Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
•added 2021/08/04 6:29 a.m.•10 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

šŸ’„ BUG CSRF bug to ban a member šŸ’„ IMPACT csrf bug allow to ban any user šŸ’„ STEP TO REPRODUCE 1. First goto http://localhost/online-invoice/app/admin/pageViewMembers.php and lets assume there present a member with username test.\ Now any user send link...

1.4AI score
Exploits0
Huntr
Huntr
•added 2021/07/30 5:36 p.m.•10 views

Cross-Site Request Forgery (CSRF) in sergix44/xbackbone

āœļø Description following endpoint vulnerable to CSRF: /omeka/user/2/delete Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. šŸ•µļøā€ā™‚ļø Proof of Concept // PoC.html...

0.8AI score
Exploits0
Huntr
Huntr
•added 2021/07/30 2:14 p.m.•10 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

āœļø Description Attacker able to delete any Product in My shop section if attacker knows the ids parameter value. šŸ•µļøā€ā™‚ļø Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the Product with id 9 has been deleted...

1.8AI score
Exploits0
Huntr
Huntr
•added 2021/07/30 9:46 a.m.•10 views

Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy

āœļø Description You don't check CSRF token in following endpoint /timers/1/restart/ with PoC.html attacker able to reset timer with id equal to 1. šŸ•µļøā€ā™‚ļø Proof of Concept // PoC.html history.pushState'', '', '/' šŸ’„ Impact This vulnerability is capable of reset any timer...

2.8AI score
Exploits0
Huntr
Huntr
•added 2021/07/30 9:44 a.m.•10 views

Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy

āœļø Description You don't check CSRF token in following endpoint /timers/1/stop/ with PoC.html attacker able to stop timer with id equal to 1. šŸ•µļøā€ā™‚ļø Proof of Concept // PoC.html history.pushState'', '', '/' šŸ’„ Impact This vulnerability is capable of stop any timer...

2.5AI score
Exploits0
Huntr
Huntr
•added 2021/07/28 8:40 p.m.•10 views

Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis

āœļø Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

0.8AI score
Exploits0
Huntr
Huntr
•added 2021/07/28 8:40 p.m.•10 views

Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis

āœļø Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

0.7AI score
Exploits0
Huntr
Huntr
•added 2021/07/28 5:7 a.m.•10 views

in pimcore/pimcore

1Go to https://demo.pimcore.fun/en/account/register 2Enter the username and password 3Choose the password as 'a' and the account will be created...

0.3AI score
Exploits0
Huntr
Huntr
•added 2021/07/24 8:43 a.m.•10 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

āœļø Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.2AI score
Exploits0
Huntr
Huntr
•added 2021/07/24 8:29 a.m.•10 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

āœļø Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

0.6AI score
Exploits0
Huntr
Huntr
•added 2021/07/23 1:51 p.m.•10 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

āœļø Description CSRF bug when contacting team šŸ•µļøā€ā™‚ļø Proof of Concept no csrf token contact .\ Bellow request is vulnerable to csrf attack POST /contactUsDirect.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0 Accept:...

0.4AI score
Exploits0
Huntr
Huntr
•added 2021/07/23 10:31 a.m.•10 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

āœļø Description csrf bug to change user profile šŸ•µļøā€ā™‚ļø Proof of Concept I see there no csrf token checking when updating user-profile save bellow html code in html file and host this file . Now sent this file link to vicitm when victim open the link then his profile information will be changed...

0.6AI score
Exploits0
Huntr
Huntr
•added 2021/07/21 11:23 a.m.•10 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

āœļø Description CSRF bug to delete product variants šŸ•µļøā€ā™‚ļø Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when delete product variants ....

1.7AI score
Exploits0
Huntr
Huntr
•added 2021/07/21 10:21 a.m.•10 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

āœļø Description CSRF bug to remove linked file šŸ•µļøā€ā™‚ļø Proof of Concept bellow request is vulnerable to csrf attack when removing linked file.\ https://demo.dolibarr.org/expensereport/card.php?id=202&action=removefile&file=%28PROV202%29%2F%28PROV202%29.pdf&entity=1 šŸ’„ Impact csrf attack...

1.6AI score
Exploits0
Huntr
Huntr
•added 2021/07/21 8:32 a.m.•10 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

āœļø Description In Bank section the Bank | Cash part, you protect List entities to delete with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary List entities only with knowing their ids. šŸ•µļøā€ā™‚ļø Proof of Concept // PoC.html history.pushState'', '', '/' input...

2.9AI score
Exploits0
Huntr
Huntr
•added 2021/07/20 3:4 a.m.•10 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

āœļø Description microweber is vulnerable to Cross-site request forgery. The app is not checking the CSRF token when adding new products to the cart. šŸ•µļøā€ā™‚ļø Proof of Concept HTML content: HTML setTimeout = form.submit; , 2000; 1. Save the above content into an HTML file. 2. Open the file on the...

