Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/11/22 4:9 p.m.8 views

DOM-based Cross-site Scripting (DXSS) Vulnerability

Description Two CalendarXP products have DXSS vulnerability in common parts of HTML files. CalendarXP FlatCalendarXP through 10.0.1 has DXSS vulnerability in iflateng.htm and nflateng.htm, and CalendarXP PopCalendarXP through 10.0.1 has DXSS vulnerability in ipopeng.htm and npopeng.htm. Proof of...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/11/21 8:28 a.m.8 views

heap-buffer-overflow in gf_isom_box_write_header

Description heap-buffer-overflow in gfisomboxwriteheader at isomedia/boxfuncs.c:408. version info git log commit 68064e10172675e0853d6f429fb2055112835602 grafted, HEAD - master, origin/master, origin/HEAD Author: jeanlf Date: Fri Nov 18 10:36:10 2022 +0100 fixed build without http2 support ./MP4B...

7AI score
Exploits0
Huntr
Huntr
added 2022/09/26 11:44 p.m.8 views

Stored Cross-Site Scripting (XSS) in via direct link to attachments

Description The XSS is related to this previous report. The fix to prevent XSS in uploaded attachments is insufficient, as there is no mitigation when accessing attachments via a direct link. Proof of Concept Steps to reproduce: 1. Log in to Inventree 2. Click on Parts. Add a new Category and...

1.3AI score
Exploits0
Huntr
Huntr
added 2022/09/04 12:22 p.m.8 views

UI Discrepancy in Password

Description There is UI discrepancy in the user password section in nakama console. The UI presents the following message to the user for a short password: "Password is required, must be 8 chars or longer and consist of at least a capital letter, a small letter and a number". However, the backend...

7.2AI score
Exploits0
Huntr
Huntr
added 2022/08/02 2:0 p.m.8 views

Weak password policy on account creation/password update

Description The password policy used in the account creation and password change pages is weak, allowing to set a password of only 1 character. Proof of Concept Case 1 - Account Creation 1. 1 - Login as admin and go to the users page. 2. 2 - Create a new user and set 1 as the password and click i...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/07/17 2:30 a.m.8 views

Cross-Site Request Forgery (CSRF)

Description I found a possible Cross-Site Request Forgery CSRF vulnerability in Login Form. Login CSRF is a type of attack where the attacker can force the user to log in to the attacker’s account on a website and thus reveal information about what the user is doing while logged in. Proof of...

1.6AI score
Exploits0References3
Huntr
Huntr
added 2022/07/04 10:37 a.m.8 views

Regular Expression Denial of Service (ReDoS)

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in parse-url. It allows cause a denial of service when calling function parse-url. The ReDoS vulnerability is mainly due to the regex /git@|https?://\w.@+/|:,\w,-,,/+.git0,1/0,1/ and can be...

3.4AI score
Exploits0
Huntr
Huntr
added 2022/06/30 6:50 p.m.8 views

File Protocol Spoofing

Description parse-url misinterpreting the file:// protocol when trying to match git urls. The following payload is certainly valid file protocol but is interpreted as ssh protocol. file:///etc/passwd?http://a:1:1 Proof of Concept // PoC.js const fs = require'fs'; var parseURL = require"parse-url"...

7.2AI score
Exploits0
Huntr
Huntr
added 2022/06/25 2:38 a.m.8 views

Improper storage of authorization cookie on HTTPs pages

The authorization cookie used by the panel pufferauth is stored in the browser without using HttpOnly or Secure flags on the cookie...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/06/19 4:19 a.m.8 views

Cross-site Scripting (XSS) - Stored

Description Titra is vulnerable to Stored XSS in the Task field when creating a new task in a project. Steps to reproduce 1.In the Overview tab, click on New project button. 2.Enter a project name and click Save. 3.Move to the Tasks tab in that project and click on New Task button. 4.In the Task...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/06/13 9:59 a.m.8 views

Weak Password Policy

Description You can change your password in profile to a weak password. Proof of Concept 1. Login and go to your Profile 2. Use the password change feature or https://app.titra.io/changePwd 3. Enter your current password, fill the "Password" and "Password again" with 1 You can see your password h...

