Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/05/29 8:32 p.m.10 views

Server side request forgery lead to denial of service

Description In this case if a attacker try to load a huge file then server will try to load the file and eventually server use its all memory which will dos the server Proof of Concept 1.Goto...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/05/18 9:51 a.m.10 views

Cross Site Request Forgery in acknowledging Toast

Description Hi there linkding maintainers, I would like to report a Cross site request forgery in acknowledging toast. This is due to the use of GET method. Proof of Concept 1. Install a local instance of linkding 2. Create admin user admin 3. Log in as admin and create a new toast 4. Go back to...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/05/17 3:56 p.m.10 views

Stored Cross Site Scripting on "Add user" field

Steps to reproduce: 1. Go to settings-- Access controls -- Add user 2. Payload = """ 3. Add XSS payload as username and create a new user 4. After creating the user, click on delete button and the XSS will be triggered POC Screenshot:...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/05/16 6:27 p.m.10 views

Application Level DoS:

Description Hey, when I attempt to change the password, I noticed that you haven't kept any password boundary. You need to limit password length. Hashing a large amount of data can cause significant resource consumption on behalf of the server and would be an easy target for an Application-level...

7.2AI score
Exploits0References1
Huntr
Huntr
added 2022/05/16 5:45 p.m.10 views

Insufficient Session Expiration

Description If the admin changes the password of a user and if the user already login so application failed to invalidate the session after changing the password as a result changing the password doesn't destroy the other sessions which are logged in with old passwords. Proof of Concept 1.Login...

7.1AI score0.02432EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/05 8:34 p.m.10 views

Cross site scripting

Description 1. Login as teacher 2.Create a new assignment at https://www.rosariosis.org/demonstration/Modules.php?modname=Grades/Assignments.php&assignmenttypeid=3&assignmentid=new 3. Add this payload in discription 4. Save this assigment 5. You will see a prompt...

Exploits0
Huntr
Huntr
added 2022/05/02 6:28 p.m.10 views

Improper Access Control

Description The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Proof of Concept Unauthorized actors can access critical pages directly. - InstallDatabase.php - diagnostic.php...

3.8AI score
Exploits0
Huntr
Huntr
added 2022/05/02 8:53 a.m.10 views

Improper File Deletion

Description A student uploaded a file when submitting an assignment. Then, if a teacher deletes that assignment, the attachment is still remained on the server and if anyone has the link to that file, he can access to it to view or download it. Steps to reproduce Login to the demo environment by...

2AI score
Exploits0
Huntr
Huntr
added 2022/04/30 6:53 p.m.10 views

Improper file deletion

Description When a user created with a profile picture and deleted after some time the profile picture of that user is still remain on the server even after deleting the user's account Proof of Concept 1. Create a new student with a profile picture 2. Delete this user 3. And visit this url...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/04/28 3:46 p.m.10 views

Cross-site scripting - DOM via view file function

Description In Modules - Files, when click a file will have a popup and in URL will append select-file= fragment, so this fragment in url lead to XSS-DOM. Proof of Concept...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2022/04/23 4:6 a.m.10 views

Improper Privilege Management - receptionist can view background services and log for admin

Description Hi there openemr maintainers, I would like to report an improper authorization vulnerability in your source code. Proof of Concept 1. Install openemr in your system and create an admin account and a receptionist account 2. Log in as receptionist and see that you don't see Reports...

1.9AI score
Exploits0
Huntr
Huntr
added 2022/03/27 1:14 p.m.11 views

unprivileged user can publish a private file

Description user who dont have any accesss in file can publish the file and then unauthenticated user can download that file Proof of Concept 1. From admin account add a new user called user-B as content Authors .\ Now give user-B permission in page section only .Dont give files permission .\ So,...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/03/12 11:4 a.m.10 views

Arbitrary file deletion in Gitea

Description When user delete the LFS data in Gitea, the oid parameter is not been validated. The attacker can make an oid whose prefix is .... to traverse directory and delete any files on the server. Proof of Concept Create a repository on Gitea. e.g. foo/bar Send a POST request with your Gitea...

