Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
•added 2024/11/06 10:58 a.m.•9 views

DoS using malicious gguf model file

This report is not public...

7.5CVSS7.7AI score0.00822EPSS
Exploits1
Huntr
Huntr
•added 2024/10/31 1:49 p.m.•9 views

CSRF ON SIGNUP PAGE

CSRF ON CREATING A NEW USER in mlflow/mlflow Reported on Oct 31st 2024 The Signup feature of Mlflow is vulnerable to CSRF attack that allow attacker to create a new account. This may be used to perform unauthorised actions on behalf of the malcious user . Proof of Concept : An attacker can use CS...

7.1CVSS5.7AI score0.00202EPSS
Exploits1
Huntr
Huntr
•added 2024/10/23 4:53 p.m.•9 views

XSS by uploading pdf file

This report is not public...

5.4CVSS7.1AI score0.00359EPSS
Exploits1
Huntr
Huntr
•added 2023/10/11 4:58 p.m.•9 views

2 FPE in MP4Box

Description 2 FPE in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Reproduce ./MP4Box -dash 100...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/09/26 5:46 p.m.•9 views

Add arbitrary users to the user group

Description Add arbitrary users to the user group Proof of Concept 1 .Administrator user haido456 creates a user group name : group456 2 .User hai123 has general user rights but has the right to add arbitrary users to the user group: group456 3 .This includes users that the admin does not want...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/09/03 6:50 a.m.•9 views

Store DOM XSS when create survey

Description I noticed, your website is very secure. But you overlooked a flaw Store DOM XSS . Proof of Concept Detail: 1 .Login vs admin demo account 2 .Create new survey , insert payload in to Survey title: test" onclick = "alertdocument.domain" 3 . Click create == detect Store DOM XSS Video Poc...

6.1AI score
Exploits0
Huntr
Huntr
•added 2023/08/22 6:50 a.m.•9 views

BrowserView Allows Popups, which leads to Remote Code Execution

Description The Application has a functionality that allows users to add URLs for custom Webservices. If a user adds a URL containing malicious code, then it can be used to open a new Browser Window, which will lead to Remote Code Execution on the victims computer. Proof of Concept ATTACKER SETUP...

7.6AI score
Exploits0
Huntr
Huntr
•added 2023/08/18 11:54 a.m.•9 views

Important Cookie without Secure flag

Description Cookie accessToken is without Secure flag. Mentioned cookie is responsible for user auth. Proof of Concept Repro steps: As logged in user https://app.vrite.io/ open DevTools and check Cookies table, get value of accessToken cookie. Open other browser, go to app.vrite.io site, open...

6.9AI score
Exploits0References1
Huntr
Huntr
•added 2023/08/08 10:47 a.m.•9 views

Self XSS in "Content Types / Add Content Type"

Description Add payload to field System name: Proof of Concept https://drive.google.com/file/d/1xJ24a3HveP4dpKXF5zmtsNIa2-wweoA/view?usp=sharing...

6.9AI score
Exploits0References1
Huntr
Huntr
•added 2023/07/15 8:36 p.m.•9 views

Potential XSS injection in stuff and say attributes

Description The stuff and say attributes are not sanitized before being used in innerHTML. Because of this, they could be used to inject arbitrary JS in the page. Proof of Concept html obfumatic XSS "Fallback text...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/06/29 12:18 p.m.•9 views

XSS Reflected via import file funtion

Description The application does import data from the file without cleaning the data inside before processing, resulting in javascript code that can be injected and triggered when the victim executes the function. Proof of Concept Step1: The attacker creates a .csv file containing a payload to...

6.6AI score
Exploits0
Huntr
Huntr
•added 2023/06/29 8:52 a.m.•9 views

Unauthorized access to Survey menu entries

Description The application is not properly verifying the authorization of users accessing survey menu entries. Proof of Concept 1. Login as a user with limited privilege. In my case the user permission is set as follows and has no access to surveys. 2. Visit...

6.7AI score
Exploits0References1
Huntr
Huntr
•added 2023/06/26 11:11 a.m.•9 views

Path Traversal in uploadAttachment

POC : see https://1drv.ms/v/s!Avwg5C1eKVA4gl3LF2hgRyVNrSqk?e=DHbHKF We also contact the Maintainer through email lujie.ac.cn...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/06/15 1:57 p.m.•9 views

The ability to edit groups owned by any user.