0.7AI score
Exploits0
Huntr
Huntr
•added 2021/07/19 11:9 a.m.•10 views

Cross-site Scripting (XSS) - Reflected in alovoa/alovoa

āœļø Description xss bug šŸ•µļøā€ā™‚ļø Proof of Concept 1. Open url https://alovoa.com/profile?lang=es%22%3E%3Cscript%3Ealert1%3C/script%3E and see xss is executed .\ My previous xss and this xss has different attacking endpoint and thats why i submitted two report šŸ’„ Impact xss...

0.2AI score
Exploits0
Huntr
Huntr
•added 2021/07/18 6:52 p.m.•10 views

in cortezaproject/corteza-server

Passwords shorter than 8 characters are considered to be weak NIST SP800-63B. Maximum password length should not be set too low, as it will prevent users from creating passphrases. ... It is important to set a maximum password length to prevent long password Denial of Service attacks. STEPS FOR...

0.7AI score
Exploits0
Huntr
Huntr
•added 2021/07/18 9:9 a.m.•10 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

āœļø Description In this directory "https://demo.dolibarr.org/ecm/index.php?mainmenu=ecm&leftmenu=ecm&idmenu=167162" The attacker Can Perform a CSRF attack to Remove any folders. In this Directory application take a parameter named "token" and I set "token" parameter value to nothings like...

1.8AI score
Exploits0
Huntr
Huntr
•added 2021/07/17 12:45 a.m.•10 views

Cross-Site Request Forgery (CSRF) in seriawei/zkeacms

āœļø Description ZKEACMS is vulnerable to Cross-site request forgery. The app has no mechanism against CSRF in all HTTP requests. šŸ•µļøā€ā™‚ļø Proof of Concept Sample: Add products to the shopping cart. HTML content: HTML setTimeout = form.submit , 2000; 1. Save the above content into an HTML file. 2. With...

1AI score
Exploits0
Huntr
Huntr
•added 2021/07/15 7:20 p.m.•10 views

in emoncms/emoncms

āœļø Description In CSRF attack if attacker able to change the victim email then attacker can change email to own email and get password from password reset section and then the account take over happen here. šŸ•µļøā€ā™‚ļø Proof of Concept 1.you login in your account 2.you make a file contain the following...

0.2AI score
Exploits0
Huntr
Huntr
•added 2021/07/15 7:5 p.m.•10 views

Cross-Site Request Forgery (CSRF) in emoncms/emoncms

āœļø Description In CSRF attack if your users going to attacker website and click the mallicouse link then they able to steal users cookie, submit unwanted date, .... šŸ•µļøā€ā™‚ļø Proof of Concept 1.you login in your account 2.you make a file contain the following html file. 3.open html as victim site...

0.5AI score
Exploits0
Huntr
Huntr
•added 2021/07/05 2:29 p.m.•10 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

āœļø Description Stored xss bug using a xss payload in the Milestone Title when adding a new milestone šŸ•µļøā€ā™‚ļø Proof of Concept Goto http://localhost/tickets/roadmap and click on add Milestone and copy paste the following xss payload javascript " Click on safe and see the xss popup with the cookie. šŸ’„...

7AI score
Exploits0
Huntr
Huntr
•added 2021/07/05 6:27 a.m.•10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

āœļø Description I found a stored XSS in your project which is lead by adding anonymous group name. šŸ•µļøā€ā™‚ļø Proof of Concept Steps to reproduce: 1. Create a group. 2. Enter group"' in the group name. 3. Save and visit view groups. 4. Click on Anonymous group you just created. šŸ’„ Impact This...

0.7AI score
Exploits0
Huntr
Huntr
•added 2021/07/04 2:14 a.m.•10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

āœļø Description In the repo online invoicing system i found a stored xss which gets exploited on unpaid invoice view which is lead by client name. šŸ•µļøā€ā™‚ļø Proof of Concept Video POC: https://drive.google.com/file/d/1emTPPkSgGXM6XllelCrsdTYhhXMGCGb/view?usp=sharing Steps to reproduce: 1. Add a client...

0.3AI score
Exploits0
Huntr
Huntr
•added 2021/07/03 9:23 a.m.•10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

āœļø Description stored xss via residenceandrentalhistoryview šŸ•µļøā€ā™‚ļø Proof of Concept check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1BdPQ-89AXURe8wCGAlwuz8wL1Xge0cmJ/view?usp=sharing...

