Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/05/22 10:3 a.m.9 views

Improper privilege management - Anyone can view room settings.

Description Hi bigbluebutton maintainers, I would like to report an improper privilege management, this allows anyone to view any room settings. Proof of Concept 1. To demonstrate the vulnerability, I've created a room https://demo.bigbluebutton.org/gl/hoa-j4s-sxx-5gn 2. Run this curl command to...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/05/16 6:8 p.m.9 views

Application Level DoS:

Description Hey, when I attempt to change the password, I noticed that you haven't kept any password boundary. You need to limit password length. Hashing a large amount of data can cause significant resource consumption on behalf of the server and would be an easy target for an Application-level...

7.2AI score
Exploits0References1
Huntr
Huntr
added 2022/05/11 10:39 a.m.9 views

Cross site Request Forgery in running schedule by using GET method.

Description There is a CRSF in autolab source code in running scheduler due to usage of GET method. Proof of Concept 1. Install a local instance of autolab 2. Go to /courses//schedulers and create a schedule 3. Access the link courses//schedulers//run and see that the schedulers is running...

1.8AI score
Exploits0
Huntr
Huntr
added 2022/05/11 8:23 a.m.9 views

Stored XSS due to the setting text/xml mime type for xml files

Description Hi, The patch for the previous XSS vulnerability Cross-site scripting - Reflected via upload .xml file looks incomplete. It just will set the mime type to text/xml for XML files to avoid XSS, However, this one can be also used to perform XSS too. Since an XML file can contain HTML...

5.8AI score
Exploits0
Huntr
Huntr
added 2022/05/09 1:8 p.m.9 views

Set cookie for different domain

Description It is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header. Proof of Concept php true; $client-request"GET", "https://.free.beeceptor.com/setcookie"; $cookies = $client-getConfig'cookies'-toArray; printr$cookies; ? You can us...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2022/05/09 10:37 a.m.9 views

Reflected Cross site scripting

Description When a user add new product with a supplier, supplier reference field is responsible to rxss Proof of Concept 1. Navigate to http://localhost/invoices/EditProducto?code=1&action=save-ok and goto supplier tab 2. Click on Add and in "Supplier reference" field add hey...

Exploits0
Huntr
Huntr
added 2022/05/08 1:8 p.m.9 views

Google Storage Bucket Takeover which is getting used in github repository "github.com/wardviaene/kubernetes-course"

Description wardviaene have a opensource project for kubernetes-course In the project, there is a README file which is contains installation instruction of helm. Those instructions are suggesting to download helm binary from a google bucket which was not registered on GCP. So I was able to takeov...

Exploits0References2
Huntr
Huntr
added 2022/04/24 3:49 a.m.9 views

Cross Site Request Forgery in Release all grades feature

Description Hi there, there is a Cross site request Forgery in your Release all grades feature. This is due to the release all grades action is using GET request method. Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/04/23 5:48 p.m.9 views

Cross-site scripting - Stored via upload xml file

Description When user upload file with XML extension in white-list, server will stored XML file at assets/PortalNotesFiles/, so we can direct access and execute javascript code. Proof of Concept POST /rosariosis/Modules.php?modname=SchoolSetup/PortalNotes.php&modfunc=update HTTP/1.1 Host:...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2022/04/02 6:39 p.m.9 views

identify registered user

Description There is a response during password reset which allow to identify if email address is registered or not Proof of Concept 1. Signup to https://cloud.heroiclabs.com/ using a email like [email protected] . \ 2. Now goto https://cloud.heroiclabs.com/recover and put a dummy email address...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/03/31 8:9 a.m.9 views

CSRF on update cart functionality

I found a CSRF Vulnerability in the update cart functionality where there is no csrf token being validated While updating the cart as the authenticated user Vulnerable Request: POST /demo/api/updatecart HTTP/1.1 Host: demo.microweber.org Cookie:...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/03/31 5:29 a.m.9 views

Divulge user password

Description The administrator can obtain the website user registration password hash Proof of Concept // PoC Log in to the background and access: http://demo.jizhicms.cn/admin.php/Member/index.html?ajax=1&page=1&limit=10&isshow=&start=&end=&username=% Package return:...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/03/27 11:2 a.m.9 views

