Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/04/29 1:58 a.m.10 views

CSRF Lost cart availability to all customer

Description The absence of input validation in the update cart form Qty feature causes the feature to become an error / blank by simply changing the number to a string. In order to occur in all users the role of CSRF is required so that Severity user interaction is required. So you could say thes...

6.8AI score
Exploits0References2
Huntr
Huntr
added 2023/04/22 4:19 p.m.10 views

SMTP server credentials are returned

Description The vulnerability discovered in the Calibre-Web application is a security flaw in the management of email configurations that allows the SMTP server credentials to be viewed by an account with editing permission. This could allow a malicious user with access to the administrative...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/04/20 12:52 p.m.10 views

Reflected XSS in Path Traversal detector

Description Azuracast has a feature that block all Path Traversal tentative good job implementing it. But when azuracast block an attack reflect the path without sanitize the output PathTraversalDetected.php. It is possibile to do attack like Reflected XSS or HTML injection. Step to reproduce 1. ...

6.4AI score
Exploits0
Huntr
Huntr
added 2023/03/10 4:59 p.m.10 views

XSS Stored in Caption Image

Description Hello team, I found an xss stored in the caption field as demonstrated in the gif below. Proof of Concept...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/03/09 10:28 a.m.10 views

XSS Stored in perspective name

Description Hello team, I found an xss stored when adding a perspective name as shown in the gif below Proof of Concept...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/03/08 4:18 p.m.10 views

Path Traversal in code

Description The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. Proof of Concept Code that has the...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/03/02 6:37 a.m.10 views

Simple graph bed system has deserialization vulnerability and weak type comparison vulnerability

Description Simple graph bed has deserialization vulnerability and weak type comparison vulnerability Proof of Concept As you can see on line 129 below, there is a deserialization point and it is cookie passed The user controlled auth complex value in the cookie is given to the browsercookie...

0.2AI score
Exploits0
Huntr
Huntr
added 2023/02/06 10:20 a.m.10 views

CSS injection using component islands and useHead

Description After a component island render, the resulting head is regex'd for tags. This regex is not very robust and can be tricked, allowing for CSS injection. Proof of Concept app.vue vue Nuxt 3 Playground const title = ref nuxt.config.ts ts export default defineNuxtConfig experimental:...

6.4AI score
Exploits0References1
Huntr
Huntr
added 2023/01/10 11:35 a.m.10 views

XSS via markdown syntax

Description Hi,Maintainer,thanks for reading.I am glad to report a secure problem to you. I found that your forum allows users to use markdown syntax to post articles and comments, but there is no corresponding protection means, which is unsafe. Any user can post dangerous content, like the...

2.1AI score
Exploits0
Huntr
Huntr
added 2022/12/12 5:31 a.m.10 views

XSS in Workflow Comment

Description XSS Vulnerability in Workflow Comment that user can insert javascript payload in comment Proof of Concept 1. navigate to dashboard and workflow settings 2. open the commend in side-bar and insert like this payload test POC:...

7AI score
Exploits0
Huntr
Huntr
added 2022/12/09 10:48 a.m.10 views

Filepath of page components of deploying system leaks in source code

Description When building your Nuxt application, the source file path of all page components is written in the entry.js file and is thus human readable to everyone. This could lead to unwanted side effects, as in revealing the structure of the system which was used to build the application or...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/11/25 2:42 p.m.10 views

Authenticated SQL Injection in OpenSIS Classic v9.0 and earlier

Description SQL injection in OpenSIS Classic v9.0 and earlier allows remote authenticated attackers to execute SQL code via the id parameter in MassScheduleModal.php leading to full database information disclosure. Version At the time of reporting, the most up-to-date version of the master branch...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/11/23 11:55 a.m.11 views

Stored XSS in kiwiTCMS

Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform a Stored XSS. The problem is that the upload function permit...

5.6AI score
Exploits0
Huntr
Huntr
added 2022/11/19 5:29 a.m.10 views

Stored cross site scripting

Hi Team, I have found a stored cross-site scripting vulnerability in the Create event section. Description What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry points for stored XSS are: message forums...

