Lucene search
+L
HuntrMost viewed

4073 matches found

huntr
huntr
added 2022/06/25 5:1 p.m.9 views

Reflected XSS on the Products Modules

Description coreBOS is vulnerable with Reflected XSS on the Products modules. The HTML tag can be escaped with " character and the attacker can be able to perform the Reflected XSS Proof of Concept 1. Login to coreBOS 1. Go to...

0.7AI score
Exploits0References1
huntr
huntr
added 2022/06/25 1:52 a.m.9 views

Improper path sanitization allows remote read of sensitive system resources

In pufferpanel/files.go there is an EnsureAccess method that accepts a source string and prefix argument. This function attempts to validate that the path being requested is within the scope of the server's operating directory. However, there is a logic bug in this function that improperly passes...

1.2AI score
Exploits0
huntr
huntr
added 2022/06/19 2:40 p.m.9 views

Username can be enumerated by password reset endpoint

Description The error message on /password/reset/1 can indicate whether the username exists in the instance. I believe this is a valid issue for the following reason: 1. /password/reset after submitting the username on this page, the server always returns success no matter whether the username...

7.3AI score
Exploits0
huntr
huntr
added 2022/06/13 4:37 a.m.9 views

Stored XSS in Supplier Company Description

Description The application inventree is vulnerable to Stored XSS in supplier company description field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/115LLo4rxW7RzWd7hevbSFAlf-V83OUhU/view?usp=sharing...

0.4AI score
Exploits0
huntr
huntr
added 2022/06/08 7:48 a.m.9 views

stored xss

Description Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Proof of Concept 1Go to this website: https://titra.io/ 2Click on add Track button 3In the Task field enter...

6.1AI score
Exploits0
huntr
huntr
added 2022/06/04 8:22 p.m.9 views

Failure to strip Authentication header on HTTP downgrade

The Guzzle redirect middleware fails to strip the Authorization header when a redirect downgrades from https to http. The middleware currently only checks if the host has changed...

0.5AI score
Exploits0
huntr
huntr
added 2022/05/23 8:43 p.m.9 views

Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept - it works on firefox not in chromium based browsers - login as admin - go to...

7AI score
Exploits0References1
huntr
huntr
added 2022/05/22 10:3 a.m.9 views

Improper privilege management - Anyone can view room settings.

Description Hi bigbluebutton maintainers, I would like to report an improper privilege management, this allows anyone to view any room settings. Proof of Concept 1. To demonstrate the vulnerability, I've created a room https://demo.bigbluebutton.org/gl/hoa-j4s-sxx-5gn 2. Run this curl command to...

1.6AI score
Exploits0
huntr
huntr
added 2022/05/16 6:8 p.m.9 views

Application Level DoS:

Description Hey, when I attempt to change the password, I noticed that you haven't kept any password boundary. You need to limit password length. Hashing a large amount of data can cause significant resource consumption on behalf of the server and would be an easy target for an Application-level...

7.2AI score
Exploits0References1
huntr
huntr
added 2022/05/11 10:39 a.m.9 views

Cross site Request Forgery in running schedule by using GET method.

Description There is a CRSF in autolab source code in running scheduler due to usage of GET method. Proof of Concept 1. Install a local instance of autolab 2. Go to /courses//schedulers and create a schedule 3. Access the link courses//schedulers//run and see that the schedulers is running...

1.8AI score
Exploits0
huntr
huntr
added 2022/05/11 8:23 a.m.9 views

Stored XSS due to the setting text/xml mime type for xml files

Description Hi, The patch for the previous XSS vulnerability Cross-site scripting - Reflected via upload .xml file looks incomplete. It just will set the mime type to text/xml for XML files to avoid XSS, However, this one can be also used to perform XSS too. Since an XML file can contain HTML...

5.8AI score
Exploits0
huntr
huntr
added 2022/05/09 1:8 p.m.9 views

Set cookie for different domain

Description It is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header. Proof of Concept php true; $client-request"GET", "https://.free.beeceptor.com/setcookie"; $cookies = $client-getConfig'cookies'-toArray; printr$cookies; ? You can us...

0.5AI score
Exploits0References1
huntr
huntr
added 2022/05/09 10:37 a.m.9 views

Reflected Cross site scripting

Description When a user add new product with a supplier, supplier reference field is responsible to rxss Proof of Concept 1. Navigate to http://localhost/invoices/EditProducto?code=1&action=save-ok and goto supplier tab 2. Click on Add and in "Supplier reference" field add hey...

