Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/07/30 2:14 p.m.9 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

✍️ Description Attacker able to delete any user if knows the user id parameter value. 🕵️‍♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the user with id 3 has been deleted. //PoC.html history.pushState'', '',...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/07/30 11:7 a.m.9 views

in erudika/scoold

✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. 💥 Impact This...

2AI score
Exploits0
Huntr
Huntr
added 2021/07/28 8:40 p.m.9 views

Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/07/28 8:51 a.m.9 views

in zeromq/pyzmq

✍️ Description The paramiko.WarningPolicy policy used in setmissinghostkeypolicy will not reject unknown host keys. This may lead to Man-in-the-middle attacks. 🕵️‍♂️ Proof of Concept client = paramiko.SSHClient client.loadsystemhostkeys client.setmissinghostkeypolicyparamiko.WarningPolicy 💥 Impact...

2.9AI score
Exploits0
Huntr
Huntr
added 2021/07/24 10:19 p.m.9 views

Use of a Broken or Risky Cryptographic Algorithm in serghey-rodin/vesta

✍️ Description uniqid does not generate cryptographically secure strings, even if it did, supplying it with mtrand would render it insecure as an attacker would be able to gain access to a victim's account by simply knowing when they logged in, this could be used as a mass-account-takeover vector...

2.2AI score
Exploits0
Huntr
Huntr
added 2021/07/23 3:4 p.m.9 views

Cross-Site Request Forgery (CSRF) in janeczku/calibre-web

✍️ Description An attacker can make a user change his profile settings by CSRF vulnerability through PoC file. There is no CSRF token. 🕵️‍♂️ Proof of Concept For example, changing the email address from "[email protected]" to "[email protected]" test1's profile. Make the user open a link with this page...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/07/22 6:9 p.m.9 views

Cross-Site Request Forgery (CSRF) in emoncms/dashboard

💥 BUG csrf bug to regenerate api-key 💥 STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/user/newapikeywrite.json and a new api key will be generated. 💥 IMPACT Any attacker can send those link to vicitm and when vicitm open the link then api-key will be...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/07/21 8:15 a.m.9 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In Ticket section , you protect tickets from being deleted with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary tickets only with knowing their "trackid" parameter. 🕵️‍♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This...

4.3AI score
Exploits0
Huntr
Huntr
added 2021/07/18 10:48 a.m.9 views

in spiral-project/ihatemoney

💥 BUG clickjacking bug. 💥 STEP TO REPRODUCE I see there is no X-Frame-Options header present in response . So, it allow to load dashboard url in iframe which make clickjacking attack . Iframe will be completely hidden with opacity control so that victim dont suspect . bellow code can be used as...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/07/15 6:15 p.m.9 views

in emoncms/emoncms

✍️ Description weak password requirements can lead to account takeover vulnerability as attacker easily can perform Bruteforce attacks. 🕵️‍♂️ Proof of Concept if a attacker knows the username and email of the your users then attacker easily can reset the victim password and no privileges required...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/07/07 10:44 p.m.9 views

Cross-site Scripting (XSS) - Reflected in leantime/leantime

✍️ Description Reflected XSS in editBoxDialog.tpl.php where "module" and "label" parameters leads to exploitation of a vulnerability. 🕵️‍♂️ Proof of Concept Open this link http://127.0.0.1/setting/editBoxLabel?module=idealabels%22%3E%3Cscript%3Ealert%22XSS%20by%20OverJT%22%3C/script%3E&label=jjj 💥...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/07/05 6:30 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description I found a stored XSS in your project which is lead by adding client's comment. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a Client. 2. Enter " in the comments. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/07/05 6:28 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description I found a stored XSS in your project which is lead by adding invoice comment. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a invoice. 2. Enter " in the comments. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/07/04 5:22 p.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG Stored xss 2 💥 VERSION TESTED latest version as of 4/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageSettings.php and click on Sign Up tab .\ put bellow xss payload xss2"' in Members custom...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/07/04 4:31 p.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG XSS via groupname 💥 VERSION TESTED latest version as of 4/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageViewGroups.php and create a new group .\ During creation put bellow xss payload in...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/07/04 10:19 a.m.9 views

Cross-site Scripting (XSS) - Stored in volmarg/personal-management-system

💥 BUG XSS via issue-name 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://personal-management-system.pl/my-issues/pending and create a new issue .\ During creation put bellow xss payload in name field and save it.\ xss"' Now whenever you visit...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/07/04 1:25 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description In the repo online invoicing system i found a stored xss which gets exploited on member profile view which is lead by group name. 🕵️‍♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1wUNY4BQyvI5RzutUn8T5KbTRMAIAZOlJ/view?usp=sharing Steps to reproduce: 1. Create a group...