5.2AI score
Exploits0
Huntr
Huntr
added 2022/10/20 6:31 p.m.10 views

Stored Cross-Site Scripting (XSS)

Description There is insufficient input validation in the pop-up notifications. Proof of Concept Steps to reproduce: 1. Log in to an admin account 2. Click on Services - Services Templates 3. Create a new Service Template with the Name alertdocument.location 4. The XSS is triggered when the...

6.3AI score
Exploits0
Huntr
Huntr
added 2022/10/19 1:38 a.m.10 views

Use After Free in function qf_get_curlist

Description Use After Free in function qfgetcurlist at quickfix.c:1932 . vim version git log commit bf72e0c67f26ea7c8fd941fdd1533c24c7b6cb43 grafted, HEAD - master, tag: v9.0.0792, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/fuzz/test/poc14huaf.dat...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/10/14 11:46 a.m.10 views

Denial of Service in proxy by redirecting to own host

Description It is possible to partially interrupt the proxy in the backend by redirecting to the same URL again. Proof of Concept On a server or API mocking website implement a rule that will redirect all requests to the following URL: https://diagrams.net/proxy?url=https://attacker.com...

0.4AI score0.01137EPSS
Exploits1References1
Huntr
Huntr
added 2022/10/03 12:22 p.m.10 views

2 FA bypass

Description An attacker is able to bypass 2FA due to a logic flaw on the application Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/general 2 Your account is set to [email protected] as primary email 3 Go to https://rdiffweb-dev.ikus-soft.com/prefs/mfa and click on "Enable 2FA" 4 A...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/10/03 8:29 a.m.10 views

XSS on external links

Description This vulnerability allow for an administrator to create an evil external link. Proof of Concept As an admin user - Go to http://172.16.128.131/front/link.form.php?id=1 - Create an external link and put has value for the link javascript:alert1 - Assign this link to budgets example As a...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/09/17 1:20 p.m.10 views

User can read any series without permission

Description A normal user can access any series without permission if they have access to at least one library. Version Tested on latest release 0.5.6.0 and on docker image 'kizaing/kavita:latest', with image pulled on September 17, 12:30 UTC Digest:...

Exploits0
Huntr
Huntr
added 2022/08/24 2:48 p.m.10 views

Login bruteforce

Description According to the fix of the previous report, the login page has a rate limit mechanism to block the user’s IP when many attempts are made. The endpoint, for example, /v2/console/status only returns the content when who made the request has the correct rights. However, this request is...

7.2AI score
Exploits0References1
Huntr
Huntr
added 2022/08/23 1:34 p.m.10 views

Insufficient Session Expiration

Description The Nakama Console session is not invalidated when the user is deleted. Proof of Concept Steps to reproduce: 1. Log in to the Nakama Console as admin and create a user [email protected] 2. In a separate browser or private window log in to the account [email protected] 3. In the admin session,...

1AI score
Exploits0References1
Huntr
Huntr
added 2022/08/05 6:36 p.m.10 views

Send message to blocked user

Description In this case if a userA block userB. UserB is still able to send private message to user A Proof of Concept 1.USerA block userB 2.UserB send direct request to message endpoint with userA''s userID Poc POST https://bookwyrm.social/post/direct Host: bookwyrm.social User-Agent: Mozilla/5...

7AI score
Exploits0
Huntr
Huntr
added 2022/08/02 9:22 p.m.10 views

Idor when creating group

Description Insecure direct object references when creating a list allows one user to create a new list on behalf of another. Proof of Concept POST /user/[email protected]/groups HTTP/2 Host: bookwyrm.social Cookie: csrftoken=; djangolanguage=None; sessionid= User-Agent: Mozilla/5.0 Windows N...

7AI score
Exploits0
Huntr
Huntr
added 2022/07/30 11:4 a.m.10 views

CSRF vulnerability exists in modifying user information (including password)

Description Csrf vulnerability in user information modification page Proof of Concept In \app\home\c\UserController $re = M'member'-update'id'=$this-member'id',$w; $member = M'member'-find'id'=$this-member'id'; unset$member'pass'; $SESSION'member' = arraymerge$SESSION'member',$member;...