Exploits0
huntr
huntr
added 2022/05/08 1:8 p.m.9 views

Google Storage Bucket Takeover which is getting used in github repository "github.com/wardviaene/kubernetes-course"

Description wardviaene have a opensource project for kubernetes-course In the project, there is a README file which is contains installation instruction of helm. Those instructions are suggesting to download helm binary from a google bucket which was not registered on GCP. So I was able to takeov...

Exploits0References2
huntr
huntr
added 2022/04/24 3:49 a.m.9 views

Cross Site Request Forgery in Release all grades feature

Description Hi there, there is a Cross site request Forgery in your Release all grades feature. This is due to the release all grades action is using GET request method. Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which...

0.7AI score
Exploits0
huntr
huntr
added 2022/04/23 5:48 p.m.9 views

Cross-site scripting - Stored via upload xml file

Description When user upload file with XML extension in white-list, server will stored XML file at assets/PortalNotesFiles/, so we can direct access and execute javascript code. Proof of Concept POST /rosariosis/Modules.php?modname=SchoolSetup/PortalNotes.php&modfunc=update HTTP/1.1 Host:...

7.1AI score
Exploits0References1
huntr
huntr
added 2022/04/02 6:39 p.m.9 views

identify registered user

Description There is a response during password reset which allow to identify if email address is registered or not Proof of Concept 1. Signup to https://cloud.heroiclabs.com/ using a email like [email protected] . \ 2. Now goto https://cloud.heroiclabs.com/recover and put a dummy email address...

0.1AI score
Exploits0
huntr
huntr
added 2022/03/31 8:9 a.m.9 views

CSRF on update cart functionality

I found a CSRF Vulnerability in the update cart functionality where there is no csrf token being validated While updating the cart as the authenticated user Vulnerable Request: POST /demo/api/updatecart HTTP/1.1 Host: demo.microweber.org Cookie:...

0.4AI score
Exploits0
huntr
huntr
added 2022/03/31 5:29 a.m.9 views

Divulge user password

Description The administrator can obtain the website user registration password hash Proof of Concept // PoC Log in to the background and access: http://demo.jizhicms.cn/admin.php/Member/index.html?ajax=1&page=1&limit=10&isshow=&start=&end=&username=% Package return:...

0.1AI score
Exploits0
huntr
huntr
added 2022/03/27 11:2 a.m.9 views

Stored xss bug to hijack admin account

Description Using this xss lower level user can change his role to super-admin and can hijack admin account Proof of Concept 1. First from super-admin account goto http://localhost/silverstripe/admin/security/RootUsers and add user-B as content authors .\ also give user-B only permisssion to page...

0.7AI score
Exploits0
huntr
huntr
added 2022/03/23 2:33 a.m.9 views

Stored XSS via upload file

Description In document feature, you can upload a file .ofd which can have xss Proof of Concept // xss.ofd alert1 Step 1: Go to Support - Documents Step 2: Click Create Documents Step 3: At the Download type, choose Internal. Upload file xss.ofd above. Step 4: Go to that file link, such as:...

7AI score
Exploits0
huntr
huntr
added 2022/03/19 4:4 a.m.9 views

Multiple Open redirect

Description There exist multiple open redirect in the get parameter returnurl . I found it in bookmarks//edit , bookmarks//remove, bookmarks//archive, bookmarks//unarchive, bookmarks/bulkedit Proof of Concept 1. Login in the demo instance https://demo.linkding.link/ 2. Go to...

0.3AI score
Exploits0
huntr
huntr
added 2022/02/23 10:15 p.m.9 views

Improper Input Validation

Description If hostname is not entered as in the following PoC, Open Redirect and SSRF occur because hostname is empty. Proof of Concept javascript // PoC : http:@127.0.0.1 const parseUrl = require"parse-url" const http = require"http" url = parseUrl"http:@127.0.0.1" console.logurl...

0.1AI score
Exploits0
huntr
huntr
added 2022/02/18 6:35 a.m.9 views

Path Traversal in silvanmelchior/RPi_Cam_Web_Interface

Description A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...