Stored xss bug to hijack admin account

Description Using this xss lower level user can change his role to super-admin and can hijack admin account Proof of Concept 1. First from super-admin account goto http://localhost/silverstripe/admin/security/RootUsers and add user-B as content authors .\ also give user-B only permisssion to page...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/03/23 2:33 a.m.9 views

Stored XSS via upload file

Description In document feature, you can upload a file .ofd which can have xss Proof of Concept // xss.ofd alert1 Step 1: Go to Support - Documents Step 2: Click Create Documents Step 3: At the Download type, choose Internal. Upload file xss.ofd above. Step 4: Go to that file link, such as:...

7AI score
Exploits0
Huntr
Huntr
added 2022/03/19 4:4 a.m.9 views

Multiple Open redirect

Description There exist multiple open redirect in the get parameter returnurl . I found it in bookmarks//edit , bookmarks//remove, bookmarks//archive, bookmarks//unarchive, bookmarks/bulkedit Proof of Concept 1. Login in the demo instance https://demo.linkding.link/ 2. Go to...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/02/23 10:15 p.m.9 views

Improper Input Validation

Description If hostname is not entered as in the following PoC, Open Redirect and SSRF occur because hostname is empty. Proof of Concept javascript // PoC : http:@127.0.0.1 const parseUrl = require"parse-url" const http = require"http" url = parseUrl"http:@127.0.0.1" console.logurl...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/02/18 6:35 a.m.9 views

Path Traversal in silvanmelchior/RPi_Cam_Web_Interface

Description A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/02/10 8:39 p.m.9 views

Inefficient Regular Expression Complexity in gitpython-developers/gitpython

Description In the latest version of GitPython cd29f07b I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service Proof of Concept PoC based on code in git/remote.py Python import logging import re logging.basicConfigformat='%asctimes - %levelnames:...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2022/02/06 4:7 a.m.9 views

in clasp-developers/clasp

Description Clasp uses printf to log errors and useful information, in one instance of this logging - the printf call specifies format operators but lacks the appropriate arguments - leading to unrelated bytes being included in the output. Impact This vulnerability is capable of allowing an...

2AI score
Exploits0
Huntr
Huntr
added 2022/02/04 2:15 a.m.9 views

Cross-site Scripting (XSS) - Stored in bytebase/bytebase

Description Hello there, there is a stored XSS in bytebase SQL editor. Proof of Concept 1. Install bytebase on your system. 2. Go to /sql-editor and create a new query with name 3. Go back to the /sql-editor and go to Queries tab and see that a pop up appears, indicating the XSS payload is...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/01/28 6:10 p.m.9 views

Cross-site Scripting (XSS) - Reflected in phpipam/phpipam

Description Reflected XSS attacks AKA non-persistent attacks when a malicious script is reflected off of a web application to the victim’s browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. The...

6.2AI score
Exploits0
Huntr
Huntr
added 2022/01/28 8:42 a.m.9 views

Open Redirect in alanaktion/phproject

Description Open Redirect in Login page due to unchecked to parameter. Proof of Concept Send users the following link https://demo.phproject.org/login?to=//example.com After users use their registered account to login, they will be redirected to example.com Impact By modifying the URL value to a...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/01/20 7:33 a.m.9 views

Classic Buffer Overflow in gpac/gpac

Description Buffer Overflow in gpac Proof of Concept Version: MP4Box - GPAC version 1.1.0-DEV-rev1647-gb6f68145e-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/01/17 4:52 a.m.9 views

Cross-site Scripting (XSS) - Stored in zikula/core

Description In zikula/core cross site scripting vulnerability is present in block modules block list description field. This commit e453ad not properly santize the input. Proof of Concept login to the demo account go to blocks https://demo.ziku.la/blocks/admin/view Add payload in block list...

6.3AI score
Exploits0
Huntr
Huntr
added 2022/01/13 1:38 a.m.9 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description I can send a message. In the here, I can create a link. But, when i create a link, I can use an onfocus/autofocus attribute after escape the href attribute because do not processing for double quote Proof of Concept txt 1. Open the...