1.2AI score
Exploits0References1
Huntr
Huntr
added 2022/07/27 4:27 p.m.10 views

Path traversal in unjs/storage leads to code injection due to unsanitzed code generation

Path Traversal A path traversal vulnerability exists within unjs/unstorage when using the file system storage driver. This vulnerability can be exploited when the user has control over the key name. By creating key names containing sequences of ../ or ..: we can navigate the file system. We are...

7.2AI score
Exploits0References3
Huntr
Huntr
added 2022/07/27 11:39 a.m.10 views

Unauthenticated Cross Site Scripting - Reflected

Description Please enter a description of the vulnerability. Proof of Concept XSS POC: Local Host : http://192.168.0.109:81/?PagePrincipale/rss&id=1%27%3Cscript%3Ealert1122%3C/script%3E Vendor Domain: https://yeswiki.net/?AccueiL/rss&id=1%27%3Cscript%3Ealert1122%3C/script%3E Attached POC Images:...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/07/24 5:47 p.m.10 views

Cross site script

Description In this case a patient is able to execute js scripts in admin's session. further exploitation could lead to admin account takeover Steps to Repro:- 1. Login here https://demo.openemr.io/openemr/portal 2. Goto my documents and create new insurance form 3. Add this payload to any select...

Exploits0
Huntr
Huntr
added 2022/07/15 4:5 p.m.10 views

Insecure direct object references in "review" function

Description Insecure direct object references in review a book function allows one user to create a comment on behalf of another. Proof of Concept POST /post/review HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=bYsdqkQkkbYXZYRVd8AynhYxG1rBb2AoOfAO76XCYmgzXK3A266EpZamGcKL0pN5;...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2022/07/14 5:25 p.m.10 views

LFI / Path Traversal allows attacker to read any file in the working directory

Description The file upload functionality allows a user to attach a file to a paste. When an attacker views the attached file he can alter the path e.g. via burpsuit and read any file in the working directory via the relative path. This also accounts for private pastes. The attacker needs...

1.4AI score
Exploits0
Huntr
Huntr
added 2022/07/14 6:54 a.m.10 views

Insecure redirect when submit invalid form

Description When submit invalid form, the server will redirect to url which obtain via Referrer header. Proof of Concept POST /create-shelf HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=ZpIuGbCcxOyhta5bki4N46N7vknEAcpaG3881kcMAfWKBEYKEiLEeSc3Sr4lUTVa; djangolanguage=en-us;...

0.9AI score
Exploits0References1
Huntr
Huntr
added 2022/07/14 6:32 a.m.10 views

Insecure direct object references in `create-shelf` function

Description Insecure direct object references in create-shelf function allows one user to create a shelf on behalf of another. Proof of Concept POST /create-shelf HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=ZpIuGbCcxOyhta5bki4N46N7vknEAcpaG3881kcMAfWKBEYKEiLEeSc3Sr4lUTVa;...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2022/07/06 5:1 a.m.10 views

Cross-Site Request Forgery (CSRF)

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit;...

1.9AI score
Exploits0
Huntr
Huntr
added 2022/07/05 9:38 a.m.10 views

Allows large characters in password filling

Description The commafeedapplication allows large characters to insert in the input field "password" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1. Register a new account. 2. Fill a normal email, fill the "Password" and "Password agian"...

2AI score
Exploits0References3
Huntr
Huntr
added 2022/07/04 6:32 p.m.10 views

Improper Link Input Validation leads to Cross-site Scripting (XSS)

Description The link input validation is not filtered protocol javascript of href attribute. It allows attackers to inject malicious links to many fields of the website, such as author introduction, user summary, and book description, ... which could execute javascript code XSS. Proof of Concept...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/06/19 7:56 a.m.10 views

UI Redressing

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept 1. Go to this URL:...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2022/06/11 12:57 p.m.10 views

Cross Site Scripting via Improper Input Validation

Description The parse-url The 5.0.8 version of the parser does not check :// character between protocols. This causes spoofing of the javascript protocol itself. Additionally, protocol spoofing does not occur in url-parse, new URL, and url.parse other than parse-url. Proof of Concept const parseU...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/06/11 8:51 a.m.10 views