1.6AI score
Exploits0
huntr
huntr
added 2022/02/10 8:39 p.m.9 views

Inefficient Regular Expression Complexity in gitpython-developers/gitpython

Description In the latest version of GitPython cd29f07b I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service Proof of Concept PoC based on code in git/remote.py Python import logging import re logging.basicConfigformat='%asctimes - %levelnames:...

1.4AI score
Exploits0References1
huntr
huntr
added 2022/02/06 4:7 a.m.9 views

in clasp-developers/clasp

Description Clasp uses printf to log errors and useful information, in one instance of this logging - the printf call specifies format operators but lacks the appropriate arguments - leading to unrelated bytes being included in the output. Impact This vulnerability is capable of allowing an...

2AI score
Exploits0
huntr
huntr
added 2022/02/04 2:15 a.m.9 views

Cross-site Scripting (XSS) - Stored in bytebase/bytebase

Description Hello there, there is a stored XSS in bytebase SQL editor. Proof of Concept 1. Install bytebase on your system. 2. Go to /sql-editor and create a new query with name 3. Go back to the /sql-editor and go to Queries tab and see that a pop up appears, indicating the XSS payload is...

0.7AI score
Exploits0
huntr
huntr
added 2022/01/28 6:10 p.m.9 views

Cross-site Scripting (XSS) - Reflected in phpipam/phpipam

Description Reflected XSS attacks AKA non-persistent attacks when a malicious script is reflected off of a web application to the victim’s browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. The...

6.2AI score
Exploits0
huntr
huntr
added 2022/01/28 8:42 a.m.9 views

Open Redirect in alanaktion/phproject

Description Open Redirect in Login page due to unchecked to parameter. Proof of Concept Send users the following link https://demo.phproject.org/login?to=//example.com After users use their registered account to login, they will be redirected to example.com Impact By modifying the URL value to a...

1.5AI score
Exploits0
huntr
huntr
added 2022/01/20 7:33 a.m.9 views

Classic Buffer Overflow in gpac/gpac

Description Buffer Overflow in gpac Proof of Concept Version: MP4Box - GPAC version 1.1.0-DEV-rev1647-gb6f68145e-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

0.1AI score
Exploits0
huntr
huntr
added 2022/01/17 4:52 a.m.9 views

Cross-site Scripting (XSS) - Stored in zikula/core

Description In zikula/core cross site scripting vulnerability is present in block modules block list description field. This commit e453ad not properly santize the input. Proof of Concept login to the demo account go to blocks https://demo.ziku.la/blocks/admin/view Add payload in block list...

6.3AI score
Exploits0
huntr
huntr
added 2022/01/13 1:38 a.m.9 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description I can send a message. In the here, I can create a link. But, when i create a link, I can use an onfocus/autofocus attribute after escape the href attribute because do not processing for double quote Proof of Concept txt 1. Open the...

7.3AI score
Exploits0
huntr
huntr
added 2022/01/04 7:48 p.m.9 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description I can create links using the Web links feature. However, since the input value is not URL-encoded, the onfocus and autofocus properties can be used by escaping the properties of the "A" tag using double quotation marks ". Proof of Concept txt...

7.3AI score
Exploits0
huntr
huntr
added 2022/01/03 2:30 a.m.9 views

in zikula/core

Description When sending test emails, you're able to spam a target email address with as many emails as an attacker wants to a victim's email address due to lack of rate limiting /mailer/config/test I've put together a simple Python script that exploits this and would allow you to send a custom...

7AI score
Exploits0
huntr
huntr
added 2022/01/01 12:37 p.m.9 views

Cross-site Scripting (XSS) - Stored in cacti/cacti

Description Hi there cacti maintainer team, I would like to report a stored XSS in cacti source code. It is due to unsanitized error message in synchronizing aggregates for color. Proof of Concept 1. Install a cacti instance in your local 2. Go to Color and create a color with name 3. Back to col...

Exploits0References1
huntr
huntr
added 2021/12/30 11:24 p.m.9 views

Cross-site Scripting (XSS) - Stored in zikula/core

Description When inputting a name for a module category whether editing an existing one or adding a new one, you're able to inject your own Javascript, leading to it being executed. An example payload that you can enter is: xss and then each time that you click the category to expand it, your...

