Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/07/15 6:15 p.m.9 views

in emoncms/emoncms

✍️ Description weak password requirements can lead to account takeover vulnerability as attacker easily can perform Bruteforce attacks. 🕵️‍♂️ Proof of Concept if a attacker knows the username and email of the your users then attacker easily can reset the victim password and no privileges required...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/07/07 10:44 p.m.9 views

Cross-site Scripting (XSS) - Reflected in leantime/leantime

✍️ Description Reflected XSS in editBoxDialog.tpl.php where "module" and "label" parameters leads to exploitation of a vulnerability. 🕵️‍♂️ Proof of Concept Open this link http://127.0.0.1/setting/editBoxLabel?module=idealabels%22%3E%3Cscript%3Ealert%22XSS%20by%20OverJT%22%3C/script%3E&label=jjj 💥...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/07/05 6:30 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description I found a stored XSS in your project which is lead by adding client's comment. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a Client. 2. Enter " in the comments. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/07/05 6:28 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description I found a stored XSS in your project which is lead by adding invoice comment. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a invoice. 2. Enter " in the comments. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/07/04 5:22 p.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG Stored xss 2 💥 VERSION TESTED latest version as of 4/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageSettings.php and click on Sign Up tab .\ put bellow xss payload xss2"' in Members custom...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/07/04 4:31 p.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG XSS via groupname 💥 VERSION TESTED latest version as of 4/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageViewGroups.php and create a new group .\ During creation put bellow xss payload in...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/07/04 10:19 a.m.9 views

Cross-site Scripting (XSS) - Stored in volmarg/personal-management-system

💥 BUG XSS via issue-name 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://personal-management-system.pl/my-issues/pending and create a new issue .\ During creation put bellow xss payload in name field and save it.\ xss"' Now whenever you visit...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/07/04 1:25 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description In the repo online invoicing system i found a stored xss which gets exploited on member profile view which is lead by group name. 🕵️‍♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1wUNY4BQyvI5RzutUn8T5KbTRMAIAZOlJ/view?usp=sharing Steps to reproduce: 1. Create a group...

6.6AI score
Exploits0
Huntr
Huntr
added 2021/07/03 4:4 p.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description here is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest releasety. 🕵️‍♂️ Proof of Concept step to reproduce: Go to /admin/pageSettings.php and click Preconfigured users and groups Add payload: " on Name...

5.8AI score
Exploits0
Huntr
Huntr
added 2021/07/03 3:59 a.m.9 views

Cross-site Scripting (XSS) - Reflected in bigprof-software/online-rental-property-manager

✍️ Description Reflected XSS in membershippasswordReset.php where key parameter leads to exploitation of a vulnerability. 🕵️‍♂️ Proof of Concept // POC membershippasswordReset.php?key=;?"alert1 💥 Impact This vulnerability is capable of XSS, steal user cookies, session hijacking...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/07/03 2:21 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG xss via unit description 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/unitsview.php and create a new unit .\ During creation put bellow xss payload in...

2.4AI score
Exploits0
Huntr
Huntr
added 2021/07/03 1:55 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss in profile Address field.\ There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/07/03 1:44 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG xss via groupname permission 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. first goto http://localhost/online-rental/app/admin/pageEditGroup.php and add a new group and put bellow xss payload in...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/07/02 4:30 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS in the online invoicing system view price history which is lead by adding invoice items. 💥 TESTED VERSION https://github.com/bigprof-software/online-invoicing-system/releases/tag/v5.0 🕵️‍♂️ Proof of Concept POC Video:...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/07/02 3:28 a.m.9 views

Cross-site Scripting (XSS) - Reflected in projectsend/projectsend

💥 BUG reflected xss 💥 STEP TO REPRODUCE 1. Login to your account and visit url http://localhost/projectsend2/process.php?do=returnfilesids&files%5B0%5D%5Bname%5D=batch%5B%5D&files%5B0%5D%5Bvalue%5D=32%27%22%3E%3Cimg+src=x+onerror=alert%3E and see xss is executed 💥 IMPACT Attacker can execute...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/07/01 1:46 a.m.9 views

Cross-site Scripting (XSS) - Stored in getgrav/grav

✍️ Description Grav is vulnerable to XSS via bad SVG files. It is possible to upload an SVG file that contains errors after script tags. 🕵️‍♂️ Proof of Concept SVG file content: html alertdocument.domain; 1. Create an SVG file with the above content. 2. Upload it through profile image update. 3...