6.6AI score
Exploits0
Huntr
Huntr
added 2021/07/03 4:4 p.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description here is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest releasety. 🕵️‍♂️ Proof of Concept step to reproduce: Go to /admin/pageSettings.php and click Preconfigured users and groups Add payload: " on Name...

5.8AI score
Exploits0
Huntr
Huntr
added 2021/07/03 3:59 a.m.9 views

Cross-site Scripting (XSS) - Reflected in bigprof-software/online-rental-property-manager

✍️ Description Reflected XSS in membershippasswordReset.php where key parameter leads to exploitation of a vulnerability. 🕵️‍♂️ Proof of Concept // POC membershippasswordReset.php?key=;?"alert1 💥 Impact This vulnerability is capable of XSS, steal user cookies, session hijacking...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/07/03 2:21 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG xss via unit description 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/unitsview.php and create a new unit .\ During creation put bellow xss payload in...

2.4AI score
Exploits0
Huntr
Huntr
added 2021/07/03 1:55 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss in profile Address field.\ There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/07/03 1:44 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG xss via groupname permission 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. first goto http://localhost/online-rental/app/admin/pageEditGroup.php and add a new group and put bellow xss payload in...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/07/02 4:30 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS in the online invoicing system view price history which is lead by adding invoice items. 💥 TESTED VERSION https://github.com/bigprof-software/online-invoicing-system/releases/tag/v5.0 🕵️‍♂️ Proof of Concept POC Video:...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/07/02 3:28 a.m.9 views

Cross-site Scripting (XSS) - Reflected in projectsend/projectsend

💥 BUG reflected xss 💥 STEP TO REPRODUCE 1. Login to your account and visit url http://localhost/projectsend2/process.php?do=returnfilesids&files%5B0%5D%5Bname%5D=batch%5B%5D&files%5B0%5D%5Bvalue%5D=32%27%22%3E%3Cimg+src=x+onerror=alert%3E and see xss is executed 💥 IMPACT Attacker can execute...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/07/01 1:46 a.m.9 views

Cross-site Scripting (XSS) - Stored in getgrav/grav

✍️ Description Grav is vulnerable to XSS via bad SVG files. It is possible to upload an SVG file that contains errors after script tags. 🕵️‍♂️ Proof of Concept SVG file content: html alertdocument.domain; 1. Create an SVG file with the above content. 2. Upload it through profile image update. 3...

Exploits0
Huntr
Huntr
added 2021/06/30 5:49 p.m.9 views

Server-Side Request Forgery (SSRF) in kalcaddle/kodexplorer

✍️ Description The path is vulnerable to ssrf via svg file upload 🕵️‍♂️ Proof of Concept upload an SVG file with SSRF payload in it. open option on the file and open with browser. 💥 Impact redirect host via ssrf...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/06/30 9:17 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS in the online invoicing system when adding a group name. 🕵️‍♂️ Proof of Concept Video POC: https://drive.google.com/file/d/13VaUfJrhd7m565lMQWZMfzXhfYPVjPV/view?usp=sharing Payload: ''' 💥 Impact Stored XSS...

Exploits0
Huntr
Huntr
added 2021/06/28 12:48 p.m.9 views

Cross-site Scripting (XSS) - Reflected in bigprof-software/online-invoicing-system

✍️ Description Application is vulnerable to XSS through key parameter. Line 85 of membershippasswordReset.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in membershippasswordReset.php at line 85...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/06/27 3:44 a.m.9 views

Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description inurlbr function is vulnerable to CI of exploitation.py 🕵️‍♂️ Proof of Concept // PoC https://drive.google.com/file/d/1HpID3CrNAqK7t0C2JttP75Eqptha6r-D/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/06/26 9:39 p.m.9 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description ?tab= parameter is vulnerable to Cross Site Scripting. Line 1974 of backup.php sends unvalidated data to a web browser, which can result in the browser executing malicious code of XSS. 🕵️‍♂️ Proof of Concept POC SCREENSHOT: 1. Just visit /settings.php?tab=alert1 and XSS will be pop...

