Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/09/27 8:12 a.m.37 views

Sensitive Cookie Without 'HttpOnly' Flag in filegator/filegator

Description HTTPOnly attribute is not set for session cookies in the application. Proof of Concept https://ibb.co/R950Vxj Impact When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2023/09/04 9:11 a.m.36 views

Incomplete fix for SSRF in CVE-2023-4651

Description The fix commit a6bf758de0b3242b0c0e4b47a588aae0c94305b0 for CVE-2023-4651 is not complete. Only ip based URLs are blocked. Proof of Concept Clone the latest repo and install. On server, listen for 1234 on localhost. Use http://localhost:1234/ as URL for image upload. Observe a hit on...

5.5CVSS7AI score0.00349EPSS
Exploits2References1
Huntr
Huntr
added 2023/08/13 5:48 a.m.36 views

Theft of Arbitrary Files due to execution of attacker scripts from BashAssociation.kt

Description Tested on Build87 of the Inure application. It was discovered that the application had an exported activity app.simple.inure.activities.association.BashAssociation which accepted intent data via the file scheme + text/x-shellscript mime type and executed the commands contained within...

1.9CVSS7.1AI score0.00381EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/27 11:20 a.m.36 views

Local File Read Bypass in mlflow/mlflow

Description This is a bypass to the following submission which was assigned CVE-2023-1177. Proof of Concept Start the server or UI it works on both identically mlflow ui --host 127.0.0.1:5000 1. Create a Model named "AJAX-API". curl -i -s -k -X $'POST' -H $'Host: 127.0.0.1:5000' -H $'User-Agent:...

7.5CVSS6.9AI score0.69468EPSS
Exploits3References1
Huntr
Huntr
added 2023/03/27 3:58 a.m.36 views

arbitrary file read

Description An authenticated attacker can abuse import-server-files with a path traversal to download an arbitrary file from the server Collaborator: @ub3rsick Proof of Concept 1. 1- to trigger the request for SSRF: go to files - assets - select a folder - right click - add asset - import from...

4CVSS6.3AI score0.00666EPSS
Exploits1
Huntr
Huntr
added 2023/02/09 12:58 p.m.36 views

NULL Pointer Dereference in function utfc_ptr2len

Description NULL Pointer Dereference in function utfcptr2len at mbyte.c.c:2145 allows attackers to cause a denial of service application crash via a crafted input. vim version commit 0caaf1e46511f7a92e036f05e6aa9d5992540117 HEAD - master, tag: v9.0.1293, origin/master, origin/HEAD Author: Yegappa...

1.9CVSS6AI score0.00426EPSS
Exploits1
Huntr
Huntr
added 2022/06/26 2:21 p.m.36 views

RCE due to Improper Authorization in 'Add Extension' functionality

Description The application does not properly implement authorization checks in the add extension functionality and allows a low-privileged user to upload extensions. Since no approval/verification is required to create an account in the application, any unauthenticated attacker can create a...

7.5CVSS1.2AI score0.01092EPSS
Exploits1
Huntr
Huntr
added 2022/05/23 4:14 a.m.36 views

Out-of-bounds read in function gchar_cursor

Description Out-of-bounds read in function gcharcursor at misc1.c:532 vim version git log commit 68e64d2c1735f2a39afa8a0475ae29bedb116684 HEAD - master, tag: v8.2.5006, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch11s.dat -c :qa!...

6.8CVSS7.7AI score0.0157EPSS
Exploits1
Huntr
Huntr
added 2022/05/13 6:14 p.m.36 views

Buffer Over-read in function grab_file_name

Description Buffer Over-read in function grabfilename at findfile.c:1947 vim version git log commit 31ad32a325cc31f0f2bdd530c68bfb856a2187c5 HEAD - master, tag: v8.2.4949, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch5s.dat -c :qa!...

6.8CVSS6.9AI score0.02098EPSS
Exploits1
Huntr
Huntr
added 2022/04/28 8:50 p.m.36 views

Heap buffer overflow in vim_strncpy find_word

✍️ Description When fuzzing vim commit fc78a0369 works with latest build and latest commit 202b4bd3a per this time of this report with clang 13 and ASan, I discovered a buffer overflow. Proof of Concept Here is the poc bash...

