Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/10/09 8:44 a.m.9 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description There is a CSRF vulnerability on Empty Inbox in Private Messages inbox. Proof of Concept //POC.html history.pushState'', '', '/'...

2.5AI score
Exploits0
Huntr
Huntr
added 2021/10/05 3:54 p.m.9 views

SQL Injection in ampache/ampache

Description The application does not validate and escape the type parameter before using it in a SQL statement in Model/Tag.php, leading to a SQL Injection Proof of Concept Time delay: GET /browse.php?action=tag&type=0%27orifnow=sysdate,sleep3,0or%27 HTTP/1.1 Host: demo.ampache.dev sec-ch-ua:...

0.8AI score
Exploits0References1
Huntr
Huntr
added 2021/10/05 4:3 a.m.9 views

Cross-site Scripting (XSS) - Stored in yeswiki/yeswiki

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.1AI score
Exploits0References2
Huntr
Huntr
added 2021/10/04 1:38 p.m.9 views

Classic Buffer Overflow in sjord/checkmate

Description Good morning, I hope this message finds you well during these challenging times. Whilst testing checkmate built from commit 8e497d8, we discovered crafted input which triggers a bug in the frame parsing code, leading to a global-buffer-overflow, READ of size 4. Proof of Concept First...

0.9AI score
Exploits0References1
Huntr
Huntr
added 2021/10/01 5:5 p.m.9 views

Use of a Broken or Risky Cryptographic Algorithm in livehelperchat/livehelperchat

Description livehelperchat uses cryptographically insecure functions microtime, mtrand and even rand to generate sensitive information. Proof of Concept None provided, see the PHP documentation that specifies the cryptographic insecurity of the above functions. Impact This vulnerability is capabl...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/10/01 5:19 a.m.9 views

Cross-Site Request Forgery (CSRF) in craigk5n/webcalendar

Description Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/10/01 4:42 a.m.9 views

Type Confusion in craigk5n/webcalendar

Description During the comparisons of different variables, php will automatically convert the data into a common, comparable type. This leads to a variety of problems and might even cause security vulnerabilities. https://github.com/craigk5n/webcalendar has type juggling vulnerabilities that allo...

7.5AI score
Exploits0References1
Huntr
Huntr
added 2021/09/27 12:12 p.m.9 views

Exposure of Sensitive Information to an Unauthorized Actor in kcal-app/kcal

Description An attacker can view the foods and other informations in the application through direct call to api functions without any authenication Proof of Concept Step 1 Go to http://demo.kcal.cooking/api/v1/foods?pagenumber=1&pagesize=12...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/09/26 10:31 a.m.9 views

Use of a Broken or Risky Cryptographic Algorithm in idno/known

Description In the referenced code, known uses an insecure RNG to generate a password because, in its words; this should "mitigate security holes if cleanup fails" - unfortunately, if the cleanup fails - an attacker may be able to predict the password to the created account. Proof of Concept See...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/09/24 7:29 p.m.9 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

Description With this CSRF any user is able to remove any punishment on any user made by the staff. Proof of Concept After you log in, open this POC.html in a browser. This will remove any punishment that's specified in the POC. history.pushState'', '', '/' document.forms0.submit; This specific P...

3AI score
Exploits0
Huntr
Huntr
added 2021/09/20 1:13 p.m.9 views

Inefficient Regular Expression Complexity in ampproject/amphtml

✍️ Description The amphtml package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted template as input to the expandTemplate function of core/types/string/index.js may cause an application to consume an excessive amount of CPU. Below pinned...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/09/20 10:49 a.m.9 views

Cross-site Scripting (XSS) - Stored in zikula-modules/content

Description Stored XSS in External element Feed when created Content Proof of Concept POST /content/item/edit?type=Zikula%5CContentModule%5CContentType%5CFeedType HTTP/2 Host: demo.ziku.la Cookie: zsid=5idn7q9udrp7mgirikmdlep45d User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...

6.3AI score
Exploits0
Huntr
Huntr
added 2021/09/19 10:4 a.m.9 views

Cross-Site Request Forgery (CSRF) in janeczku/calibre-web

Description Hi team :, the /shelf/remove/id and /shelf/add/id is vulnerable against CSRFleading to the possibility to add and remove shelves' items on the behalf of the victim user. Proof of Concept 1. Install the application 2. Create a new shelf id == 1 in this case 3. The attacker sends the...