Exploits0
huntr
huntr
added 2021/12/30 5:45 a.m.9 views

in gpac/gpac

Description Null Pointer Dereference in gfutf8wcslen Proof of Concept POC is here. bt Program received signal SIGSEGV, Segmentation fault. ----------------------------------registers----------------------------------- RAX: 0x24 '$' RBX: 0x5555555e2870 -- 0x5555555e2840 -- 0x2000000020000000 '' RC...

2.3AI score
Exploits0
huntr
huntr
added 2021/12/22 12:58 a.m.9 views

Open Redirect in erudika/scoold

Description Hi erudika scoold team, there is an Open redirect in your source code at question url Proof of Concept 1. Go to this link https://pro.scoold.com/questions/space?returnto=https://google.com 2. Observe that you are redirected to google.com Impact This vulnerability is capable of Open...

0.1AI score
Exploits0
huntr
huntr
added 2021/12/14 6:18 p.m.9 views

Cross-Site Request Forgery (CSRF) in laravelio/laravel.io

Description This CSRF is capable of making a user unintentionally subscribe and unsubscribe to a thread. Proof of Concept Visit https://laravel.io/forum/storing-sessions-as-in-a-storage-bucket/subscribe Visit https://laravel.io/forum/storing-sessions-as-in-a-storage-bucket/unsubscribe Impact One...

6.9AI score
Exploits0
huntr
huntr
added 2021/12/14 2:55 a.m.9 views

Cross-site Scripting (XSS) - Stored in convos-chat/convos

Description Stored XSS via upload File with format .svg when chatting in private conversation. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of...

0.6AI score
Exploits0
huntr
huntr
added 2021/12/13 6:24 a.m.9 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF to delete user accounts Proof of Concept Impact This vulnerability is capable of tricking admin users to delete user accounts...

1.5AI score
Exploits0
huntr
huntr
added 2021/12/05 4:0 a.m.9 views

Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
huntr
huntr
added 2021/11/29 2:7 p.m.9 views

None in fcambus/logswan

Description Good morning, I hope you're doing well today. Whilst testing logswan built with Clang12 + ASan on Ubuntu 20.04.3 LTS from commit bcfd41, we discovered a heap-use-after-free situation during a strcmp operation on line 259 of logswan/src/logswan.c. Proof of Concept First... echo...

0.3AI score
Exploits0
huntr
huntr
added 2021/11/29 5:26 a.m.9 views

Cross-site Scripting (XSS) - Stored in krayin/laravel-crm

Description Stored XSS at Name of Tag Detail When rendering grid for Tag, Name value is not filtered before rendering which can trigger XSS Proof of Concept // PoC.req POST /admin/settings/tags/edit/1 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:95.0...

0.1AI score
Exploits0
huntr
huntr
added 2021/11/28 2:27 a.m.9 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
huntr
huntr
added 2021/11/25 7:9 a.m.9 views

in combodo/itop

Proof of Concept Bellow request is vulnerable to csrf attack history.pushState'', '', '/' document.forms0.submit;...

7AI score
Exploits0
huntr
huntr
added 2021/11/24 7:17 p.m.9 views

PHP Remote File Inclusion in combodo/itop

Description csrf bug Proof of Concept Bellow request is vulnerable to csrf attack history.pushState'', '', '/' input type="hidden" name="class" v...

7AI score
Exploits0
huntr
huntr
added 2021/11/07 6:27 p.m.9 views

Cross-Site Request Forgery (CSRF) in galette/galette

Description Hello, Looking at the Galette application, I could observe that it is not protected against CSRF Cross-Site Request Forgery From OWASP : Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently...

0.3AI score
Exploits0References1
huntr
huntr
added 2021/10/25 9:10 a.m.9 views

Cross-site Scripting (XSS) - Reflected in collectiveaccess/providence

Description Reflected XSS in form Search. After report https://huntr.dev/bounties/b76d075f-f6b2-40f0-b08e-a56e934d7c60/ I have retested the vulnerability and my payload is able to bypass your filter mechanism. The input tag of the search form was escaped by my payload Step to Reproduct Login to...

0.1AI score
Exploits0
huntr
huntr
added 2021/10/24 9:30 a.m.9 views

Sensitive Cookie Without 'HttpOnly' Flag in kasuganosoras/pigeon

Description One or more cookies don't have the HttpOnly flag set. When a cookie is set with the HttpOnly flag, it instructs the browser that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection for session cookies. Remediation If...

1AI score
Exploits0
Total number of security vulnerabilities4073