Stored XSS in Part Parameter

Description The application inventree is vulnerable to Stored XSS in part parameter field. Proof of Concept Video PoC link: https://drive.google.com/file/d/19MiGIB3Q1VzdmMBttCKiEtFKR34z-2/view?usp=sharing...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/06/11 8:28 a.m.10 views

heap-buffer-overflow in dex_parse

Description There exists a heap based out of bounds read vulnerability in dexparse c setinteger yrle16tohmapitem-type, dex-object, "maplist.mapitem%i.type", i; Reproduction Build the fuzz target with address sanitizer enabled + optional libfuzzer and run the test case from here $ git rev-parse HE...

7AI score
Exploits0
Huntr
Huntr
added 2022/06/09 7:46 a.m.10 views

IDOR in Messages function

Description An user can view other users' private messages, join the conversation, delete messages if they know messages uuid Proof of Concept 1. A send B a priavte messages/email 2. C can view messages, join the conversation, delete messages if C know messages uuid...

3.7AI score
Exploits0
Huntr
Huntr
added 2022/06/09 2:52 a.m.10 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept Go to this URL:...

0.7AI score
Exploits0References3
Huntr
Huntr
added 2022/06/01 4:19 p.m.10 views

Path Traversal via Files Manager

Description Please enter a description of the vulnerability. Steps to reproduce 1.Login to admin panel and go to Modules - Files http://localhost/microweber/admin/view:modules/loadmodule:files 2.Click any file, the url will have the following format:...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/05/31 12:15 p.m.10 views

classic overflow on the stack, with the ability to intercept control.

Description if arguments longer than 1024 were passed to program iusql, we get a classic stack overflow. Proof of Concept I removed the docking check to reduce POC, this check did not show overflow protection git clone https://github.com/lurcher/unixODBC.git 123 sed -i 's/^.if .phEnv, phDbc !=...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/05/29 8:32 p.m.10 views

Server side request forgery lead to denial of service

Description In this case if a attacker try to load a huge file then server will try to load the file and eventually server use its all memory which will dos the server Proof of Concept 1.Goto...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/05/18 9:51 a.m.10 views

Cross Site Request Forgery in acknowledging Toast

Description Hi there linkding maintainers, I would like to report a Cross site request forgery in acknowledging toast. This is due to the use of GET method. Proof of Concept 1. Install a local instance of linkding 2. Create admin user admin 3. Log in as admin and create a new toast 4. Go back to...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/05/17 3:56 p.m.10 views

Stored Cross Site Scripting on "Add user" field

Steps to reproduce: 1. Go to settings-- Access controls -- Add user 2. Payload = """ 3. Add XSS payload as username and create a new user 4. After creating the user, click on delete button and the XSS will be triggered POC Screenshot:...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/05/16 5:45 p.m.10 views

Insufficient Session Expiration

Description If the admin changes the password of a user and if the user already login so application failed to invalidate the session after changing the password as a result changing the password doesn't destroy the other sessions which are logged in with old passwords. Proof of Concept 1.Login...

7.1AI score0.02432EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/05 8:34 p.m.10 views

Cross site scripting

Description 1. Login as teacher 2.Create a new assignment at https://www.rosariosis.org/demonstration/Modules.php?modname=Grades/Assignments.php&assignmenttypeid=3&assignmentid=new 3. Add this payload in discription 4. Save this assigment 5. You will see a prompt...

Exploits0
Huntr
Huntr
added 2022/05/02 6:28 p.m.10 views

Improper Access Control

Description The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Proof of Concept Unauthorized actors can access critical pages directly. - InstallDatabase.php - diagnostic.php...

3.8AI score
Exploits0
Huntr
Huntr
added 2022/05/02 8:53 a.m.10 views

Improper File Deletion

Description A student uploaded a file when submitting an assignment. Then, if a teacher deletes that assignment, the attachment is still remained on the server and if anyone has the link to that file, he can access to it to view or download it. Steps to reproduce Login to the demo environment by...

2AI score
Exploits0
Total number of security vulnerabilities4072