Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/03/18 7:36 p.m.7 views

heap-buffer-overflow in vim_strrchr

Description heap based buffer overflow in vimstrrchr at strings.c:682 Vim Version git log commit ea83c194625e51c28a2796eba9ba87b0b9ab23e0 HEAD - master, tag: v9.0.1414, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S POCvimstrrchr -c :qa!...

7.4AI score
Exploits0References1
Huntr
Huntr
added 2023/03/05 1:52 p.m.7 views

SQL Injection

Description In '/core/ajax/ajaxselect2.phpL989' php "istrash = 0 and datebatchexpirydate = curdate and batchnumber LIKE '". $search ."%'" $search from: php $search = isset$GET'q' ? $GET'q' : ""; no sanitize. Poc http GET /info/?module=select2&page=batchList&q=1'union/%23&pid=1/select+111,222%23...

7.1AI score
Exploits0
Huntr
Huntr
added 2023/02/16 8:42 p.m.8 views

stored xss

Description stored xss bug SUMMURY here i uses demo installation https://demo.limesurvey.org/ in firefox browser Proof of Concept login into any user account who has permission to view the survey and visit url...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/02/16 8:14 p.m.7 views

reflected xss

Description reflected xss SUMMURY here i uses demo instalation https://demo.limesurvey.org/ in firefox browser Proof of Concept login into user account and visit...

0.7AI score
Exploits0
Huntr
Huntr
added 2023/02/07 4:51 p.m.7 views

XSS in user supplied title

Issue The useHead function does not sanitize tags inserted in each property, including the title property. Context The useHead repository is a wrapper around vueuse/head which wraps unjs/unhead which wraps harlan-zw/zhead. The possibility of XSS is not described as being a vulnerability in the ro...

6.1AI score
Exploits0
Huntr
Huntr
added 2023/02/01 5:37 a.m.7 views

Xss in compose mail functionaility

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept - Step1: login as normal user. - step2: click on webmail and click on compose. - step3: now enter "...

Exploits0
Huntr
Huntr
added 2022/12/18 9:35 p.m.7 views

Stored XSS in Week View Plugin

Description Stored cross-site scripting vulnerabilities arise when user input is stored and later embedded into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of an...

6.3AI score
Exploits0References1
Huntr
Huntr
added 2022/12/02 4:50 p.m.7 views

Weak Password Implimentation

Description: We can change the password with just 1 character when we use change password function. Proof of Concept When you change password, just press any character and then submit. You will see "Your password has been changed"...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2022/11/07 1:26 a.m.7 views

XSS in dp.la

Description dpla-frontend which is a frontend application of dp.la is vulnerable to XSS. Proof of Concept...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/10/26 2:1 p.m.7 views

Path Traversal – Reading Certain File Extensions

BigBlueButton 2.5.6 is vulnerable to a path traversal vulnerability, that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions txt, swf, svg, png. PoC: 1- Submit a request to...

7AI score
Exploits0
Huntr
Huntr
added 2022/09/04 1:11 a.m.7 views

Incorrect API design lead to Site wide CSRF

Description By design, the api body only accepts is json values. But we can send with non-json values, beside, api accept auth from accessToken in Cookie. All of that leads to many other consequences, typically csrf. Example: CSRF - promote normal user to admin Origin Body id:...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/08/22 1:41 p.m.7 views

Reflected XSS via "idlist" parameter

Description The value for the idlist parameter is reflected in the web context without proper filtering in place resulting in possibility to execute malicious javascript code. Testing Environment 1. Windows OS 2. Firefox Browser Proof of Concept 1. Visit...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/08/09 11:54 a.m.7 views

UI Redressing

Description Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills...

1AI score
Exploits0References3
Huntr
Huntr
added 2022/07/26 1:49 a.m.7 views

Cross-Site Request Forgery (CSRF)

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept PoC.html history.pushState'', '', '/' document.forms0.submit;...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/06/30 4:22 p.m.7 views

Open Redirect

📝 Description The redirect get variable in login page isn't properly checked. Currently, it check if url.scheme and url.netloc are empty using urllib. py parsed = urlparseredirecturl check if redirect url is valid if parsed.scheme != "" or parsed.netloc != "": logger.warning f"Got an invalid...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/06/15 9:6 a.m.7 views

curl_auth not cleared on downgrade

Description Guzzle recently fixed a vulnerability related to "Authorization" handling on downgrade here - https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q. However, there also exists another code path, for which Guzzle uses a Authorization header located when it uses diges...

7.2AI score
Exploits0
Huntr
Huntr
added 2022/06/13 4:29 a.m.7 views

Stored XSS in Customer Company Description

Description The application inventree is vulnerable to Stored XSS in customer company description field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/19l7W3MMeTdhQzroutdDBBIdIVLGhQtw1/view?usp=sharing...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/06/08 3:30 a.m.7 views

Generation of Error Message Containing Sensitive Information

Description The software generates an error message that includes sensitive information about its environment, users, or associated data. Proof of Concept When logging in, the login page will tell you whether or not a username exists which is a vulnerability since it can be paired with the lack o...