1.8AI score
Exploits0
Huntr
Huntr
added 2022/03/07 12:8 p.m.10 views

Improper Authorization

Description When motuz is configured for PAM authentification it skips checking authorization completely. Therefore unprivileged expired accounts and accounts with expired passwords can still login. Proof of Concept You can expire an account with chage -E0 and still login. Impact Since disabling ...

3AI score
Exploits0References1
Huntr
Huntr
added 2022/03/04 6:23 p.m.10 views

Exposure of Sensitive Information to an Unauthorized Actor

Bug Cookies & Authorisation headers are leaked to external sites. Description When following a redirect to an external site, Cookie & Autorisation headers are leaked to the third party application. json "headers": "Accept-Encoding":"gzip, deflate, br", "Authorization":"Bearer eyJhb12345abcdef",...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/03/02 8:25 p.m.10 views

Improper Authorization

Description When veyon is used in a Linux environment and is configured to use PAM as authentication method, The authorization of an account validity is missing. Therefore expired accounts or accounts with expired passwords can still login. This bug is in the provided tool veyon-auth-helper - aft...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2022/02/24 6:18 p.m.10 views

Improper Input Validation

Description If an attacker inserts a null byte at the beginning of the javascript scheme, parse will not parse the javascript scheme properly. Therefore, all null bytes must be removed before parsing. Proof of Concept javascript const parseUrl = require"parse-url" url =...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2022/02/14 10:9 a.m.10 views

Cross-site Scripting (XSS) - Stored in alanaktion/phproject

Description This is a vulnerability caused by incorrect patching of the vulnerability at https://huntr.dev/bounties/a465d272-35fc-4f9c-99f3-b89790c5ad1c/. For api /files/@id/@name, the application performed download action if the file was in svg format...

6.3AI score
Exploits0
Huntr
Huntr
added 2022/02/14 8:40 a.m.10 views

in alanaktion/phproject

Description When the user clicks on the file, the application will checking Content-Type to decide whether to download or display the data directly. However, due to incorrect checking, a vulnerability exists leads to Stored XSS. I recommend that the force action relies on the file format instead ...

6.9AI score
Exploits0
Huntr
Huntr
added 2022/02/03 6:46 p.m.10 views

in luigirizzo/netmap

Description In the Netmap source code, calls to DbgPrint; can be found to contain a formatting argument %p to be specific yet no argument, this would in most cases lead to nearby data being printed to the debug stream. Impact This vulnerability is capable of allowing an attacker to read data from...

2.4AI score
Exploits0
Huntr
Huntr
added 2022/02/03 7:20 a.m.10 views

in cortezaproject/corteza-server

Description During testing it was found that if a user revoke his all active session, then also user is able to make changes to his account. Proof of Concept 1. Log in to the application 2. Go to profilelogin sessions and revoke all sessions. 3. You will see that all other sessions are still vali...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/01/21 10:24 a.m.10 views

Improper Privilege Management in heroiclabs/nakama

Description A predefined View Only user has access to the User Management function at the :7351//users endpoint. By default this is a predefined system administrator function, and no other users should be able to access this function. Proof of Concept - Create a View-only user with the...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/01/20 7:9 p.m.10 views

Cross-site Scripting (XSS) - Reflected in mermaid-js/mermaid-live-editor

Description There is a reflected XSS vulnerability in Mermaid v8.13.9 Live Editor. It is fixed in Mermaid develop Branch - Proof of Concept Open following link: \ \ \ \ Or copy & paste following in Mermaid v8.13.9 Live Editor: classDiagram class Duck +String beakColor +swim +quack Impact Execute...

6AI score
Exploits0
Huntr
Huntr
added 2022/01/20 3:34 p.m.10 views

in mastodon/mastodon

Description The message event listener in embed.js does not check the origin of postMessage before changing the height of the embedded toots. The vulnerable code allows any origin to postMessage on the browser window and feeds attacker's input id and height to code and now attacker is able to...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/01/20 5:22 a.m.10 views

Cross-Site Request Forgery (CSRF) in requarks/wiki

Description CSRF to upload and overwrite files Proof of Concept Open this HTML as a logged-in user var xhr = new XMLHttpRequest; xhr.open"POST", "http://127.0.0.1:3000/u", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...