6.8CVSS7.6AI score0.02303EPSS
Exploits1
Huntr
Huntr
added 2022/04/24 8:28 p.m.36 views

Improper handling of Length parameter

Description There was no restriction on the amount of text that can be inserted into a user's name field. When the text size was large enough the service resulted in a momentary outage in our non-production environment not high availability. An internal reproduction showed isolated disruption but...

6.5CVSS0.1AI score0.01065EPSS
Exploits1References4
Huntr
Huntr
added 2022/04/10 10:28 a.m.36 views

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users

Description The application Organizr allows malicious javascript in the "Username" & "Email" input fields for which an attacker can able to take over the account of Admin & Co-admin users. Proof of Concept 1.During "Signup" put the below payloads in the "Username" & "Email" input fields. 2.Now ru...

6CVSS1.4AI score0.01204EPSS
Exploits1
Huntr
Huntr
added 2022/04/04 8:33 a.m.36 views

Improper Validation of Array Index

This vulnerability is of type Improper Validation of Array Index. The bug exists in latest stable release radare2-5.6.6 and lastest master branch 8317a34b7e4ab731e230dcdd81adc9323c5b518b, updated in April 03, 2022. Specifically, the vulnerable code located at libr/bin/format/ne/ne.c and the bug's...

6.8CVSS7.7AI score0.00827EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/10 3:29 a.m.36 views

HTTP Request Smuggling

Summary Due to several violations of the HTTP standard as defined in RFC7230, Waitress is vulnerable to HTTP request smuggling when used with an upstream proxy that exhibits nonstandard behaviour. Each issue is explained in the Occurrences section below...

5CVSS0.3AI score0.01738EPSS
Exploits0References2
Huntr
Huntr
added 2022/02/21 5:48 p.m.36 views

Server-Side Request Forgery (SSRF)

Description Bypass of this report: https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369/ Proof of Concept Blacklist does not check for 0.0.0.0 PAYLOAD: http://0.0.0.0 This payload will be resolved to localhost python import socket from urllib.parse import urlparse PAYLOAD =...

7.5CVSS0.5AI score0.01284EPSS
Exploits1
Huntr
Huntr
added 2022/02/07 8:22 a.m.36 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Cross site scripting vulnerability in pimcore,pimcore field, it is fixed in this commit 832c34 , but still it is executing xss .Icon field in events and news Proof of Concept 1 . Login to the demo account https://10.x-dev.pimcore.fun/admin/ 2. Go to settings --data objects -- classes ...

3.5CVSS0.1AI score0.01277EPSS
Exploits1
Huntr
Huntr
added 2022/01/27 12:46 a.m.36 views

Stack-based Buffer Overflow in vim/vim

Description Stack overflow occurs in spellsuggest.c. commit : 44db8213d38c39877d2148eff6a72f4beccfb94e Proof of Concept $ echo -ne "bm9ybRZzMDAwRzAw/TAwMDAwMDAwMDAwMApzaWwwbm9ybS4udnpHLi4uLi4uLi4uLi4uLi4uLnZ2 ekcwICAgICB2IHo9" | base64 -d minimizedpoc Valgrind $ ./vg-in-place -s...

6.8CVSS8.2AI score0.01505EPSS
Exploits1
Huntr
Huntr
added 2022/01/24 3:16 a.m.36 views

Improper Access Control in janeczku/calibre-web

Description With default settings, low-level users will not have permission to read name of private shelf shelf create by another user and not in public mode. However, due to incorrect HTML render, the application does not work as intended. Proof of Concept - Step 1: Login with admin account and ...

4CVSS0.00747EPSS
Exploits1
Huntr
Huntr
added 2021/12/23 4:32 p.m.36 views

in vim/vim

Description A heap-based OOB read of size 4 occurs when a user tries to open a vim session file specified below. This happens regarless of any command line options that could be specified to restrict vim, such -Z and -m. This bug has been found on default vim build in Ubuntu 20.04 for x8664/amd64...

5.8CVSS8.8AI score0.01586EPSS
Exploits1References1
Huntr
Huntr
added 2021/09/27 1:4 p.m.36 views

Heap-based Buffer Overflow in hoene/libmysofa

Description There are some heap-buffer-overflows in mysofa2json of libmysofa. They are in function loudness, mysofacheck and readOHDRHeaderMessageDataLayout. System info Ubuntu 20.04.3 LTS clang 12.0.1 libmysofa github master branch commit 0cb89cb Command to Reproduce build libmysofa with...