1AI score
Exploits0References1
Huntr
Huntr
added 2021/06/25 6:37 p.m.9 views

Cross-site Scripting (XSS) - Stored in nebulade/meemo

✍️ Description Stored xss in meemo file create functionality 🕵️‍♂️ Proof of Concept Payload: Test POC screenshot: https://drive.google.com/file/d/1aLBRIdU2AAz-RXa6uEF0IiWfks5jHMu/view?usp=sharing Tested on the demo website of the latest release. To reproduce create a file and add the following...

6.8AI score
Exploits0
Huntr
Huntr
added 2021/06/18 12:42 a.m.9 views

Cross-site Scripting (XSS) - Stored in falconchristmas/fpp

✍️ Description fpp is vulnerable to XSS through file name. 🕵️‍♂️ Proof of Concept 1. Access /upload. 2. Change the name of an image to .png. 3. Upload it. 💥 Impact JavaScript code execution...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/06/16 12:29 p.m.9 views

in chatwoot/chatwoot

💥 BUG unprivileged user can see ticket content 💥 IMPACT User does not have any inboixes but still can see ticket details in inbox . 💥 STEP TO REPRODUCE 1.First from admin account goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list and add new agent user-B .\ Now dont add this...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/06/15 4:36 p.m.9 views

Improper Privilege Management in gskinner/regexr

✍️ Description I managed to find a Critical IDOR in the https://github.com/gskinner/regexr/ . Any user is able to change the Visibility Status of any pattern set 📚 Proof of Concept 1: Go to https://regexr.com/ 2: Click on "New" in the Top Left Corner 3: Select Pattern Settings and Fill out "patter...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/06/13 3:44 a.m.9 views

Path Traversal in kalcaddle/kodexplorer

✍️ Description KodExplorer A web-based file manager, web IDE/browser-based code editor. I discovered that by uploading a symbolic linked file via any user, he/she could see any file in the server which causes Path Traversal vulnerability. 🕵️‍♂️ Proof of Concept 1. Create a file by the following...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/06/11 8:35 p.m.9 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

✍️ Description The faq section of LiveHelperChat can be modified listing some new questions/answers. However, the template is used incorrectly resulting in a CSTI injection which leads to stored XSS. 🕵️‍♂️ Proof of Concept 1. Install the livechat 2. Go on https://your-host.com/siteadmin/faq/view/1...

6.2AI score
Exploits0References1
Huntr
Huntr
added 2021/06/10 12:50 p.m.9 views

SQL Injection in s-cart/core

✍️ Description Searching keyword in/scadmin/currency is vulnerable to SQL injection. This will allow a user to run arbitrary SQL queries and completely delete, edit, export or change all information in the database - potentially rendering the entire platform unusable. 🕵️‍♂️ Proof of Concept Login...

1.7AI score
Exploits0References1
Huntr
Huntr
added 2021/06/10 5:24 a.m.9 views

Cross-site Scripting (XSS) - Stored in cortezaproject/corteza-server

💥 BUG Stored xss bug using file upload against admin . 💥 TESTED VERSION v2021.3.6 💥 IMPACT lower level user can make xss attack against admin . Using xss bug attacker can execute arbitary javascript in victim account .\ Thus lower level user can execute arbitary javascript in admin account using...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/06/08 6:42 a.m.9 views

None in chatwoot/chatwoot

✍️ Description No rate limit on the login portal 🕵️‍♂️ Proof of Concept POC VIDEO: https://drive.google.com/file/d/1fmhVsm2tZ2r1yIGduAlTWFO52semP5z/view?usp=sharing Conclusion: It gives 401 error when an incorrect password It gives 200 when it got the correct password 💥 Impact Any attacker can able...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/06/04 1:15 p.m.9 views