1AI score
Exploits0
Huntr
Huntr
added 2022/01/20 5:9 a.m.10 views

Heap-based Buffer Overflow in gpac/gpac

Description Heap-based Buffer Overflow in gpac Proof of Concept Version: MP4Box - GPAC version 1.1.0-DEV-rev1646-gddd7990bb-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929...

Exploits0
Huntr
Huntr
added 2022/01/17 1:13 p.m.10 views

Cross-Site Request Forgery (CSRF) in liangliangyy/djangoblog

Description Hi there, I would like to report a Cross Site Request Forgery in djangoblog source code. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker t...

1.1AI score
Exploits0References1
Huntr
Huntr
added 2022/01/10 4:50 p.m.10 views

in vim/vim

Description Memory Allocation with Excessive Size Value Proof of Concept base64 poc aAp2ewp5Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3NzcKXQo= vim -u NONE -X -Z -e -s -S ./poc -c :qa! ==1206187==ERROR: AddressSanitizer: requested allocation size 0xfffffffffffffff8 0x7f8 after adjustments for alignment, red zones...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/12/28 2:19 p.m.10 views

Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Description Hi there, there is a CSRF in your logout function. This will force admin to logout if he/she clicks on the link attacker gives him. Proof of Concept 1. Install phpmyfaq on your system. 2. Login as admin 3. Open this link /admin/index.php?action=logout 4. See that you are logged out of...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/12/27 8:18 a.m.10 views

Cross-Site Request Forgery (CSRF) in zikula-modules/content

Description There is no csrf protection for content page duplicate functionality. Proof of Concept document.forms0.submit; Impact This vulnerability is capable of creating more number of duplicates by clicking malicious links...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/12/26 3:45 p.m.10 views

Prototype Pollution in egorovsa/json-unflat

Description Versions 2.0.0 of json-unflat are vulnerable to prototype pollution. The function unflat does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. JsonUnFlat.unflat = function json var...

2.3AI score
Exploits0References1
Huntr
Huntr
added 2021/12/20 4:0 a.m.10 views

Cross-site Scripting (XSS) - Stored in requarks/wiki

Description Stored XSS can be performed by malicious XML / HTM files. There is no check in place to prevent such files from being uploaded. Proof of Concept 1 XML 1: Upload the following file as payload.xml: alert1 alert2 confirmdocument.domain Hello http://google.com Proof of Concept 2 HTM 2:...

6AI score
Exploits0
Huntr
Huntr
added 2021/12/20 3:3 a.m.10 views

Cross-site Scripting (XSS) - Reflected in requarks/wiki

Description SVG sanitization is incomplete. Attackers can bypass fix in https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7 to perform XSS via malicious SVG files. Proof of Concept The fix commit sanitizes SVG if MimeType = svg+xml. Unfortunately this can be controlled by use...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/12/16 9:56 a.m.10 views

Improper Access Control in splitbrain/dokuwiki

Description Users can access drafts of restricted files if they have create permissions on the same namespace and have the ability to create their own usernames due to the conflicting cache names. This can reveal draft contents, delete draft and overwrite the draft content of the restricted file...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/12/13 9:40 a.m.10 views

Open Redirect in openwhyd/openwhyd

Description openwhyd is vulnerable to Open Redirect vulnerability via the redirect parameter at login page. Vulnerable parameter redirect Vulnerable URL https://openwhyd.org/login?redirect=https://google.com Proof of Concept Send users the following login link...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/12/09 7:7 p.m.10 views

Inclusion of Sensitive Information in Source Code in pimcore/demo

Description API Keys is hard coded in the application source code. The use of a hard-coded API Key has many negative implications. Proof of Concept "security" = "method" = "datahubapikey", "apikey" = "6332aa5e6d3d6c0be31da2a8b3442113", "skipPermissionCheck" = FALSE...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/12/06 12:52 p.m.10 views

Cross-site Scripting (XSS) - Reflected in emoncms/emoncms

Description EmonCMS 10.9.19 has 2 reflected XSS vulnerabilities: 1 - one that is executed when a user tries to generate a new app whose name contains javascript code. The vulnerability leverages the default option of displayerrors within the processsettings.php file which produce unsanitized erro...