7.3AI score
Exploits0
Huntr
Huntr
added 2022/01/04 7:48 p.m.9 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description I can create links using the Web links feature. However, since the input value is not URL-encoded, the onfocus and autofocus properties can be used by escaping the properties of the "A" tag using double quotation marks ". Proof of Concept txt...

7.3AI score
Exploits0
Huntr
Huntr
added 2022/01/03 2:30 a.m.9 views

in zikula/core

Description When sending test emails, you're able to spam a target email address with as many emails as an attacker wants to a victim's email address due to lack of rate limiting /mailer/config/test I've put together a simple Python script that exploits this and would allow you to send a custom...

7AI score
Exploits0
Huntr
Huntr
added 2022/01/01 6:36 p.m.9 views

Heap-based Buffer Overflow in neomutt/neomutt

Description When connected through imap/imaps with a server, neomutt is prone to a heap buffer overflow when using the auto completion feature. Proof of Concept Prepare client configuration which connects to 127.0.0.1:14300 cat muttrc imap.txt.b64 EOF...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2022/01/01 12:37 p.m.9 views

Cross-site Scripting (XSS) - Stored in cacti/cacti

Description Hi there cacti maintainer team, I would like to report a stored XSS in cacti source code. It is due to unsanitized error message in synchronizing aggregates for color. Proof of Concept 1. Install a cacti instance in your local 2. Go to Color and create a color with name 3. Back to col...

Exploits0References1
Huntr
Huntr
added 2021/12/30 5:45 a.m.9 views

in gpac/gpac

Description Null Pointer Dereference in gfutf8wcslen Proof of Concept POC is here. bt Program received signal SIGSEGV, Segmentation fault. ----------------------------------registers----------------------------------- RAX: 0x24 '$' RBX: 0x5555555e2870 -- 0x5555555e2840 -- 0x2000000020000000 '' RC...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/12/22 12:58 a.m.9 views

Open Redirect in erudika/scoold

Description Hi erudika scoold team, there is an Open redirect in your source code at question url Proof of Concept 1. Go to this link https://pro.scoold.com/questions/space?returnto=https://google.com 2. Observe that you are redirected to google.com Impact This vulnerability is capable of Open...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/12/14 6:18 p.m.9 views

Cross-Site Request Forgery (CSRF) in laravelio/laravel.io

Description This CSRF is capable of making a user unintentionally subscribe and unsubscribe to a thread. Proof of Concept Visit https://laravel.io/forum/storing-sessions-as-in-a-storage-bucket/subscribe Visit https://laravel.io/forum/storing-sessions-as-in-a-storage-bucket/unsubscribe Impact One...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/12/14 2:55 a.m.9 views

Cross-site Scripting (XSS) - Stored in convos-chat/convos

Description Stored XSS via upload File with format .svg when chatting in private conversation. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/12/13 6:24 a.m.9 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF to delete user accounts Proof of Concept Impact This vulnerability is capable of tricking admin users to delete user accounts...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/12/05 4:0 a.m.9 views

Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/11/29 2:7 p.m.9 views

None in fcambus/logswan

Description Good morning, I hope you're doing well today. Whilst testing logswan built with Clang12 + ASan on Ubuntu 20.04.3 LTS from commit bcfd41, we discovered a heap-use-after-free situation during a strcmp operation on line 259 of logswan/src/logswan.c. Proof of Concept First... echo...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/11/29 5:26 a.m.9 views

Cross-site Scripting (XSS) - Stored in krayin/laravel-crm

Description Stored XSS at Name of Tag Detail When rendering grid for Tag, Name value is not filtered before rendering which can trigger XSS Proof of Concept // PoC.req POST /admin/settings/tags/edit/1 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:95.0...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/11/28 2:27 a.m.9 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/11/25 7:9 a.m.9 views

in combodo/itop

Proof of Concept Bellow request is vulnerable to csrf attack history.pushState'', '', '/' document.forms0.submit;...