Description The edit group function does not check the owner, allowing for the possibility to modify a group without being the owner of that group. Proof of Concept Step 1: We have User1 who owns Group 1 and Group 2; User5 who owns Group 5. Step 2: User1 performs an edit group action and changes...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/05/02 8:25 p.m.•9 views

Cross Site Scripting in Open Web Analytics on most statistics related pages

Description The makeJson method within the owatemplate class generates a JSON string in an unsafe manner. This method is utilized within the report.tpl file, where it receives parameters from the URL and generates a JSON string using them without properly sanitizing. Proof of Concept The...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/03/20 9:36 a.m.•9 views

REFLECTED XSS "Cross-site Scripting (XSS) "

Description Summary: I have found Reflected XSS at https://www.vim.org/login.php?referrer= Go To : https://www.vim.org/login.php?referrer=%22%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E payload xss : " Proof of Concept // PoC.js var payload =...

6.4AI score
Exploits0
Huntr
Huntr
•added 2023/02/21 4:37 p.m.•9 views

Stored HTML injection and Potential Cross Site Scripting in pixelfed ≤ 0.11.4

Description pixelfed ≤ 0.11.4 is affected by HTML injection and Potential Cross Site Scripting vulnerability. Steps to Reproduce: 1.Choose any server from https://pixelfed.org/servers and go to registration page. 2.Enter your username, email, password and enter following payload on "Name" paramet...

6.7AI score
Exploits0References2
Huntr
Huntr
•added 2023/02/20 10:17 a.m.•9 views

Stored XSS in "Import" Module

Description When loading a CSV or XLSX file to preview before importing Step 4, no sanitization of the first line label, allows authenticated attacker to inject malicious XSS payload into the to import file, and store it on the target webserver. If any admin reuse the malicious uploaded importing...

6.2AI score
Exploits0
Huntr
Huntr
•added 2023/01/30 1:39 p.m.•9 views

XSS caused by sending information between users

Description The forum allows users to send information. Although the script tag cannot be used, the img tag can also cause xss.And the program can bypass the filtering of the "cookie" string by means of entity encoding. Video link You can watch my video through this link first. link...

0.2AI score
Exploits0
Huntr
Huntr
•added 2022/12/19 12:26 p.m.•9 views

SNMP location XSS vulnerability

Description By including some HTML in the "Location" field of the snmpd configuration of a managed device, an attacker can inject HTML into the LibreNMS "Devices" tab, which then gets rendered when the page is viewed. EDIT: I'm having difficulties developing a proper exploit for this beyond the...

6.7AI score
Exploits0References1
Huntr
Huntr
•added 2022/11/23 9:20 p.m.•10 views

An unrestricted upload file lead to a stored XSS via SVG file.

Description During the test, I discovered that the upload function accepted svg files without any sanitization, allowing me to inject javascript code into the svg file and store it, as well as execute the javascript code via the svg file. Proof of Concept // PoC.js...

7.5AI score
Exploits0
Huntr
Huntr
•added 2022/11/17 11:51 a.m.•9 views

Cross-site Scripting (XSS) - Stored at discussion title

Description Attacker can inject XSS payload in title when he starts or renames a discussion. The payload will be triggered right after a normal user open that discussion. Proof of Concept 1. Login to your account on https://forum.locker.io 2. Create New Discussions 3. On the Discussions Title,...

6AI score
Exploits0
Huntr
Huntr
•added 2022/10/30 11:35 p.m.•9 views

XSS stored in Category name

Description If a user inject an XSS payload inside a category name. All users that visit the index page will execute the corresponding XSS payload. Proof of Concept Add a malicious category XSS is executed...

2.5AI score
Exploits0References1
Huntr
Huntr
•added 2022/10/09 4:48 p.m.•9 views

POST Based Reflected Cross Site Scripting in installation page

Description The installation page in Elgg ≤ v4.3.3 is vulnerable to Cross-Site Scripting attack via 'dataroot' parameter. Steps to Reproduce 1. Freshly install the Elgg in your web-server and proceed to "Database Installation Page". 2. Enter the following payload in "Data Directory" field and fil...

5.9AI score
Exploits0References1
Huntr
Huntr
•added 2022/10/09 2:42 p.m.•9 views

Multiple SQL Injections

Description User input is inserted directly into a SQL query in multiple places when duplicating contacts/leads. Proof of Concept For a PoC, we are going to use Leads, although the other vulnerabilities will probably work analagously. Since the input is not directly displayed to the user, we will...