1.1AI score
Exploits0References1
Huntr
Huntr
added 2021/11/24 1:39 p.m.10 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

Description I found Stored XSS in the title of the content. Proof of Concept Step 1.First of all, build the environment with Docker and create an administrator user. 2.Next, create a new "To -DO" from "Project Dashboard" in the left menu. / 3.Next, create an account for the role of "Team Member"...

6.4AI score
Exploits0References1
Huntr
Huntr
added 2021/11/18 2:59 p.m.10 views

Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2

Description Cross site scripting vulnerability in name field on customer edit form Proof of Concept place this payload in customer name field and save " Impact This vulnerability is capable of stolen the user session...

4.3CVSS0.8AI score0.00764EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/08 5:40 p.m.10 views

SQL Injection in galette/galette

Description Hi, I could find a SQL Injection when adding a user. From OWASP : A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify...

1.6AI score
Exploits0References1
Huntr
Huntr
added 2021/11/07 6:51 p.m.10 views

Cross-site Scripting (XSS) - Stored in galette/galette

Description Hi, By reviewing your project I've found multiples stored cross-site scripting. From OWASP : Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/11/03 5:51 p.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in getgrav/grav

✍️ Description The secure flag is not set for session cookies in the application. 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an...

0.2AI score0.01624EPSS
Exploits0References1
Huntr
Huntr
added 2021/11/01 8:44 a.m.10 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

Description Stored XSS via filename when upload file Proof of Concept // PoC.req POST /leantime/public//projects/showProject/3 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101 Firefox/94.0 Accept:...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/10/27 3:41 p.m.10 views

Cross-site Scripting (XSS) - Stored in eventum/eventum

Description Stored XSS via upload 'Attached Files' with format .svg Proof of Concept // PoC.req POST /ajax/upload.php?file=dropfile HTTP/1.1 Host: 127.0.0.1:8888 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101 Firefox/94.0 Accept: application/json Accept-Language:...

6.1AI score
Exploits0References1
Huntr
Huntr
added 2021/10/22 2:1 p.m.10 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

Description Hello Microweber team I found a CSRF on deleting the comments : //PoC.html history.pushState'', '', '/' after you run this PoC.html you can see that the comment with id 1 will be deleted...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/10/19 3:26 p.m.10 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description Hello. ForkCMS does not properly sanitize the website's TITLE when it is imported into the meta tags. Proof of Concept If we set the page title to something like this: Home - Hi'"script src=//xss/scriptx="99\r\n%0A%09%0Dsvg\onload=confirm1 It gets reflected back here: "" Impact This...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2021/10/18 8:46 p.m.10 views

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept // PoC.js Vuln Link --...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/10/18 12:19 p.m.10 views

Heap-based Buffer Overflow in hoene/libmysofa

Description system : ubuntu 20.04 build command cd libmysofa mkdir build cd build CC=clang CXX=clang++ CFLAGS="-fsanitize=address -g" CXXFLAGS="-fsanitize=address -g" cmake ../ make all Proof of Concept https://drive.google.com/file/d/1JbQAECcj5-SDRZVUsRWiaBgJQZ0nMiK/view?usp=sharing repro...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/10/16 6:16 p.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq

✍️ Description The secure flag is not set for session cookie in the application. Proof of Concept Check this for POC: Image Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/10/16 5:36 p.m.10 views

in zmister2016/mrdoc

Description ● Arbitrary file upload at /uploaddocimg/ ● An attacker could abuse this vuln ○ For a html , could do phishing ○ For a py, may lead to Remote Code Execution(by overwrting the existing Django py files, not proved yet) Proof of Concept Arbitrary file upload, HTML for instance POST...

0.4AI score
Exploits0References1
Total number of security vulnerabilities4072