0.8AI score
Exploits0
Huntr
Huntr
•added 2021/07/03 9:6 a.m.•10 views

in bigprof-software/online-rental-property-manager

šŸ’„ BUG privilege escalation bug to add employmentandincomehistory to a applicant . šŸ’„ IMPACT unprivileged user can add employmentandincomehistory to a applicant šŸ’„ STEP TO REPRODUCE 1. From admin account goto http://localhost/online-rental/app/admin/pageViewMembers.php and add new user called user-B...

0.5AI score
Exploits0
Huntr
Huntr
•added 2021/07/03 2:36 a.m.•10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

āœļø Description Stored xss in membership profile. šŸ•µļøā€ā™‚ļø Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the city field. 4. Update the profile and You will see an alert. šŸ’„ Impact This vulnerability is capable of Stored xss...

1.4AI score
Exploits0
Huntr
Huntr
•added 2021/07/03 1:59 a.m.•10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

āœļø Description Stored xss in profile City field.\ There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. šŸ•µļøā€ā™‚ļø Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user...

0.3AI score
Exploits0
Huntr
Huntr
•added 2021/07/03 1:39 a.m.•10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

šŸ’„ BUG Stored xss via group name šŸ’„ TESTED VERSION latest version as of 01/07/21 šŸ’„ STEP TO REPRODUCE 1. create a group with bellow xss payload in name.\ group1"'.\ 2. Now add a new user called user-B to the above group .\ 3. Finally visit...

1.7AI score
Exploits0
Huntr
Huntr
•added 2021/07/03 1:23 a.m.•10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

šŸ’„ BUG xss via landlord comment šŸ’„ VERSION TESTED latest version as of 1/7/21 šŸ’„ IMPACT xss allow to execute arbitary javascript in vicitm account šŸ’„ STEP TO REPRODUCE 1. first goto http://localhost/online-rental/app/rentalownersview.php and add a new landlord .\ During creation put bellow xss payloa...

2.6AI score
Exploits0
Huntr
Huntr
•added 2021/07/02 7:8 p.m.•10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

šŸ’„ BUG xss via groupname in item šŸ’„ VERSION TESTED latest version as of 1/7/21 šŸ’„ IMPACT xss allow to execute arbitary javascript in vicitm account šŸ’„ STEP TO REPRODUCE 1. first goto http://localhost/online-invoice2/app/admin/pageEditGroup.php and add a new group and put bellow xss payload in...

2AI score
Exploits0
Huntr
Huntr
•added 2021/07/02 6:37 p.m.•10 views

Improper Privilege Management in bigprof-software/online-invoicing-system

šŸ’„ BUG privilege escalation bug to add item to a price-history šŸ’„ IMPACT unprivileged user can add item to a price-history šŸ’„ STEP TO REPRODUCE 1. From admin account goto http://localhost/online-invoice2/app/admin/pageViewMembers.php and add new user called user-B .\ Now revoke all acccess from item...

0.9AI score
Exploits0
Huntr
Huntr
•added 2021/07/02 12:44 p.m.•10 views

in projectsend/projectsend

šŸ’„ BUG privilege escalation bug to update admin email-address and company name etc . šŸ’„ IMPACT unprivileged user can update admin email-address and company name etc šŸ’„ STEP TO REPRODUCE 1. From admin account goto http://localhost/projectsend2/users.php and add new user called user-B with uploader...

Exploits0
Huntr
Huntr
•added 2021/07/02 1:7 a.m.•10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

āœļø Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the City field as tested on the latest release. šŸ•µļøā€ā™‚ļø Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the City...

1AI score
Exploits0
Huntr
Huntr
•added 2021/06/30 12:34 p.m.•10 views

Cross-site Scripting (XSS) - Stored in combodo/itop

šŸ’„ BUG stored xss via file upload šŸ’„ STEP TO REPRODUCE here in this case i uploaded a html file with xss payload inside.\ Plz check this 1 minute video to reproduce https://drive.google.com/file/d/1xKqYFgrsFUfp9Ufe4XiATQcAL-Q6Mr9G/view?usp=sharing šŸ’„ Impact I see there is many different type of role...

7AI score
Exploits0
Huntr
Huntr
•added 2021/06/30 9:11 a.m.•10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

āœļø Description There is a Stored XSS in the online invoicing system which could be exploited by any user who has permission to add a client. when a comment is added during the creation of a client by the user then due to improper sanitization XSS payload gets triggered. šŸ•µļøā€ā™‚ļø Proof of Concept Video...

0.2AI score
Exploits0
Huntr
Huntr
•added 2021/06/30 7:4 a.m.•10 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

āœļø Description Reflected XSS in ping.php as IP parameter is not sanitized. šŸ•µļøā€ā™‚ļø Proof of Concept Vulnerable Code: Ping Payload: Ping alert1 ? šŸ’„ Impact This vulnerability is capable of reflected XSS...