7.6AI score
Exploits0
Huntr
Huntr
•added 2022/09/06 4:6 p.m.•9 views

Insufficient Session Expiration

Description Existing sessions are not invalidated after a password change. Proof of Concept Steps to reproduce: 1. Log in to Humhub 2. Do the same in another browser or a private window, such that there are two different active sessions 3. Update the user's password in either of the two sessions ...

1.2AI score
Exploits0References1
Huntr
Huntr
•added 2022/08/31 2:57 a.m.•9 views

Reflected XSS on "DetailViewAjax" via "relation_id" parameter

Description The value of the "relationid" parameter on the "DetailViewAjax" reflects to the source code without any sanitization. So, that leads to XSS which allows cookie stealing. Proof of Concept...

1.5AI score
Exploits0
Huntr
Huntr
•added 2022/08/28 10:34 a.m.•9 views

Tabnabbing on spec-disrespecting browsers

Some browsers do not comply with the 2021 HTML specification, meaning that an attacker can redirect the parent window. This applies to links in descriptions // Create a new card // Add https://someevilsite.com to card // Now the site can do the following:...

0.9AI score
Exploits0References1
Huntr
Huntr
•added 2022/08/21 4:13 p.m.•9 views

DoS via Client Email Update

Description An unauthenticated user, via the Inbox Website Widget, can update its contact email information, whose field doesn't have any proper size restriction or limitation in place, allowing to set as email an unlimited number of characters. \ \ Because of this an attacker can send an enormou...

6.9AI score
Exploits0
Huntr
Huntr
•added 2022/08/19 9:53 p.m.•9 views

XSS on URL recorder

Description Hi Team , I found XSS vulnerability in url recorder https://conifer.rhizome.org/"USERNAME"/default-collection/ Proof of Concept Image : https://ibb.co/dBr0QQr...

0.4AI score
Exploits0
Huntr
Huntr
•added 2022/08/13 12:39 p.m.•9 views

Cross-site Scripting (XSS) - Stored on Translations

Description Translations are vulnerable to Cross-Site Scripting. Steps to reproduce 1 - Go to Website - Settings 2 - Click on Languages 3 - Fill any field to be translated with an XSS payload : ". 4 - XSS popup will appear. Proof of concept...

0.1AI score
Exploits0
Huntr
Huntr
•added 2022/08/08 10:45 p.m.•9 views

Modify other people's articles by modifying the data package

Description The program does not check whether the originator of the request has this permission. I can modify the content of other people's articles and even modify the content by capturing data packets, even if I am not the owner of the article, even if I do not have permission in this respect...

0.3AI score
Exploits0References1
Huntr
Huntr
•added 2022/08/03 10:57 p.m.•9 views

Denial of Service via Attachment Upload

Description An attacker can upload an attachment without any size limitation which leads to an exception and the crash of the application. Proof of Concept 1. 1 - Log in and select and project and card. 2. 2 - Upload a file, in this case, a 5GB file. Used sample file. 3. 3 - After some seconds th...

1.9AI score
Exploits0
Huntr
Huntr
•added 2022/07/05 9:2 a.m.•9 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept Go to this URL:...

0.6AI score
Exploits0References2
Huntr
Huntr
•added 2022/07/02 6:53 a.m.•9 views

Cross Site Scripting via Improper Input Validation (parser differential)

Description I find that parse-url parses the following URL incorrectly and identifies protocol as ssh: javascript://n.com:-4294967297/?ab=--2509999973799371216494http://user:passser:[email protected]:-4294967297/?a /parseurlfuzz$ node -e 'const parseUrl = require"parse-url";...

0.2AI score
Exploits0
Huntr
Huntr
•added 2022/07/01 7:25 p.m.•9 views

xss via svg file

Description xss via svg file Proof of Concept 1. goto your account and create a document under a collection .\ 2. Now edit this document and upload bellow svg file in this document content as image filename--evil.svg alert'Thais app is probably vulnerable to XSS attackss!'; 3. after upload open...

0.4AI score
Exploits0
Huntr
Huntr
•added 2022/06/30 2:6 p.m.•9 views

Cross-site Scripting (XSS) - Stored in Space Name

Description Cross-site Scripting XSS - Stored in space name. Because space name is not HTML encoded, "Confirm action" modal pops up then the script is executed. Proof of Concept Step 1: Create a new Space and fill in name with this payload: "alert1. Step 2: Send an invite to victim then save. Ste...