0.4AI score
Exploits0References2
Huntr
Huntr
added 2022/05/24 11:0 a.m.7 views

User Account Deletion and more via Clickjacking

Description As nakama console is not restricted from being loaded in an iframe, clickjacking attack is possible. Proof of Concept 1. Login to nakama console. 2. Save the following as an .html file and open it in the browser to see that the page loads into an iframe. html :"...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/05/20 2:27 p.m.7 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept Go to this URL:...

0.7AI score
Exploits0References2
Huntr
Huntr
added 2022/05/16 3:45 a.m.7 views

Regex check failed leads to CORS bypass

Description ProxyServlet will call getCorsDomain to get value and set it to Access-Control-Allow-Origin. This check only allow accept sharing with .draw.io, .diagrams.net and .quipelements.com. However, I found that regex to match must not start with ^ leads to bypass. Proof of Concept Step 1: Ca...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/05/15 7:16 a.m.7 views

Cross-Site Request Forgery (CSRF)

Summary: Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. ... If the victim is an administrative account, CSRF can compromise the entire web application. Steps To Reproduce: 1.Create a...

2AI score
Exploits0References3
Huntr
Huntr
added 2022/05/04 5:59 a.m.7 views

Denial of service

Affected commit 49b8cef31f01c0d88d874e17714dff1fa5b85df0 Proof of Concept ruby= raise SystemStackError.new BasicObject.new Expected: Raise exception without abort the software Case output: bash= root:/mruby/mruby/bin ./mruby poc.rb poc.rb:1: can't convert BasicObject into String TypeError Aborted...

3.1AI score
Exploits0
Huntr
Huntr
added 2022/04/29 9:19 a.m.7 views

Exposure of Sensitive Information to an Unauthorized Actor

Description Attacker can be able to download file from system. Proof of Concept 1.Login as student - Go to GRADES - Assignments - Submit a file to a random assignment - save. 2.Attacker with or without account can be able to download through this URL...

6.9AI score
Exploits0
Huntr
Huntr
added 2022/04/28 2:54 p.m.7 views

Cross-site scripting - Stored via upload ".msg" file

Description When user upload file with .msg extension in white-list, but when access this file, server not reponse with Content-type header, so this file can execute javascript code as Content-type: text/html Proof of Concept POST /microweber/plupload HTTP/1.1 Host: localhost User-Agent:...

7.5AI score
Exploits0References1
Huntr
Huntr
added 2022/04/25 6:3 a.m.7 views

HTML Injection in Subscan view

Description HTML code is executed in the Subscan feature Proof of Concept 1. Add a scan engine: HTMLInjection 2. Go to "subdomains" for a target and add a Subscan using the scan engine. 3. Initiate a Subscan 4. View the subscan...

1AI score
Exploits0
Huntr
Huntr
added 2022/04/02 5:27 p.m.7 views

unprivileged user can see user details like email,role etc

Description view-only user can see user details like email,role etc.\ I see there is different type user role in nakama. Based on role user have some limit .But this bug is a privilege escalation bug Proof of Concept 1. From super admin account add a new user called user-B with view-only...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/03/31 7:16 a.m.7 views

Article comment storage XSS

Description The code does not filter the input content, resulting in the insertion of: " The administrator views the comment list in the background and triggers XSS, which can be used to obtain the administrator cookie Proof of Concept POST /comment/index HTTP/1.1 Host: demo.jizhicms.cn User-Agen...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2022/03/09 11:22 a.m.7 views

Open Redirect

Description parse-url parses the url as https://google.com::/test, and if two or more colons are inserted in the port part, the port is parsed as one hostname. txt - node - url.parse ❯ node -e 'console.logrequire"url".parse"https://google.com::/test"' Url protocol: 'https:', slashes: true, auth:...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/02/14 9:55 a.m.7 views

Improper Access Control in alanaktion/phproject

Description The application has a vulnerability that allows anonymous users to download files on the server. In addition, when authenticated user deletes a file in an issue, the file is only unlinked, not completely deleted on the server. That results in anonymous users being able to download the...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/01/27 4:28 a.m.7 views

in delgan/loguru

Description Loguru is vulnerable to log injection on all logging methods as it is possible to inject newlines "\n" which will create a new log entry in the logfile. This can lead to attackers tampering with logs and a loss of integrity of the log files as a result Proof of Concept from loguru...

2AI score0.01268EPSS
Exploits1References2
Huntr
Huntr
added 2022/01/25 8:37 a.m.7 views

Cross-site Scripting (XSS) - Stored in pimcore/data-hub

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you change the value of Group at "Datahub" in the pimcore service. Proof of Concept XSS POC : " txt 1. Open the...