7.5CVSS1.5AI score0.01035EPSS
Exploits1
Huntr
Huntr
added 2021/09/21 8:41 a.m.36 views

Inefficient Regular Expression Complexity in validatorjs/validator.js

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in validator. It allows cause a denial of service when calling function 'rtrim'. The ReDoS vulnerability is mainly due to the regex /\s+$/g and can be exploited with the following code. Proof of Concept ...

5CVSS2.2AI score0.01666EPSS
Exploits1
Huntr
Huntr
added 2021/09/11 11:45 a.m.36 views

None in vim/vim

✍️ Description Team, trust you are doing well. As part of continues fuzzing VIM v8.2.3425 in persistence mode, I found a heap use-after-free nvreplace. 🕵️‍♂️ Proof of Concept Affected version: VIM v8.2.3425 Tested on: Linux s157903 4.15.0-106-generic 107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x8664...

6.8CVSS7.5AI score0.01626EPSS
Exploits1References2
Huntr
Huntr
added 2023/09/24 3:18 p.m.35 views

Session is not expiring after password resetting

Description Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs, in this case the session is not getting expired after the password change Proof of Concept 1. Open http://localhost:8188/studio/profile in 2 browsers I use Firefox a...

7AI score0.00504EPSS
Exploits1References1
Huntr
Huntr
added 2023/09/02 2:33 p.m.35 views

segmentation fault in function f_fullcommand

Description segmentation fault in function ffullcommand at exdocmd.c:4101 Proof of Concept valgrind ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocseg -c :qa! ==14662== Memcheck, a memory error detector ==14662== Copyright C 2002-2017, and GNU GPL'd, by Julian Seward et al. ==14662== Using...

4.4CVSS6.9AI score0.00573EPSS
Exploits1
Huntr
Huntr
added 2023/03/22 7:33 a.m.35 views

IDOR Vulnerability Allow the owner of one Organization can create, edit, delete apikeys that belong to other organization

1 first, we create two organizations: org1 and org2. The owner of them is user1 and user2 corresponding. 2 we login as user1 and create a new API keys 3 using the burpsuit to hack hijack the post. 4 The post and can be like:...

6.5CVSS6.3AI score0.00859EPSS
Exploits1
Huntr
Huntr
added 2023/02/28 7:46 a.m.35 views

IDOR Vulnerability Allow Low-Level User Logout Everyone Includes Admin

Description IDOR vulnerability allow low level user to log out everyone in the system by changing the user ID. Proof of Concept Step 1: Login in as admin Step 2: Go to user and add an user. Set role to Default. Step 3: Login as the new user. Step 4: Logout the user GET...

5.5CVSS5.5AI score0.00523EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/27 11:56 p.m.35 views

Language Dropdown Menu Manipulation

Hello It is possible to manipulate the Language Dropdown Menu and change it to anything the attacker wants. Process of the Vulnerability: 1. Login 2. Go Miscellaneous - Email & file templates 3. Add Template - Change & Save and intercept the Request 4. Change the Language to anything you want ---...

3.3CVSS5.4AI score0.00562EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/27 11:44 p.m.35 views

SQL Database Error could lead to SQL Injection with internal Path Disclosure

Hello, Through manipulating Parameter i get an SQL Error which can lead to SQL Injection. Plus that there is an internal Path Disclosure. Best regards Ahmed Hassan...

5CVSS6AI score0.00667EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/15 2:9 p.m.35 views

SQL injection in API authorization check

Description TeamPass /authorize API endpoint is vulnerable to SQL injection in the login field. It is possible to forge an arbitrary Blowfish hash and use it in the query to bypass the password verification check. Using the same query it is possible to define an arbitrary apikey value too: "login...

5CVSS8.2AI score0.08354EPSS
Exploits6
Huntr
Huntr
added 2022/12/24 2:46 p.m.35 views

Reset API any user via IDOR

Description Reset API any user without taking action from him via IDOR Proof of Concept 1- Create a user 2- Go to setting 3- Open Burp Suite to object to the requisition 4- Click on it Reset API 5- Note that the endpoint is in the request PATCH/api/user/102 6- When the number that is in endpoint...