Exploits0
Huntr
Huntr
added 2021/06/30 5:49 p.m.9 views

Server-Side Request Forgery (SSRF) in kalcaddle/kodexplorer

✍️ Description The path is vulnerable to ssrf via svg file upload 🕵️‍♂️ Proof of Concept upload an SVG file with SSRF payload in it. open option on the file and open with browser. 💥 Impact redirect host via ssrf...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/06/30 9:17 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS in the online invoicing system when adding a group name. 🕵️‍♂️ Proof of Concept Video POC: https://drive.google.com/file/d/13VaUfJrhd7m565lMQWZMfzXhfYPVjPV/view?usp=sharing Payload: ''' 💥 Impact Stored XSS...

Exploits0
Huntr
Huntr
added 2021/06/28 12:48 p.m.9 views

Cross-site Scripting (XSS) - Reflected in bigprof-software/online-invoicing-system

✍️ Description Application is vulnerable to XSS through key parameter. Line 85 of membershippasswordReset.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in membershippasswordReset.php at line 85...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/06/27 3:44 a.m.9 views

Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description inurlbr function is vulnerable to CI of exploitation.py 🕵️‍♂️ Proof of Concept // PoC https://drive.google.com/file/d/1HpID3CrNAqK7t0C2JttP75Eqptha6r-D/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/06/26 9:39 p.m.9 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description ?tab= parameter is vulnerable to Cross Site Scripting. Line 1974 of backup.php sends unvalidated data to a web browser, which can result in the browser executing malicious code of XSS. 🕵️‍♂️ Proof of Concept POC SCREENSHOT: 1. Just visit /settings.php?tab=alert1 and XSS will be pop...

1AI score
Exploits0References1
Huntr
Huntr
added 2021/06/25 6:37 p.m.9 views

Cross-site Scripting (XSS) - Stored in nebulade/meemo

✍️ Description Stored xss in meemo file create functionality 🕵️‍♂️ Proof of Concept Payload: Test POC screenshot: https://drive.google.com/file/d/1aLBRIdU2AAz-RXa6uEF0IiWfks5jHMu/view?usp=sharing Tested on the demo website of the latest release. To reproduce create a file and add the following...

6.8AI score
Exploits0
Huntr
Huntr
added 2021/06/18 12:42 a.m.9 views

Cross-site Scripting (XSS) - Stored in falconchristmas/fpp

✍️ Description fpp is vulnerable to XSS through file name. 🕵️‍♂️ Proof of Concept 1. Access /upload. 2. Change the name of an image to .png. 3. Upload it. 💥 Impact JavaScript code execution...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/06/16 12:29 p.m.9 views

in chatwoot/chatwoot

💥 BUG unprivileged user can see ticket content 💥 IMPACT User does not have any inboixes but still can see ticket details in inbox . 💥 STEP TO REPRODUCE 1.First from admin account goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list and add new agent user-B .\ Now dont add this...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/06/15 4:36 p.m.9 views

Improper Privilege Management in gskinner/regexr

✍️ Description I managed to find a Critical IDOR in the https://github.com/gskinner/regexr/ . Any user is able to change the Visibility Status of any pattern set 📚 Proof of Concept 1: Go to https://regexr.com/ 2: Click on "New" in the Top Left Corner 3: Select Pattern Settings and Fill out "patter...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/06/13 3:44 a.m.9 views

Path Traversal in kalcaddle/kodexplorer

✍️ Description KodExplorer A web-based file manager, web IDE/browser-based code editor. I discovered that by uploading a symbolic linked file via any user, he/she could see any file in the server which causes Path Traversal vulnerability. 🕵️‍♂️ Proof of Concept 1. Create a file by the following...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/06/11 8:35 p.m.9 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

✍️ Description The faq section of LiveHelperChat can be modified listing some new questions/answers. However, the template is used incorrectly resulting in a CSTI injection which leads to stored XSS. 🕵️‍♂️ Proof of Concept 1. Install the livechat 2. Go on https://your-host.com/siteadmin/faq/view/1...