Exploits0
Huntr
Huntr
added 2022/01/22 11:45 a.m.7 views

Cross-site Scripting (XSS) - Reflected in gibbonedu/core

Description There's a reflected xss in the tab parameter in both the student dashboard and the staff dashboard Proof of Concept Visit http://localhost/gibon/index.php?tab=asd%3C/script%3E%3Csvg/onload=alert1%3E Impact This vulnerability is result to xss which then can be used to achieve more thin...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/01/16 5:46 a.m.7 views

in jesusfreke/smali

Description The loadResourceIds function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

1AI score
Exploits0
Huntr
Huntr
added 2022/01/14 4:35 a.m.7 views

Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq

Description When creating a link using the editor function, the Stored XSS vulnerability occurs because a javascript scheme can be used. Proof of Concept txt 1. Go to campaigns - Mailing Campaigns - Editor 2. Enter the URL: javascript:alertdocument.domain 3. After, Click the URL Video :...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/12/20 11:48 p.m.7 views

in michaelrsweet/htmldoc

Description In gifreadimage, in image.cxx, gifreadlzw might return a value greater than 255, which results in an out of bounds read, leading to denial of service. c typedef uchar gifcmapt2563; / ... / static int / I - 0 = success, -1 = failure / gifreadimageFILE fp, / I - Input file / imaget img,...

6.8AI score
Exploits0
Huntr
Huntr
added 2021/12/12 7:40 p.m.7 views

Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' Impact This vulnerability is capable of forging users to unintentional logout. More Detail One way GET could be abused here is that a person competito...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/12/06 9:10 p.m.7 views

Cross-Site Request Forgery (CSRF) in yeswiki/yeswiki

Description Hey all, so i found that YesWiki doesn't implement any sort of anti-csrf mechanism, i found that the change email function is vulnerable to CSRF attacks which leads to Account Takeover. Proof of Concept Exploitation Scenario: - An attacker sends the above PoC to the victim. - rather...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/11/29 12:50 p.m.7 views

Open Redirect in ikus060/rdiffweb

Description ikus060/rdiffweb is vulnerable to open redirect at login page. Proof of Concept https://rdiffweb-demo.ikus-soft.com/login/?redirect=https://attacker.com after login to the above url it redirect to attacker .com Impact This vulnerability is capable of redirecting to malicious website...

1AI score
Exploits0
Huntr
Huntr
added 2021/11/23 11:17 a.m.7 views

Cross-Site Request Forgery (CSRF) in kunstmaan/kunstmaanbundlescms

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/11/19 8:54 a.m.7 views

Open Redirect in collectiveaccess/providence

Description I find a way to bypass the Open Redirect at the login page with the "redirect" parameter. Vulnerable parameter redirect Payload https://[email protected] Proof of Concept Send users the following login link...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/10/29 10:28 a.m.7 views

Path Traversal in rhizome-conifer/conifer

Description misconfigurations of nginx lead to a path traversal vulnerability. Proof of Concept An attacker can access files like this: https://conifer.rhizome.org/static/app../admin.py https://conifer.rhizome.org/static/app../config/wr.yaml Impact An attacker can access files on the web server t...

2AI score
Exploits0
Huntr
Huntr
added 2021/10/26 1:50 p.m.7 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

Description There is a CSRF on Delete Cart Item in users side. I get this error "Item not removed from cart" message but the item already will be deleted.message isn't correct and the delete action will be done Proof of Concept // PoC.html history.pushState'', '', '/' after that you click on subm...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/10/21 5:11 p.m.7 views

SQL Injection in forkcms/forkcms

Description When an authenticated user exports translations, the user calls an URL like this: http://forkcms.site/private/de/locale/export?token=5z0ao1nk4p&type%5B0%5D=lbl&language%5B0%5D=de The parameter type0 and language0 are both vulnerable for SQL injection. Proof of Concept PoC for paramete...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/10/18 4:45 p.m.7 views

Inefficient Regular Expression Complexity in cfinke/typo.js

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in typo-js. It allows causing a denial of service when calling function removeAffixComments. Proof of Concept // PoC.js var Typo = require"typo-js" var emptydict = new Typo; forvar i = 1; i = 50000; i++...

2.9AI score
Exploits0
Huntr
Huntr
added 2021/10/18 11:25 a.m.7 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description There is one more low level CSRF : make on/off a task of workflow history.pushState'', '', '/' document.forms0.submit;...

2.7AI score
Exploits0
Huntr
Huntr
added 2021/10/18 5:18 a.m.7 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in tsolucio/corebos

Description Session cookie is not marked with 'Secure' Proof of Concept Login to demo page http://demo.corebos.com/index.php?action=index&module=Home Open Firefox developer option - storage - check secure option...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/10/17 10:25 a.m.7 views

Session Fixation in microweber/microweber

Description If a usernot admin already logged in the system and then admin inactivated the user, user remain active until he/she logged into the system...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/10/17 7:20 a.m.7 views

in mruby/mruby

Description SEGV on mrbarypush Proof of Concept 1.times 0 0,o:0 = and 0 Result /asan/mruby/bin/mruby crash.rb AddressSanitizer:DEADLYSIGNAL ================================================================= ==68494==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000011 pc 0x560ae5baa377 ...

2.2AI score
Exploits0
Huntr
Huntr
added 2021/10/16 3:16 p.m.7 views

in mruby/mruby

Description Please enter a description of the vulnerability. Proof of Concept super super Result /asan/mruby/bin/mruby /crash.rb AddressSanitizer:DEADLYSIGNAL ================================================================= ==18265==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030...

1.6AI score
Exploits0
Total number of security vulnerabilities4072