7.2AI score
Exploits0References2
Huntr
Huntr
added 2022/06/13 4:27 a.m.8 views

Stored XSS in Customer Company Name

Description The application inventree is vulnerable to Stored XSS in customer company name field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/11tKQzqKFobDEuqigsQYIdQhMnqSLIBsi/view?usp=sharing...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/05/14 5:56 a.m.8 views

xss bypass of https://huntr.dev/bounties/4bc8f164-faf8-4096-aa00-e439fa976876/

Description xss bypass of https://huntr.dev/bounties/4bc8f164-faf8-4096-aa00-e439fa976876/ TESTED BROWSER google chrome Proof of Concept this bug has been fixed by setting text/xml content-type .\ But this can also be bypassed . Save bellow file as test.xml . Upload this and view the file and see...

7.2AI score
Exploits0
Huntr
Huntr
added 2022/05/13 2:45 p.m.8 views

xss filter bypass

Description xss check bypass Proof of Concept i see you you fixed https://huntr.dev/bounties/31aba7c9-edcf-44bf-9fd8-ca15d1fa53c8/ by using if !empty$this-web && !filtervar$this-web, FILTERVALIDATEURL .\ But this can be bypassed easily and cause xss .\ FILTERVALIDATEURL can be bypassed using url...

7.2AI score
Exploits0
Huntr
Huntr
added 2022/05/09 9:43 a.m.8 views

Stored Xss

Description Hi i found stored xss due to website field Proof of Concept 1. Create a new non-admin account 2. Login and goto http://localhost/invoices/EditAgenciaTransporte add new user with website link to "javascript:confirmdocument.domain" 3. Save user and navigate to http://localhost/invoices/...

6.8AI score
Exploits0
Huntr
Huntr
added 2022/04/28 12:18 p.m.8 views

Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept - it works on firefox not in chromium based browsers - login as admin - go to...

Exploits0
Huntr
Huntr
added 2022/04/23 11:24 p.m.8 views

Cross-site Scripting (XSS) - Stored

Description he software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept - login as an admin - go to...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/04/23 6:12 p.m.8 views

Cross-site Scripting (XSS) - Stored

Description Stored XSS found due to long name summarize Proof of Concept 1.First, access the latest version of the demo environment. https://www.rosariosis.org/demonstration/index.php 2.Then log in with your teacher account teacher/teacher 3.After logging in, access to add an assignment. 4.Then...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2022/04/23 4:16 a.m.8 views

Improper authorization - receptionist can read all Clinic reports

Description Hi there openemr maintainers, I would like to report an improper authorization vulnerability in your source code. Proof of Concept 1. Install openemr in your system and create an admin account and a receptionist account 2. Log in as receptionist and see that you don't see Reports...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/03/30 11:41 p.m.8 views

Controlled heap buffer overflow in SDP packet parsing

Description A malicious server can trigger an out-of-bounds heap write via a specially crafted SDP packet due to no bounds check when parsing time zone information into the AdjustmentTime and AdjustmentOffset fields of GFSDPTiming. Proof of Concept poc.py is available here terminal 1 python3 poc....

2.2AI score
Exploits0
Huntr
Huntr
added 2022/03/26 3:44 a.m.8 views

Bypass previous fix

Description Bypass previous report fix Proof of Concept it checks if returnurl starts with / . So, it can be bypasssed using //google.com . 1. Login in the demo instance https://demo.linkding.link/ 2. Go to https://demo.linkding.link/bookmarks/3/remove?returnurl=//google.com 3. You will be...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/03/07 10:1 p.m.8 views

Cross-site Scripting (XSS) - Stored

Description Email tracking pixel hits store the user agent of the browser / mail client that opens the email. That user agens is not sanitised on input, but also not escaped on output in the template. This allows anonymous users to store XSS payloads in the timeline on their contact page Proof of...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/02/27 3:46 p.m.8 views

File Descriptor Leak

Possible sensitive files Vulnerability description: A possible sensitive file has been found. This file is not directly linked from the website. This check looks for common sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Eac...

6.8AI score
Exploits0References2
Huntr
Huntr
added 2022/01/30 11:25 a.m.8 views

Cross-site Scripting (XSS) - Stored in s-cart/core

Description Multiple Stored XSS exists in S-Cart Version 6.8.4 and below leads to cookie stealing of any victim that visits the affected URL. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie. Proof of Conce...