5CVSS1.3AI score0.00702EPSS
Exploits1
Huntr
Huntr
added 2022/12/24 9:14 a.m.35 views

File Deletion Detected

Description Vulnerability allows deleting files in the server, affect the logic of the source code or disrupt the program to make the original way of operation Proof of Concept B1. Login and access to admin.php?p=uploader&action=mediamanager B2. Delete 1 uploaded file B3. Change parameter...

5.5CVSS7.9AI score0.00711EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/03 6:32 a.m.35 views

Use After Free in function do_tag

Description Use After Free in function dotag at vim/src/tag.c:807. vim version ./vim --version VIM - Vi IMproved 9.0 2022 Jun 28, compiled Sep 2 2022 22:56:19 Included patches: 1-363 Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/elva/fuzzvim/test/poc8huaf.dat -c :qa!...

4.4CVSS7.7AI score0.00528EPSS
Exploits1
Huntr
Huntr
added 2022/03/23 11:11 a.m.35 views

Open Redirect on login

Description Although https://github.com/go-gitea/gitea/pull/9678 protects against most open redirects there is an unfortunate flaw in its logic due to browser behaviour when presented with Locations that have backslashes in them Proof of Concept...

5.8CVSS0.7AI score0.53177EPSS
Exploits1
Huntr
Huntr
added 2022/03/13 2:20 p.m.35 views

File Upload Restriction Bypass leading to Stored XSS Vulnerability

Description File Upload Restriction Bypass leading to Stored XSS Vulnerability, by leveraging file extension vbhtm, vbhtml, soap, even any extension ends with html e.g. aahtml, bbhtml Proof of Concept Step 1 Access https://www.showdoc.com.cn/attachment/index Step 2 Prepare a file with content bel...

4.3CVSS6.2AI score0.0087EPSS
Exploits1
Huntr
Huntr
added 2022/03/11 5:1 p.m.35 views

Insecure deserialization of not validated module file

Description In recent Crater version 18507ddb tag: 6.0.6 highly privileged user can upload malicious module file and run insecure deserialization, which can lead to remote code execution. Proof of Concept 1. Prepare PHAR file - php --define phar.readonly=0 phar.php PHP data = $data; function...

6.5CVSS0.3AI score0.01579EPSS
Exploits1References2
Huntr
Huntr
added 2022/02/27 2:50 a.m.35 views

Protocol/Hostname spoofing via Improper Input Validation

Description The uri.js doesn't remove whitespace characters from the beginning of the protocol, so it doesn't parse URLs properly. Several methods, including http.get, location.href, and fetch, strip the whitespace character in front of the protocol before sending the request. Proof of Concept...

5CVSS0.6AI score0.01995EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 8:37 a.m.35 views

Improper Authorization in salesagility/suitecrm

Description In SuiteCRM v7.12.4, affecting Employee Module, any user with the User Type as Regular User could export employee records via /index.php?entryPoint=export endpoint. The prerequisite of this attack is by knowing the user record ID which can be obtained in the employees' section. The...

4CVSS0.2AI score0.00609EPSS
Exploits1
Huntr
Huntr
added 2022/01/27 6:59 p.m.35 views

Heap-based Buffer Overflow in vim/vim

Description Heap-buffer-overflow on read in yankcopyline This issue was created to separate this one and was fixed with Patch 8.2.4219. Proof of Concept Steps to reproduce: echo -n c2lsIW5vcm0wbxSA/zAWenk= | base64 -d heapowpoc3 vim -u NONE -i NONE -n -X -Z -e -m -s -S heapowpoc3 -c :qa! Sanitize...

6.8CVSS6.2AI score0.01161EPSS
Exploits1
Huntr
Huntr
added 2022/01/24 4:11 a.m.35 views

Cross-site Scripting (XSS) - Stored in vanessa219/vditor

Description The Vanessa219/vditor is a markdown editor supported by browsers. If the user passes javascript:alertdocument.domain as the URL value when creating a link using the markdown syntax, there is no sanitizing process and the link is created as it is. Proof of Concept txt XSS PoC : xss 1...

3.5CVSS5.5AI score0.00538EPSS
Exploits1
Huntr
Huntr
added 2021/11/18 5:49 p.m.35 views

Heap-based Buffer Overflow in vim/vim

Description Greetings, A Heap-based Buffer Overflow issue was discovered in Vim. The POC file is reduced to the absolute minimum to reproduce the problem. Please see sanitizer output and the "trimmed" POC file link below. System info OS version : Ubuntu 20.04.2 LTS + Clang 12 with ASan Vim Versio...

