based Buffer Overflow in vim/vim

✍️ Description When fuzzing vim commit 3c19b5050 works with latest build and latest commit 65259b5c6 per this time of this report v8.2.3635 with clang 12 and ASan, I discovered a heap buffer overflow. Proof of Concept Here is the poc download link bash...

6.8CVSS7.3AI score0.01792EPSS
Exploits1
Huntr
Huntr
added 2021/09/28 5:4 p.m.38 views

in dompdf/dompdf

Description The Scenario 3 you described in this report https://huntr.dev/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e/ actually opens up the ability to bypass chroot checks. Proof of Concept 1: Make sure you install Dompdf from GitHub https://github.com/dompdf/dompdf/ and include the following...

5CVSS5.4AI score0.00913EPSS
Exploits1
Huntr
Huntr
added 2021/09/28 10:36 a.m.38 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in openfun/openedx-docker

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/10vEIf77qf1ejR14lL5GZCMn9bZmmbIBd/view?usp=sharing Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP...

Exploits0References1
Huntr
Huntr
added 2021/08/26 3:59 a.m.38 views

Sensitive Cookie Without 'HttpOnly' Flag in azuracast/azuracast

✍️ Description HTTPOnly attribute is not set for session cookies in the application. 🕵️‍♂️ Proof of Concept 💥 Impact When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session cookies that can...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2023/03/26 1:56 p.m.37 views

XSS in Upload file PDF in pimcore/pimcore

Description pimcore is vulnerable to XSS at Filedata field in Document Upload Payload Payload File: https://drive.google.com/file/d/1tDcOcuzyJrFnT7RH-VmVq6XwXC1yh-AF/view?usp=sharing URL URL: https://11.x-dev.pimcore.fun/admin/asset/add-asset?parentId=379&dir=&allowOverwrite=0 Proof of Concept St...

6.4AI score0.00342EPSS
Exploits1
Huntr
Huntr
added 2023/02/22 3:1 a.m.37 views

Insecure Business Logic - Client Side Enforcement Bypass on User Account Deletion

Description The application enforces account deletion on the client-side with a popup that states the admin account cannot be deleted. Additionally, regular users do not have an option in the interface to delete their own account. An administrative and regular-privileged user are able to bypass...

5.5CVSS5.5AI score0.0075EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/21 12:49 p.m.37 views

Captcha Bypass on login

Description So if we login incorrectly multiple times, we get captcha. Each captcha has "captchaid" and solve "captchacode" For example: "captchacode":"8awt" "captchaid":"7nToXDrT6SkJ2BJxKG1u" You can use same captcha code and captcha id in login without any problem Captcha is generated with -...

5CVSS5.8AI score0.00614EPSS
Exploits1
Huntr
Huntr
added 2023/02/13 8:17 p.m.37 views

No Protection Against Bruteforce Attacks on Login Page in

Description Modoboa does not restrict or limit unsuccessful login attempts allowing an attacker to brute force the password of a known user Proof of Concept Steps to Reproduce: Capture login request with BurpSuite Send to Intruder Replay the login request with a different password value utilizing...

5CVSS7.5AI score0.00653EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/26 4:9 p.m.37 views

stored Blind XSS in Admin Panel through FAQ-Proposal leads to Admin Full Account Takeover

Hello. Vulnerability: Blind XSS in Admin Panel while generating Report 1. Without beeing logged in the Application 2. Go to FAQ-Proposal - put an XSS Payload like alert'1' in the question Field 4. Send the Proposal ------ 4. Admin will login 5. The Proposal will pop up in the Category you specifi...

4.3CVSS5AI score0.00601EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/12 1:56 a.m.37 views

Heap-based Buffer Overflow in function ml_append_int

Description Heap-based Buffer Overflow in function mlappendint at memline.c:2951 vim version git log commit 043d7b2c84cda275354aa023b5769660ea70a168 HEAD - master, tag: v9.0.1182, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochbo02s.dat -c :qa!...

4.4CVSS7.7AI score0.00467EPSS
Exploits1
Huntr
Huntr
added 2023/01/03 1:48 p.m.37 views

Out-of-bounds Write in function do_string_sub

Out-of-bounds Write in function dostringsub at eval.c:7338 vim version git log commit ea720aea851e645f4c8ec3b20afb27c7ca38184c HEAD - master, tag: v9.0.1137, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochow01s.dat -c :qa!...

4.4CVSS7.6AI score0.00469EPSS
Exploits1
Huntr
Huntr
added 2022/12/22 5:40 p.m.37 views

Reset API any user via IDOR

Description Reset API any user without taking action from him via IDOR Proof of Concept 1- Create a user 2- Go to setting 3- Open Burp Suite to object to the requisition 4- Click on it Reset API 5- This is the body request "id":101,"resetOpenId":true 6- When changing the "id", for example "102",...