6.3AI score
Exploits0References1
Huntr
Huntr
added 2022/01/20 10:31 a.m.8 views

Heap-based Buffer Overflow in gpac/gpac

Description When fuzzing gpac with clang 10 I found a heap overflow. Proof of Concept pocgffprintf Crash stack trace aldo@vps:/gpac/bin/gcc$ ASANOPTIONS=symbolize=1 ASANSYMBOLIZERPATH=/usr/bin/llvm-symbolizer ./MP4Box -disox -ttxt -2 -dump-chap-ogg -dump-cover -drtp -bt -out /dev/null...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/01/20 8:15 a.m.8 views

None in gpac/gpac

Description Use After Free in gpac Proof of Concept MP4Box -bt POC4 MP4Box -bt POC5 POC4 is here. POC5 is here. ASAN ==414586==ERROR: AddressSanitizer: heap-use-after-free on address 0x6100000007fc at pc 0x7f7926081250 bp 0x7ffd2e84f4a0 sp 0x7ffd2e84f490 READ of size 4 at 0x6100000007fc thread T0...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/01/16 5:57 p.m.8 views

in livehelperchat/livehelperchat

Lack of server side validation An admin can delete his/her account by bypassing client side validation 1.Login in application as admin. 2.Nagiate to settings and create another user. 3.Now see the list of user, an admin can only delete other user account rather than his/her. 4.Click on delete and...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/01/15 1:30 a.m.8 views

Cross-site Scripting (XSS) - Stored in saleor/saleor-dashboard

Description Because the dangerouslySetInnerHTML method is used to output the input value of the DOM, XSS vulnerabilities occur in many logics. Proof of Concept html " Impact Through this vulnerability, an attacker is capable to execute malicious scripts...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2022/01/08 6:26 a.m.8 views

Cross-site Scripting (XSS) - Stored in outline/outline

Description outline is a fastest wiki and knowledge base for growing teams. Beautiful, feature rich, and markdown compatible. this package is vulnerable for stored XSS Proof of Concept Or here is the original video Impact This vulnerability is capable of Stored XSS...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/12/30 11:24 p.m.8 views

Cross-site Scripting (XSS) - Stored in zikula/core

Description When inputting a name for a module category whether editing an existing one or adding a new one, you're able to inject your own Javascript, leading to it being executed. An example payload that you can enter is: xss and then each time that you click the category to expand it, your...

Exploits0
Huntr
Huntr
added 2021/12/25 11:29 a.m.8 views

Cross-Site Request Forgery (CSRF) in e107inc/e107

Description Hi there, there is a Cross Site Request Forgery in e107 that allows an attacker to force admin user to repair a plugin. Proof of Concept 1. Install e107 in your system 2. Log in as adminstrator 3. Copy this link and paste to your browser:...

2AI score
Exploits0
Huntr
Huntr
added 2021/12/25 11:24 a.m.8 views

Cross-Site Request Forgery (CSRF) in e107inc/e107

Description Hi e107 team, I would like to report a CSRF in e107 source code. This is in install plugin feature Proof of Concept 1. Install a local instance of e107 2. Login as admin and access this link /e107admin/plugin.php?mode=installed&action=install&path=chatboxmenu 3. See that the pluglin...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2021/12/23 9:17 p.m.8 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description The lack of a CSRF token and validation of the request method gives the attacker the ability to delete DeleteReportFolder Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact The attacker has the ability to delete arbitrary report folders on behalf of the victi...

3.6AI score
Exploits0
Huntr
Huntr
added 2021/12/22 3:53 p.m.8 views

Inefficient Regular Expression Complexity in python/cpython

Description In recent cpython version 31ff9671 I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. Vulnerability exists in EntryPoint class which is used to parse package/module entry-points. Proof of Concept Simplified PoC based on init.py Python...

1.4AI score
Exploits0References2
Huntr
Huntr
added 2021/12/06 12:43 p.m.8 views

Cross-site Scripting (XSS) - Reflected in tsolucio/corebos

Description Please enter a description of the vulnerability. coreBOS is vulnerable to Reflected XSS via activitytype in index Proof of Concept 1.After login, click poc url 2.select Activity Type // PoC.js...

1AI score
Exploits0References1
Huntr
Huntr
added 2021/11/29 3:25 p.m.8 views

Cross-site Scripting (XSS) - Generic in zikula/core

Description In zikula/core cross site scripting vulnerability is present in block module description field Proof of Concept 1. login to the demo account 2. go to blocks https://demo.ziku.la/blocks/admin/view 3. Add payload in title field and save 4 payload = " Impact This vulnerability is capable...