1.5AI score
Exploits0
Huntr
Huntr
•added 2021/06/26 5:42 a.m.•10 views

in beestat/app

āœļø Description The random number generator implemented by mtrand on session keys is not suitable for cryptographic purposes generation of tokens, passwords, or cryptographic keys either. mtrand function that produces predictable values is utilized as a source of randomness in a security-sensitive...

0.3AI score
Exploits0
Huntr
Huntr
•added 2021/06/23 8:41 a.m.•10 views

Stack-based Buffer Overflow in rup0rt/pcapfix

Description A stack over flow was found in pcapfix in function fixpcappackets in pcap.c at line 550 The root cause seem at line 458 , there is an int overflow if filesize-pos-sizeofpackethdr is negative. Test version : 1.1.6 2fe168e Test env: gcc 9.3.0 ubuntu 20.04 x86-64 Proof of Concept...

Exploits0References1
Huntr
Huntr
•added 2021/06/20 4:26 p.m.•10 views

in phpservermon/phpservermon

āœļø Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

1.5AI score
Exploits0References2
Huntr
Huntr
•added 2021/06/20 4:0 p.m.•10 views

Cross-Site Request Forgery (CSRF) in erudika/scoold

āœļø Description The /voteup/question/ endpoint does not have a CSRF protection. This could be exploited by an attacker to manipulate votes in a question. šŸ•µļøā€ā™‚ļø Proof of Concept An attacker creates the following web page and sends a link to a logged in user. // PoC.html Click Here When an...

2.9AI score
Exploits0References1
Huntr
Huntr
•added 2021/06/12 7:10 a.m.•10 views

Server-Side Request Forgery (SSRF) in frenchbread/private-ip

āœļø Description private-ip is an npm module that is used to check if the IP address is private or not for preventing SSRF attacks. It has nearly 11k+ weekly downloads on npmjs. However, I discovered that an attacker may simply get around this check by constructing a malicious IP. šŸ•µļøā€ā™‚ļø Proof of...

1AI score
Exploits0
Huntr
Huntr
•added 2021/06/09 5:26 p.m.•10 views

Command Injection in sofianehamlaoui/lockdoor-framework

āœļø Description Unsanitized user input leads to command injection in Nasnum function input in the infogathering.py script. šŸ•µļøā€ā™‚ļø Proof of Concept Payload: ;id šŸ’„ Impact command run as root. So an attacker could do potential damage to the machine...

3AI score
Exploits0
Huntr
Huntr
•added 2021/05/29 5:20 p.m.•10 views

OS Command Injection in falconchristmas/fpp

āœļø Description The version variable is directly embeded in a OS command in https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/upgradefpp.phpL54 php $version = $GET'version'; // $command = "sudo /opt/fpp/scripts/upgradeFPP " . $version . " 2&1"; echo "Command:...

1.9AI score
Exploits0
Huntr
Huntr
•added 2021/05/29 4:2 p.m.•10 views

OS Command Injection in falconchristmas/fpp

āœļø Description Hi, there is a command injection vulnerability in https://github.com/FalconChristmas/fpp/blob/40a636c6e38442e3674db0b85fdfc5ed8a79b823/www/changebranch.phpL23 php &1"; echo "Command: $command\n"; echo...

1.3AI score
Exploits0
Huntr
Huntr
•added 2021/05/29 3:46 a.m.•10 views

in mcfriend99/bird

āœļø Description Heap-based 1-byte write violation. Certain programs can cause the parser/syntax-checker to write out of bounds. The below program writes a single byte out of bounds. šŸ•µļøā€ā™‚ļø Proof of Concept Program: var a = 'outer' def test var a = 'inner' echo 'It works! $a' echo a echo test test def...

7.3AI score
Exploits0
Huntr
Huntr
•added 2021/05/28 4:48 p.m.•10 views

in hstm/dotfiles

āœļø Description Owner of this Github repo has inadvertently committed their .pgpass file which contains login information for a localhost PostgreSQL server. We suggest the owner of this Github repo deletes the file from the repo, adds .pgpass to their .gitignore and changes their localhost...

0.2AI score
Exploits0References1
Huntr
Huntr
•added 2021/05/24 3:33 a.m.•10 views

Improper Privilege Management in dolibarr/dolibarr

šŸ’„ BUG unprivileged user can add personal email to another user. šŸ’„ IMPACT user who dont have any access in "users and groups" can update users personal email. šŸ’„ TESTED VERSION dolibarr 14.0.0-beta šŸ’„ STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B...

0.5AI score
Exploits0
Huntr
Huntr
•added 2021/05/21 12:32 p.m.•10 views

Improper Access Control in codingtrain/website

āœļø Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. šŸ•µļøā€ā™‚ļø Proof of Concept Visit this link to verify that you can use the service by visiting...

0.5AI score
Exploits0References1
Total number of security vulnerabilities4072