7.5CVSS0.5AI score0.00731EPSS
Exploits1
Huntr
Huntr
added 2022/12/04 2:43 p.m.37 views

XSS Stored in Email

Description It was discovered that it is possible to inject a malicious payload into the email address field, resulting in a stored XSS vulnerability. Proof of Concept 1. Access to emails parameters /scp/emails.php 2. create an account with the following email address Payload...

4.9CVSS5.3AI score0.00514EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/14 9:51 a.m.37 views

Cross Site Request Forgery in profile's "SSH Keys" leads to unauthorized access to the system

Description While adding SSH public keys to the profile, the server accepts the GET request which results in adding an SSH public key to the profile and leads to unauthorised access to the system and backups. Proof of Concept Open the below url after logging in to the demo site.SSH Public key wil...

6.8CVSS8.6AI score0.00622EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/15 3:11 a.m.37 views

Buffer Over-read in function utf_head_off

Description Buffer Over-read in function utfheadoff at vim/src/mbyte.c:3872 vim version git log commit 249e1b903a9c0460d618f6dcc59aeb8c03b24b20 grafted, HEAD - master, tag: v9.0.0213, origin/master, origin/HEAD Proof of Concept ./vim/src/vim -u NONE -X -Z -e -s -S poc3hbo.dat -c :qa!...

4.4CVSS7.7AI score0.00501EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 4:42 p.m.37 views

Bypassing SVG content cleaning lead to Stored XSS

Description the application is accepting SVG files as an image and applies a sanitize on the SVG content to avoid XSS attacks using the following snippet of code php else if $ext === 'svg' if isfile$filePath $sanitizer = new \enshrined\svgSanitize\Sanitizer; // Load the dirty svg $dirtySVG =...

3.5CVSS5.4AI score0.00555EPSS
Exploits1
Huntr
Huntr
added 2022/06/25 12:34 a.m.37 views

Heap-based buffer overflow in function ins_bs

Description Heap-based buffer overflow in function insbs at edit.c:4187 Version commit 8eba2bd291b347e3008aa9e565652d51ad638cfa HEAD, tag: v8.2.5151 Proof of Concept guest@elk:/trung/vim2/src$ valgrind ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/guest/trung/poc/poc24 -c :qa! ==5251== Memchec...

6.8CVSS0.01395EPSS
Exploits1
Huntr
Huntr
added 2022/06/16 7:42 a.m.37 views

Heap-based Buffer Overflow in function get_lisp_indent

Description Heap-based Buffer Overflow in function getlispindent at indent.c:1994 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pochbo2s.dat -...

6.8CVSS7.7AI score0.01564EPSS
Exploits1
Huntr
Huntr
added 2022/05/17 6:8 p.m.37 views

Weak Password Policy

Description I would like to let you know about the password management issue. Proof of Concept 1- Go to your Profile or https://docker.trudesk.io/profile 2- Give a password as simple as 12345678. You can see you will be password has been changed and there is no strong enforcement...

7.5CVSS9.3AI score0.02095EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/14 10:1 p.m.37 views

Path Traversal in WellKnownServlet

Description The WellKnownServlet is vulnerable to path traversal. This allows reading local files. For example the files in WEB-INF that contain secrets and API keys can be read. https://github.com/jgraph/drawio/blob/v18.0.4/src/main/java/com/mxgraph/online/WellKnownServlet.javaL40-L66 java Strin...

5CVSS7.5AI score0.0215EPSS
Exploits1
Huntr
Huntr
added 2022/05/13 5:50 p.m.37 views

SSRF in editor's proxy via IPv6 link-local address

Description The proxy server does not check for link-local IPv6 addresses In https://github.com/jgraph/drawio/blob/dev/src/main/java/com/mxgraph/online/ProxyServlet.javaL255L257, it checks for local IP addresses. It is missing the link-local IPv6 address check -...

2.1CVSS0.3AI score0.00514EPSS
Exploits1
Huntr
Huntr
added 2022/05/12 11:18 a.m.37 views

Unrestricted File Upload and Path Traversal in upload image

Description The uploadImage function in accountsController take file path and extension from users . An attacker can change the path and extension to upload dangerous file to anywhere in server. Proof of Concept 1. Login 2. Upload profile image 3. Capture request, modify username and filename POS...

6CVSS0.1AI score0.02205EPSS
Exploits1
Huntr
Huntr
added 2022/04/20 11:3 a.m.37 views

Out-of-bounds Read in mrb_obj_is_kind_of in

Out-of-bounds Read in mrbobjiskindof in mruby/mruby Affected commit 791635a8d1ad9aad98aae0a36a91e092e4d71944 Proof of Concept ruby= Math.initialize do $4 prepend dup 4.instanceexec|| super end Below is the output from mruby ASAN build: bash= AddressSanitizer:DEADLYSIGNAL...

4.6CVSS2.4AI score0.00446EPSS
Exploits1
Huntr
Huntr
added 2022/03/19 4:18 p.m.37 views

Sensitive Data Exposure Due To Insecure Storage Of Profile Image

Description When the user uploads his profile picture, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of trudesk users like their Geolocation, their Device information like Device Name, Version, Software & Software version used,...