Exploits0
Huntr
Huntr
added 2021/11/29 3:7 p.m.8 views

Cross-site Scripting (XSS) - Reflected in zikula/core

Description In zikula/core cross site scripting vulnerability in extension list name field. Proof of Concept 1. login to the demo account 2. go to extensions https://demo.ziku.la/extensions/module/modify/3 3. Add payload in displayname field payload " Impact This vulnerability is capable of stole...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/11/24 7:13 p.m.8 views

in combodo/itop

Description csrf bug Proof of Concept bellow request is vulnerable to csrf attack history.pushState'', '', '/' document.forms0.submit;...

7AI score
Exploits0
Huntr
Huntr
added 2021/11/16 8:17 p.m.8 views

in janeczku/calibre-web

Description A user with no permissions about public shelves can edit his own private shelf making it public. This vulnerability is called Mass Assignment. Proof of Concept The file shelf.py at line 247 sets as public every shelf to be edited, so if the user injects the parameter ispublic=on in th...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/11/15 2:59 p.m.9 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description More unprotected CSRF endpoints that allows for state-changing operations. 1: GET /dashboard/moderation/1/approve 2: GET /requests/1/accept 3: GET /requests/1/reject 4: GET /requests/1/unclaim 5: GET /requests/1/reset Proof of Concept CLICK ME! Impact This vulnerability is capable of...

2AI score
Exploits0
Huntr
Huntr
added 2021/11/08 10:34 a.m.8 views

in cortezaproject/corteza-server

Description There's no bound limit to the number of "characters/special characters" in the name field of the user. Vulnerable Field: Full Name By sending a very long string it’s possible to cause a denial a service attack on the server. This may lead to the website becoming unavailable or...

Exploits0
Huntr
Huntr
added 2021/11/08 5:4 a.m.8 views

Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/10/20 6:32 p.m.8 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description When uploading a new theme, the description of a theme can contain JavaScript code. This can be used for Cross-Site-Scripting. Proof of Concept I downloaded the Kompact theme https://github.com/jessedobbelaere/fork-cms-theme-kompact/archive/master.zip, extracted it and changed in...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/10/18 2:14 p.m.8 views

in appendium/flatpack

Description The flatpack vulnerable to XML External Entity XXE. An attacker that is able to provide a crafted XML file as input to the parse function in the MapParser.java file may allow an attacker to execute XML External Entities XXE. Proof of Concept import java.io.File; import...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/10/18 11:38 a.m.8 views

in tsolucio/corebos

Description Just like last report of mine there is another improper privilege management that test user can see other users special workflow contents like Tasks just go to this link that belong to admin from another users account...

2.7AI score
Exploits0
Huntr
Huntr
added 2021/10/18 10:51 a.m.9 views

Cross-site Scripting (XSS) - Reflected in tsolucio/corebos

Description Reflected XSS via upload of malicious SVG file. Proof of Concep 1: Upload SVG file via /corebos/index.php?module=Documents&action=DetailView&viewname=0&start=&record=8460& alertdocument.location; 2: Trigger the reflected XSS by visiting the malicious SVG file stored in the storage...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/10/18 6:50 a.m.8 views

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description Have reviewed your fix for double URL encoding here: https://github.com/Admidio/admidio/commit/6b3820a574dc5f52243fbaafdb7089560c99d949 But it can easily be bypassed by triple URL encoding. Note: apparently after applying the above fix from Github on the machine, I cannot use the...

6.4AI score
Exploits0
Huntr
Huntr
added 2021/10/17 11:48 p.m.8 views

Open Redirect in forkcms/forkcms

Description When a user, who has access to admin page and who is not logged in, opens a page like http://forkcms.site/private/de/authentication?querystring=//google.de/ and the user enters their credentials, the user is redirected to https://google.de. When a user, who has access to admin page an...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2021/10/16 6:40 p.m.8 views

Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

✍️ Description The persistent or stored XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular...

4.6AI score
Exploits0
Huntr
Huntr
added 2021/10/15 1:46 p.m.8 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description Hi, By continuing to look at the project I was able to find a new XSS stored. Although it seems to be filtered in some parts of the site, when sending a photo as a greeting card, it is possible to include an arbitrary payload in the text field leading to a stored XSS. From OWASP :...

0.4AI score
Exploits0References1
Total number of security vulnerabilities4072