6.8AI score
Exploits0
Huntr
Huntr
added 2021/09/18 7:34 p.m.9 views

Cross-site Scripting (XSS) - Reflected in zikula/core

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC Request: POST /permissions/test HTTP/1.1 Host: demo.ziku.la Cookie: zsid=qk60gkn4dmhgrjc6io2kt3dij4 User-Agent:...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/09/18 4:18 p.m.9 views

in zikula/core

Description Rate limit bypass sent unlimited email victim or any email address Proof of Concept There is no rate limit lost-user-name, attacker to send unlimited email to victim or any email address. POST /zauth/account/lost-user-name HTTP/1.1 Host: demo.ziku.la User-Agent: Mozilla/5.0 Windows NT...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/09/17 5:31 p.m.9 views

in zikula/core

Description Sensitive Data can be exposed even after logouting the application Proof of Concept Tested url :: https://demo.ziku.la/ Tested on :: Firefox 1 Login to the application 2 Got my account 3 Click logout button 4 Press browser back button 5 Now the we can re-enter to the dashboard Impact...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/09/17 4:23 p.m.9 views

Inefficient Regular Expression Complexity in validatorjs/validator.js

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in validator. It allows cause a denial of service when validating crafted invalid MagnetURIs. The ReDoS vulnerability is mainly due to the sub-pattern .+&tr=.+ with quantified overlapping adjacency and c...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/09/15 6:0 a.m.9 views

Cross-site Scripting (XSS) - DOM in zoujingli/thinkadmin

Description DOM based xss via url hash frgament Proof of Concept First login into https://v6.thinkadmin.top and then visit https://v6.thinkadmin.top/admin.htmlhttps://bbounty.000webhostapp.com/cors.php?id=xxxxx2 and see xss is executed Impact DOM based xss via url hash fragment...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/09/13 3:59 p.m.9 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

Description Attacker able to delete any file In Files module if this module enabled there isn't any csrf protection in this endpoint. Proof of Concept After open the PoC.html file you can see that the file with name 1.jpg will be deleted. //PoC.html history.pushState'', '', '/'...

2AI score
Exploits0
Huntr
Huntr
added 2021/09/10 1:23 p.m.9 views

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Hello dear glpi team I found one more CSRF vulnerability. 🕵️‍♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here pdf plugin will be uninstalled after clicking on submit...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/09/09 1:17 p.m.9 views

Cross-site Scripting (XSS) - Reflected in universaloj/uoj-system

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.5AI score
Exploits0
Huntr
Huntr
added 2021/09/09 7:28 a.m.9 views

Cross-site Scripting (XSS) - Reflected in tildeclub/site

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.1AI score
Exploits0References1
Huntr
Huntr
added 2021/09/09 6:40 a.m.9 views

Improper Access Control in agentejo/cockpit

✍️ Description A local file inclusion vulnerability allows attackers to bypass the need for API Keys when querying private custom API endpoints 🕵️‍♂️ Proof of Concept 1. On the server create a custom API endpoint in /var/www/html/config/api/custom.php as follows: param'test'; if !$test return...

1.3AI score
Exploits0References1
Huntr
Huntr
added 2021/09/06 12:48 p.m.9 views

Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver

✍️ Description stored xss bug via link in store 🕵️‍♂️ Proof of Concept 1. goto https://mainnet.demo.btcpayserver.org/stores and create a store .\ 2. Now open that store using url https://mainnet.demo.btcpayserver.org/stores/BuBNcrh8vpu4sMcTikqXoP5pXU49hvoFDyqAoA46Tns2 and change website link to...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/09/05 12:50 p.m.9 views

in fisharebest/webtrees

✍️ Description The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. The Forgot Password feature can be exploited to conduct user enumeration. If the given email exists in the...

Exploits0References1
Huntr
Huntr
added 2021/09/02 1:59 p.m.9 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description A malicious actor is able to add new Client with a malicious payload, and upon opening the research menu, the XSS payload is being executed. 🕵️‍♂️ Proof of Concept - 1; Log in with a proper roled user - 2; Add a new client to the system at upper right corner at /clients/showAll/ URI...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/08/31 5:9 p.m.9 views

Cross-site Scripting (XSS) - Stored in yogeshojha/rengine

✍️ Description Hi, When creating a template for nuclei, it is possible to upload a malicious template with xss load, clicking to see this template will run xss. 🕵️‍♂️ Proof of Concept 1- First, create the fake template: id: poc-xss alert1 info: name: xss-storage-rengine author: phor3nsic severity:...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/08/31 5:7 p.m.9 views

Cross-site Scripting (XSS) - Stored in zikula/core

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites 🕵️‍♂️ Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/blocks/admin/block/edit/2 2- Go to Editor and link a test word with a link As...