6.2AI score
Exploits0References1
Huntr
Huntr
added 2021/06/10 12:50 p.m.9 views

SQL Injection in s-cart/core

✍️ Description Searching keyword in/scadmin/currency is vulnerable to SQL injection. This will allow a user to run arbitrary SQL queries and completely delete, edit, export or change all information in the database - potentially rendering the entire platform unusable. 🕵️‍♂️ Proof of Concept Login...

1.7AI score
Exploits0References1
Huntr
Huntr
added 2021/06/10 5:24 a.m.9 views

Cross-site Scripting (XSS) - Stored in cortezaproject/corteza-server

💥 BUG Stored xss bug using file upload against admin . 💥 TESTED VERSION v2021.3.6 💥 IMPACT lower level user can make xss attack against admin . Using xss bug attacker can execute arbitary javascript in victim account .\ Thus lower level user can execute arbitary javascript in admin account using...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/06/08 6:42 a.m.9 views

None in chatwoot/chatwoot

✍️ Description No rate limit on the login portal 🕵️‍♂️ Proof of Concept POC VIDEO: https://drive.google.com/file/d/1fmhVsm2tZ2r1yIGduAlTWFO52semP5z/view?usp=sharing Conclusion: It gives 401 error when an incorrect password It gives 200 when it got the correct password 💥 Impact Any attacker can able...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/06/04 1:15 p.m.9 views

Heap-based Buffer Overflow in squell/id3

✍️ Description Archive.org is a worthy cause to support. 👍 During testing of id3 compiled from commit a899ea with Clang 13+ASan on Ubuntu 20.04.2, we discovered a payload which triggers a heap-buffer-overflow in ID3put. This particular bug was found using the AFL fuzzer. 🕵️‍♂️ Proof of Concept echo...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/06/03 7:35 p.m.9 views

Cross-Site Request Forgery (CSRF) in monicahq/monica

✍️ Description The /settings/exportToSql endpoint does not have CSRF Protection. This could be used to force download account data and potentially spoof users. 🕵️‍♂️ Proof of Concept Login to user account. Create the following file and open the page in browser. // PoC.html To verify that you are a...

1.3AI score
Exploits0References1
Huntr
Huntr
added 2021/05/30 6:48 p.m.9 views

Prototype Pollution in robinvdvleuten/shvl

✍️ Description Hi, I've seen a recent prototype pollution report to this library and, during the code review, found out that the applied fix doesn't work at all. The problem relies in the regex used to fix, as I shown bellow. 🕵️‍♂️ Proof of Concept The reported prototype pollution resulted in the...

7.2AI score
Exploits0References2
Huntr
Huntr
added 2021/05/29 4:59 p.m.9 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, it is possible to inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/59b7f7e8039a7019143c2c4b44f7d95b6358a4ef/www/formatstorage.phpL24 php &1"; echo "Command: $command\n"; echo...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/05/29 4:15 p.m.9 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, it is possible ot inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/f032d800a67ed280f8d577d95519a71c95114579/www/upgradeOS.phpL46 php system$SUDO . " $fppDir/SD/upgradeOS-part1.sh /home/fpp/media/upload/" . $GET'os'; 🕵️‍♂️ Proof of Concept Visit :...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/05/28 10:14 a.m.9 views

Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Unsanitized user input leads to command injection in multiple scripts. 🕵️‍♂️ Proof of Concept payload = ;id https://drive.google.com/file/d/1ZPyCaSyDbD2-gQK43DKlAHkFxi8lmgh/view?usp=sharing 💥 Impact command run as root so it could do potential damage...

1AI score
Exploits0References1
Huntr
Huntr
added 2021/05/21 4:11 p.m.9 views

Improper Access Control in teamultroid/ultroid

✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️‍♂️ Proof of Concept Visit this link to verify that you can use the service by visiting...

1.5AI score
Exploits0References1
Huntr
Huntr
added 2021/05/18 9:33 a.m.9 views

Prototype Pollution in fiznool/body-parser-xml

✍️ Description This library uses an XML parsing library which causes prototype pollution. However, this issue can be fixed on our side. 🕵️‍♂️ Proof of Concept const express = require'express'; const bodyParser = require'body-parser'; require'body-parser-xml'bodyParser; const app = express; const...