4.3CVSS0.3AI score0.01961EPSS
Exploits2References6
Huntr
Huntr
added 2022/03/17 5:44 a.m.37 views

Able to create an account with long password leads to memory corruption / Integer Overflow

I have found that there is a way to create an account with the length of more than 10k or 100k characters where it may leads to Integer overflow and the backend memory can't handle this issue Steps to Reproduce: Now we can create a simple account While creating an account , In the password field ...

5CVSS3.3AI score0.01207EPSS
Exploits1
Huntr
Huntr
added 2022/03/12 3:45 p.m.37 views

Heap-based Buffer Overflow occurs in vim

Description Heap-based Buffer Overflow occurs in suggesttrychange. commit : d0b7bfa95798f5ec743d8afffbffb83aeac823da Proof of Concept $ echo -ne "c2UgZW5jb2Rpbmc9aXNvODg1OQpub3JtMFIwMDAwMDAwMDAwMApzaWwwbm9ybRYwCmZ1IFIoKQpz aWwhbm9ybRZpMDAwMDApCmNhbCBSKCkKbm9ybTF6PQplbmRmCmNhbCBSKCk=" | base64 -d...

4.6CVSS7.7AI score0.00698EPSS
Exploits1
Huntr
Huntr
added 2022/03/07 1:57 p.m.37 views

Authorization Bypass Through User-Controlled Key

Description Hello go restful maintainer team, I would like to report a security concerning your CORS Filter feature. Go restful allows user to specify a CORS Filter with a configurable AllowedDomains param - which is an array of domains allowed in CORS policy. However, although there's is already...

6.4CVSS1.6AI score0.02737EPSS
Exploits1
Huntr
Huntr
added 2022/02/11 1:15 p.m.37 views

Cross-site Scripting (XSS) - Reflected in orchardcms/orchardcore

Description Reflected XSS is found under DesignShortcodeNew Shortcode Proof of Concept POC Video https://drive.google.com/file/d/1yFfa7g8MMUvJrrKTpJXZEHhQLRSZ1Cii/view?usp=sharing Impact Through this vulnerability, an attacker is capable to execute malicious scripts...

3.5CVSS0.8AI score0.00609EPSS
Exploits1
Huntr
Huntr
added 2022/01/26 5:17 a.m.37 views

Path Traversal in gruntjs/grunt

Description Grunt is a JavaScript task runner, a tool used to automatically perform frequent tasks such as minification, compilation, unit testing, and linting. In GruntJS, file.copy operations in GruntJS are not protected against symlink traversal for both source and destination directories...

2.1CVSS0.4AI score0.00571EPSS
Exploits1
Huntr
Huntr
added 2021/12/09 11:14 a.m.37 views

Cross-site Scripting (XSS) - Generic in bigbluebutton/bigbluebutton

Description Shared notes panel is vulnerable to XSS when rendering a new note, due to missing username sanitization. Proof of Concept 1. 1.Start a new web conference and share the link with other people 2. 2.A malicious user joins the conference with the following username: 3. 3.As soon as the...

4.3CVSS2.2AI score0.0089EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/12 9:47 p.m.37 views

Heap-based Buffer Overflow in vim/vim

Description Greetings, A Heap-based Buffer Overflow issue was discovered in Vim. The POC file is reduced to the absolute minimum to reproduce the problem. Please see sanitizer output and the "trimmed" POC file link below. System info OS version : Ubuntu 20.04.2 LTS + Clang 12 with ASan Vim Versio...

9.3CVSS7.5AI score0.01669EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/24 10:44 p.m.37 views

None in vim/vim

Description Greetings, A Use After Free issue was discovered in Vim. The POC file is reduced to the absolute minimum to reproduce the problem. Please see sanitizer output and the "trimmed" POC file link below. System info OS version : Ubuntu 20.04.2 LTS + Clang 12 with ASan Vim Version :...

6.8CVSS7.6AI score0.01273EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/17 4:35 p.m.37 views

in chatwoot/chatwoot

Description chatwoot failed to validate the original email when a user changing his/her email address in Profile Setting, An attacker may use the mechanism to forge arbitrary email(especially in trusted domain) Proof of Concept my original email is:[email protected], and I had confirmed it b...

2AI score
Exploits0
Huntr
Huntr
added 2021/10/07 4:51 p.m.37 views

Heap-based Buffer Overflow in vim/vim

Description Whilst testing vim built from commit be01090 with Clang 12 + ASan on Ubuntu 18.04, we discovered crafted input which triggers a bug in how vim draws information on the screen, causing a heap-buffer-overflow, WRITE of size 5 to occur. Proof of Concept The disclosed POC is trimmed down ...

6.8CVSS0.6AI score0.01389EPSS
Exploits1References1
Total number of security vulnerabilities4072