6AI score
Exploits0
Huntr
Huntr
added 2021/08/28 10:41 a.m.9 views

Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php

✍️ Description Attacker able to rename any disktag with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/08/27 6:38 a.m.9 views

Cross-site Scripting (XSS) - Reflected in azuracast/azuracast

✍️ Description The Application is Vulnerable to reflected HTML Injection 🕵️‍♂️ Proof of Concept Open the following page in the browser as admin. The page is vulnerable to HTML Injection...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2021/08/25 11:57 a.m.9 views

in zoujingli/thinkadmin

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

1.3AI score
Exploits0References1
Huntr
Huntr
added 2021/08/24 2:3 p.m.9 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description The download/web-log endpoint does not have CSRF Protection. This could be used to force download error log and potentially sensitive information leakage. 🕵️‍♂️ Proof of Concept Login to user account. Create the following POC.html file and open the page in browser. To verify that you...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2021/08/24 1:56 p.m.9 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description Attacker is able to add an element to favorite. this vulnerability happens on some sections. for example on “Firewall” tab list/firewall/ 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally first record saves as favorite...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/08/24 1:52 p.m.9 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description In this application there is weak CSRF protection on backup functionality. therefore according to below POC.html when a logged in user visits attacker website then an unintentional backup request sends to application. 🕵️‍♂️ Proof of Concept //PoC.html history.pushState'', '', '/'...

1.3AI score
Exploits0References1
Huntr
Huntr
added 2021/08/24 1:46 p.m.9 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description Attacker is able to logout user if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally you logged out history.pushState'', '', '/' document.forms0.submit; 💥 Impact This vulnerability is...

1.6AI score
Exploits0References1
Huntr
Huntr
added 2021/08/23 7:12 p.m.9 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of Purchases invoices with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/08/23 11:27 a.m.9 views

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

5.2AI score
Exploits0References2
Huntr
Huntr
added 2021/08/17 3:14 p.m.9 views

Cross-Site Request Forgery (CSRF) in aces/loris

✍️ Description Attacker able to create any Category with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/08/17 3:10 p.m.9 views

Cross-Site Request Forgery (CSRF) in aces/loris

✍️ Description Attacker able to edit any Information with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

1AI score
Exploits0
Huntr
Huntr
added 2021/08/13 3:8 p.m.9 views

Cross-site Scripting (XSS) - Stored in ampache/ampache

✍️ Description This is a stored XSS in the mp3 management library. 🕵️‍♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "New" 1 under "Information" menu: 💥 Impact By uploading an mp3 with javascript code into meta tag could permit an...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/08/06 10:18 a.m.9 views

in filegator/filegator

Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/08/05 12:55 p.m.9 views

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Attacker able to delete any document from Processing change with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/08/04 7:32 a.m.9 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

✍️ Description csrf bug to create a backup 🕵️‍♂️ Proof of Concept Bellow request vulnerable to csrf bug which allow to create database backup GET /online-rental-property-manager/app/admin/pageBackupRestore.php?action=createbackup HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Ubuntu; Linux...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/08/04 6:31 a.m.9 views

Improper Privilege Management in bigprof-software/online-invoicing-system

💥 BUG CSRF bug to approve member 💥 IMPACT csrf bug allow to approov any user 💥 STEP TO REPRODUCE 1. Lets assume signup allowed in settings page and member need to approoved .\ Now From external user goto http://localhost/online-invoice/app/membershipsignup.php and signup for new member with...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/08/02 11:26 a.m.9 views

Cross-Site Request Forgery (CSRF) in alanaktion/phproject

✍️ Description Attacker able to delete any group with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks i...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/07/31 2:0 p.m.9 views

Improper Privilege Management in amirsanni/mini-inventory-and-sales-management-system

💥 BUG unprivileged user can add item 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ So, user-B cant add new item.\ 2. Now goto user-B account and here user-B cant see...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/07/30 5:35 p.m.9 views

Cross-Site Request Forgery (CSRF) in sergix44/xbackbone

✍️ Description following endpoint vulnerable to CSRF: /omeka/upload/1/delete Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. 🕵️‍♂️ Proof of Concept // PoC.html...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/07/30 2:18 p.m.9 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

✍️ Description Attacker able to delete any Module if attacker knows the ids parameter value. 🕵️‍♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the Module with id 167 has been deleted. //PoC.html...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/07/30 2:14 p.m.9 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

✍️ Description Attacker able to delete any user if knows the user id parameter value. 🕵️‍♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the user with id 3 has been deleted. //PoC.html history.pushState'', '',...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/07/30 11:7 a.m.9 views

in erudika/scoold

✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. 💥 Impact This...

2AI score
Exploits0
Total number of security vulnerabilities4072