7AI score
Exploits0
Huntr
Huntr
added 2021/11/24 7:17 p.m.9 views

PHP Remote File Inclusion in combodo/itop

Description csrf bug Proof of Concept Bellow request is vulnerable to csrf attack history.pushState'', '', '/' input type="hidden" name="class" v...

7AI score
Exploits0
Huntr
Huntr
added 2021/11/07 6:27 p.m.9 views

Cross-Site Request Forgery (CSRF) in galette/galette

Description Hello, Looking at the Galette application, I could observe that it is not protected against CSRF Cross-Site Request Forgery From OWASP : Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2021/10/25 9:10 a.m.9 views

Cross-site Scripting (XSS) - Reflected in collectiveaccess/providence

Description Reflected XSS in form Search. After report https://huntr.dev/bounties/b76d075f-f6b2-40f0-b08e-a56e934d7c60/ I have retested the vulnerability and my payload is able to bypass your filter mechanism. The input tag of the search form was escaped by my payload Step to Reproduct Login to...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/10/24 9:30 a.m.9 views

Sensitive Cookie Without 'HttpOnly' Flag in kasuganosoras/pigeon

Description One or more cookies don't have the HttpOnly flag set. When a cookie is set with the HttpOnly flag, it instructs the browser that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection for session cookies. Remediation If...

1AI score
Exploits0
Huntr
Huntr
added 2021/10/22 2:25 p.m.9 views

Business Logic Errors in microweber/microweber

Description A fixed price coupon can be applied to get negative price for a product Proof of Concept 1: Create a fixed coupon Example: $200 coupon, $300 minimum 2: Add two products into the cart Example $50 + $300 3: Apply the fixed coupon. 4: Remove the $300 product. Observe that the price is no...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/10/21 3:34 p.m.9 views

Heap-based Buffer Overflow in zyantific/zydis

Description Hello, we hope you're doing well during these challenging times. Whilst testing zydis built from commit 077b185 with Clang12 + ASan on Ubuntu 18.04, we discovered a crafted PE file that when fed to ZydisPE triggers a heap-buffer-overflow, READ of size 1. Proof of Concept POC Base64...

Exploits0References1
Huntr
Huntr
added 2021/10/20 1:1 p.m.9 views

Cross-site Scripting (XSS) - Stored in archerysec/archerysec

Description The application is vulnerable to a Stored XSS attack. It is possible for an authenticated user to inject a JavaScript payload that will be executed in the web browser of the users viewing the concerned pages. When uploading a Burp scan, the XML field "issueBackground" of a vulnerabili...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/10/17 8:59 p.m.9 views

Cross-site Scripting (XSS) - Stored in opensourcepos/opensourcepos

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept // PoC.js 1-- Just got https://demo.opensourcepos.org/messages 2-- send a payload on number phone field . 3-- you will get an...

6.3AI score
Exploits0
Huntr
Huntr
added 2021/10/16 4:57 a.m.9 views

Cross-Site Request Forgery (CSRF) in pkp/pkp-lib

Description No CSRF in upload profile too: /index.php/e/$$$call$$$/tab/user/profile-tab/upload-profile-image. More endpoints: Reordering data: /index.php/e/$$$call$$$/grid/settings/submission-checklist/submission-checklist-grid/save-sequence...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/10/14 4:24 p.m.9 views

Cross-site Scripting (XSS) - Stored in ampache/ampache

Description ampache has a stored XSS in the View Existing User , an attacker could exploit with the Website attribute to steal the other users' cookie Proof of Concept 1 Visit http://ampache//index.phppreferences.php?tab=account set the Website attribut toe: foo" onmouseover=alertdocument.cookie ...

0.2AI score
Exploits0References2
Huntr
Huntr
added 2021/10/13 10:35 p.m.9 views

Cross-Site Request Forgery (CSRF) in bytebase/bytebase

Description all part of application That use POST http method to change or create data are vulnerable to CSRF attacks. for example the PATCH methods are not vulnerable I will show just create a member POC for you and if you want to see other POCs of other endpoint just say me to provide them too ...

7.1AI score
Exploits0
Total number of security vulnerabilities4072