0.7AI score
Exploits0References1
Huntr
Huntr
•added 2022/06/27 7:30 a.m.•9 views

Reflected XSS in multiple parameters

Testing Environment 1. Windows OS 2. Firefox Browser Vulnerable URLs ----...

1.4AI score
Exploits0
Huntr
Huntr
•added 2022/06/27 5:37 a.m.•9 views

Command Injection:

Description cookiecutter is a command-line utility that creates projects from cookiecutters. Affected versions of this package are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg...

8AI score
Exploits0References3
Huntr
Huntr
•added 2022/06/25 5:1 p.m.•9 views

Reflected XSS on the Products Modules

Description coreBOS is vulnerable with Reflected XSS on the Products modules. The HTML tag can be escaped with " character and the attacker can be able to perform the Reflected XSS Proof of Concept 1. Login to coreBOS 1. Go to...

0.7AI score
Exploits0References1
Huntr
Huntr
•added 2022/06/25 1:52 a.m.•9 views

Improper path sanitization allows remote read of sensitive system resources

In pufferpanel/files.go there is an EnsureAccess method that accepts a source string and prefix argument. This function attempts to validate that the path being requested is within the scope of the server's operating directory. However, there is a logic bug in this function that improperly passes...

1.2AI score
Exploits0
Huntr
Huntr
•added 2022/06/19 2:40 p.m.•9 views

Username can be enumerated by password reset endpoint

Description The error message on /password/reset/1 can indicate whether the username exists in the instance. I believe this is a valid issue for the following reason: 1. /password/reset after submitting the username on this page, the server always returns success no matter whether the username...

7.3AI score
Exploits0
Huntr
Huntr
•added 2022/06/13 4:37 a.m.•9 views

Stored XSS in Supplier Company Description

Description The application inventree is vulnerable to Stored XSS in supplier company description field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/115LLo4rxW7RzWd7hevbSFAlf-V83OUhU/view?usp=sharing...

0.4AI score
Exploits0
Huntr
Huntr
•added 2022/06/08 7:48 a.m.•9 views

stored xss

Description Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Proof of Concept 1Go to this website: https://titra.io/ 2Click on add Track button 3In the Task field enter...

6.1AI score
Exploits0
Huntr
Huntr
•added 2022/06/04 8:22 p.m.•9 views

Failure to strip Authentication header on HTTP downgrade

The Guzzle redirect middleware fails to strip the Authorization header when a redirect downgrades from https to http. The middleware currently only checks if the host has changed...

0.5AI score
Exploits0
Huntr
Huntr
•added 2022/05/23 8:43 p.m.•9 views

Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept - it works on firefox not in chromium based browsers - login as admin - go to...

7AI score
Exploits0References1
Huntr
Huntr
•added 2022/05/22 10:3 a.m.•9 views

Improper privilege management - Anyone can view room settings.

Description Hi bigbluebutton maintainers, I would like to report an improper privilege management, this allows anyone to view any room settings. Proof of Concept 1. To demonstrate the vulnerability, I've created a room https://demo.bigbluebutton.org/gl/hoa-j4s-sxx-5gn 2. Run this curl command to...

1.6AI score
Exploits0
Huntr
Huntr
•added 2022/05/16 6:8 p.m.•9 views

Application Level DoS:

Description Hey, when I attempt to change the password, I noticed that you haven't kept any password boundary. You need to limit password length. Hashing a large amount of data can cause significant resource consumption on behalf of the server and would be an easy target for an Application-level...

7.2AI score
Exploits0References1
Huntr
Huntr
•added 2022/05/11 10:39 a.m.•9 views

Cross site Request Forgery in running schedule by using GET method.

Description There is a CRSF in autolab source code in running scheduler due to usage of GET method. Proof of Concept 1. Install a local instance of autolab 2. Go to /courses//schedulers and create a schedule 3. Access the link courses//schedulers//run and see that the schedulers is running...

1.8AI score
Exploits0
Huntr
Huntr
•added 2022/05/11 8:23 a.m.•9 views

Stored XSS due to the setting text/xml mime type for xml files

Description Hi, The patch for the previous XSS vulnerability Cross-site scripting - Reflected via upload .xml file looks incomplete. It just will set the mime type to text/xml for XML files to avoid XSS, However, this one can be also used to perform XSS too. Since an XML file can contain HTML...

5.8AI score
Exploits0
Total number of security vulnerabilities4072