7.5CVSS1.1AI score0.01299EPSS
Exploits1References2
Huntr
Huntr
added 2021/05/14 2:42 a.m.9 views

in rockcarry/ffjpeg

✍️ Description An exploitable heap overflow vulnerability exists in function bmpload in bmp.c. 🕵️‍♂️ Proof of Concept make ./ffjpeg -e poc 💥 Impact This vulnerability is capable of Code execution...

2.4AI score
Exploits0References1
Huntr
Huntr
added 2021/05/12 2:13 p.m.9 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, in https://github.com/FalconChristmas/fpp/blob/721c99aed6897792bf7f79fa02a280995e27d409/www/gitCheckoutVersion.phpL38 : php A system function is called with a user input, a malicious user could profit from it if the version variable contains a command 🕵️‍♂️ Proof of Concept...

2.6AI score
Exploits0
Huntr
Huntr
added 2021/05/11 7:31 p.m.9 views

Cross-site Scripting (XSS) - Reflected in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through Online movies id edition. 🕵️‍♂️ Proof of Concept 1. With an authenticated user, access http://localhost/private/en/medialibrary/mediaitemindex. 2. Click on New media. 3. Select Online movies Youtube, Vimeo, ... and click on Next. 4. Select any...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/05/09 8:23 p.m.9 views

Session Fixation in monicahq/monica

✍️ Description Recently there was more than 5 reports at huntr showing how to trigger XSS in monica ,the session fixation i am reporting here can be used with these bugs or can be used for post exploitation methods to maintain access on an account even after changing the password of the account...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/05/04 8:45 p.m.9 views

Path Traversal in svenstaro/miniserve

✍️ Description The file upload feature in miniserver is vulnerable to path traversal vulnerability. An attacker can upload a file with "../" in the filename and the web server will then upload the file outside of the directory scope allowing path traversal. The severity of this security issue...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/05/03 8:56 a.m.9 views

Insufficiently Protected Credentials in hotrodzphotography/hotrodzphotography.github.io

✍️ Description Private mailgun API key found in https://github.com/hotrodzphotography/hotrodzphotography.github.io/blob/1e8d0227f3558f3df8140ee0042867fcb1146379/src/views/Contact.vueL48 90e27fb32160148dc1cc3890ef601355' 🕵️‍♂️ Proof of Concept curl --user 'api:key-90e27fb32160148dc1cc3890ef601355'...

7AI score
Exploits0
Huntr
Huntr
added 2021/05/03 8:8 a.m.9 views

Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Command injection occurs due to lack of sanitization of input passed to the os.system command usage in the package. as the package runs only as root every command processed inside the package system command will be running with root privileges , so every command passed via simple...

2.3AI score
Exploits0References1
Huntr
Huntr
added 2021/03/17 1:24 p.m.9 views

Prototype Pollution in aheckmann/mquery

✍️ Description mquery is aware of the risk of prototype pollution in its exported functions cloneObject and merge and readily present protection by checking the key in var specialProperties = 'proto', 'constructor', 'prototype'. However, the current protection misses to protect another exported...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/02/14 12:0 a.m.9 views

Code Injection in adobe/ops-cli

Description ops-cli is a wrapper for Terraform, Ansible, Helmfile and SSH for cloud automation , which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip install ops-cli Run exploit.py...

1.8AI score
Exploits0References1
Huntr
Huntr
added 2021/02/04 12:0 a.m.9 views

Prototype Pollution in kettek/dot-dotty

Description dot-dotty is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js const DotDotty = require'dot-dotty' let obj = a: 1 let dot = DotDottyobj console.log"Before : " + .polluted; dot'proto.polluted' = 'Yes! Its Polluted'; console.log"After : " +...

2AI score
Exploits0
Huntr
Huntr
added 2021/01/28 12:0 a.m.9 views

Code Injection in tensorflow/tfx

Description TensorFlow Extended TFX is a Google-production-scale machine learning platform based on TensorFlow. It provides a configuration framework to express ML pipelines consisting of TFX components. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of...

2.5AI score
Exploits0References1
Huntr
Huntr
added 2021/01/26 12:0 a.m.9 views

Prototype Pollution in yomguithereal/baobab

Description baobab is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const Baobab = require'baobab'; console.log'Before: ' + .polluted tree = new Baobab tree.deepMergeJSON.parse'"proto": "polluted": true' console.log'After: ' + .polluted...

1.7AI score
Exploits0
Total number of security vulnerabilities4072