Heap-based Buffer Overflow in squell/id3

✍️ Description Archive.org is a worthy cause to support. 👍 During testing of id3 compiled from commit a899ea with Clang 13+ASan on Ubuntu 20.04.2, we discovered a payload which triggers a heap-buffer-overflow in ID3put. This particular bug was found using the AFL fuzzer. 🕵️‍♂️ Proof of Concept echo...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/06/03 7:35 p.m.9 views

Cross-Site Request Forgery (CSRF) in monicahq/monica

✍️ Description The /settings/exportToSql endpoint does not have CSRF Protection. This could be used to force download account data and potentially spoof users. 🕵️‍♂️ Proof of Concept Login to user account. Create the following file and open the page in browser. // PoC.html To verify that you are a...

1.3AI score
Exploits0References1
Huntr
Huntr
added 2021/05/30 6:48 p.m.9 views

Prototype Pollution in robinvdvleuten/shvl

✍️ Description Hi, I've seen a recent prototype pollution report to this library and, during the code review, found out that the applied fix doesn't work at all. The problem relies in the regex used to fix, as I shown bellow. 🕵️‍♂️ Proof of Concept The reported prototype pollution resulted in the...

7.2AI score
Exploits0References2
Huntr
Huntr
added 2021/05/29 4:59 p.m.9 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, it is possible to inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/59b7f7e8039a7019143c2c4b44f7d95b6358a4ef/www/formatstorage.phpL24 php &1"; echo "Command: $command\n"; echo...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/05/29 4:15 p.m.9 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, it is possible ot inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/f032d800a67ed280f8d577d95519a71c95114579/www/upgradeOS.phpL46 php system$SUDO . " $fppDir/SD/upgradeOS-part1.sh /home/fpp/media/upload/" . $GET'os'; 🕵️‍♂️ Proof of Concept Visit :...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/05/28 10:14 a.m.9 views

Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Unsanitized user input leads to command injection in multiple scripts. 🕵️‍♂️ Proof of Concept payload = ;id https://drive.google.com/file/d/1ZPyCaSyDbD2-gQK43DKlAHkFxi8lmgh/view?usp=sharing 💥 Impact command run as root so it could do potential damage...

1AI score
Exploits0References1
Huntr
Huntr
added 2021/05/21 4:11 p.m.9 views

Improper Access Control in teamultroid/ultroid

✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️‍♂️ Proof of Concept Visit this link to verify that you can use the service by visiting...

1.5AI score
Exploits0References1
Huntr
Huntr
added 2021/05/18 9:33 a.m.9 views

Prototype Pollution in fiznool/body-parser-xml

✍️ Description This library uses an XML parsing library which causes prototype pollution. However, this issue can be fixed on our side. 🕵️‍♂️ Proof of Concept const express = require'express'; const bodyParser = require'body-parser'; require'body-parser-xml'bodyParser; const app = express; const...

7.5CVSS1.1AI score0.01299EPSS
Exploits1References2
Huntr
Huntr
added 2021/05/14 2:42 a.m.9 views

in rockcarry/ffjpeg

✍️ Description An exploitable heap overflow vulnerability exists in function bmpload in bmp.c. 🕵️‍♂️ Proof of Concept make ./ffjpeg -e poc 💥 Impact This vulnerability is capable of Code execution...

2.4AI score
Exploits0References1
Huntr
Huntr
added 2021/05/12 2:13 p.m.9 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, in https://github.com/FalconChristmas/fpp/blob/721c99aed6897792bf7f79fa02a280995e27d409/www/gitCheckoutVersion.phpL38 : php A system function is called with a user input, a malicious user could profit from it if the version variable contains a command 🕵️‍♂️ Proof of Concept...

2.6AI score
Exploits0
Huntr
Huntr
added 2021/05/11 7:31 p.m.9 views

Cross-site Scripting (XSS) - Reflected in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through Online movies id edition. 🕵️‍♂️ Proof of Concept 1. With an authenticated user, access http://localhost/private/en/medialibrary/mediaitemindex. 2. Click on New media. 3. Select Online movies Youtube, Vimeo, ... and click on Next. 4. Select any...

0.1AI score
Exploits0
Total number of security vulnerabilities4072