6.8CVSS7.8AI score0.01461EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/07 6:32 p.m.35 views

Heap-based Buffer Overflow in vim/vim

Description Team, trust you are doing well. As part of continues fuzzing VIM v8.2.3582 15d9890eee53afc61eb0a03b878a19cb5672f732 in persistence mode, I found a heap use-after-free mlappendint. Proof of Concept Affected version: v8.2.3582 Tested on: Linux s157903 4.15.0-106-generic 107-Ubuntu SMP T...

8.5CVSS8AI score0.02075EPSS
Exploits1
Huntr
Huntr
added 2021/02/07 12:0 a.m.35 views

Path Traversal in rust-compress/rc-zip

:book: Description rc-zip Pure rust zip & zip64 reading and writing. this package is vulnerable for zip-slip https://github.com/rust-compress/rc-zip https://crates.io/crates/rc-zip :recycle: Steps To Reproduce-: 0 download and run latest release from https://github.com/rust-compress/rc-zip 1 run ...

0.6AI score
Exploits0
Huntr
Huntr
added 2023/10/02 2:3 p.m.34 views

Heap BoF in trunc_string()

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the master branch as of 09/25 at commit 6ee7b521fa7531ef356ececc8be7575c3800f872 . Description Heap BoF in the file /src/message.c in the function truncstring at line 356. Snippet c bufe -...

5CVSS6.9AI score0.0119EPSS
Exploits1
Huntr
Huntr
added 2023/02/28 1:42 a.m.34 views

Local file inclusion leading to RCE

Description The api handling endpoint allows for a local file inclusion that can lead to remote code execution. It requires a valid api token which can be obtained via a database backup with account access, a number of different sql injections with account access, or stolen from a user. Proof of...

6.5CVSS7.5AI score0.01914EPSS
Exploits1
Huntr
Huntr
added 2022/12/28 2:44 p.m.34 views

CSRF to change user language preferences

Description Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user Proof of Concept 1 Go to...

4.3CVSS6.8AI score0.00642EPSS
Exploits1
Huntr
Huntr
added 2022/12/26 10:37 a.m.34 views

An attacker can be post message in other memos page

Description An attacker can be post malicious content to other user's memos page via POST request, attacker just add an creatorID into body request and send it with Burpsuite Here is video poc: https://drive.google.com/file/d/1dNKo-ybfguam4YdvmluYujN2nkTG5D9G/view?usp=sharelink Proof of Concept...

5CVSS0.2AI score0.00772EPSS
Exploits1
Huntr
Huntr
added 2022/12/22 8:33 a.m.34 views

Link Preload XSS bypass

Description Link preloads still do not effectively confirm if the requested link is external. This is a bypass to the fix for CVE-2022-4414. Root Cause The getPayloadURL function was adapted after the disclosure to use the browsers built in URL parser to properly check for a valid URL. This is a...

5.8CVSS6.1AI score0.00528EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/18 11:14 a.m.34 views

TLS Cookie without `secure` flag at https://roy.demo.phpmyfaq.de

Description The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function. This issue was found in multiple locations under the reported path. Issue background If the secure flag is set...

5CVSS0.00422EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/13 2:52 p.m.34 views

XSS via Mathematical Typesetting

🔒️ Requirements Feature: Extras Mathematical Typesetting enabled. User interaction: Access vulnerable page || diagram and wheel click on a link. 📝 Description The Mathematical Typesetting feature allows to use inline content such as AsciiMath or LaTeX. Using it allows you to create a tag via \href...

5.8CVSS0.8AI score0.0061EPSS
Exploits1
Huntr
Huntr
added 2022/09/08 10:22 a.m.34 views

HTML Injection vulnerability in create tag functionality

Vulnerability Details In the Microweber CMS, While doing a live edit on to the application, we have the option to create a new global tag in the application. While creating a global tag, the "Tag Name" input field doesn't properly get sanitized and it's vulnerable to HTML Injection vulnerability...

5.8CVSS0.3AI score0.00565EPSS
Exploits1References1
Total number of security vulnerabilities4072