Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/10/16 3:16 p.m.7 views

in mruby/mruby

Description Please enter a description of the vulnerability. Proof of Concept super super Result /asan/mruby/bin/mruby /crash.rb AddressSanitizer:DEADLYSIGNAL ================================================================= ==18265==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/10/15 4:36 a.m.7 views

Sensitive Cookie Without 'HttpOnly' Flag in craigk5n/webcalendar

✍️ Description HTTPOnly attribute is not set for session cookies in the application 💥 Impact When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session cookies that can make it easier to...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/10/13 6:38 a.m.7 views

Cross-Site Request Forgery (CSRF) in jspark311/buriedunderthenoisefloor

Description Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...

0.1AI score
Exploits0References2
Huntr
Huntr
added 2021/10/11 8:28 p.m.7 views

Cross-site Scripting (XSS) - Stored in siwapp/siwapp

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content. Proof ...

5AI score
Exploits0References1
Huntr
Huntr
added 2021/10/11 2:30 p.m.7 views

in bytebase/bytebase

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes Impact it is...

1.5AI score
Exploits0References1
Huntr
Huntr
added 2021/10/11 2:26 p.m.7 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in bytebase/bytebase

Description Session cookie is not marked with 'Secure' Proof of Concept Login to demo page https://demo.bytebase.com/ Open Firefox developer option - storage - check secure option Below link shows POC https://i.ibb.co/DLG1pyt/Screenshot-48.png...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/10/09 7:34 a.m.7 views

in fisharebest/webtrees

Description The program allows to upload files with dangerous file types in the media upload section, leading to XSS and other exploits like shell uploads, HTML injection leading to Social Engineering attacks, etc ..., I have demonstrated HTML file upload leading to XSS here. Proof of Concept mov...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/10/07 8:43 p.m.7 views

in atmosphere/atmosphere

Description The atmosphere is vulnerable to SSRF Server Side Request Forgery via XML External Entity XXE. An attacker that is able to provide a crafted XML file as input to the WebDotXmlReader constructor in the "WebDotXmlReader.java" file may allow an attacker to execute XML External Entities XX...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/10/06 7:21 p.m.7 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in kevinpapst/kimai2

Description Session cookie dancer.session is not marked with 'Secure' Proof of Concept Login to demo page https://demo-stable.kimai.org/en/dashboard/, Open Firefox developer option - storage - check secure option...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/10/04 1:1 p.m.7 views

in snipe/snipe-it

Description Sensitive data on the application can be exposed after the user logout Proof of Concept 1 Login to the application https://demo.snipeitapp.com/ 2 Goto page like My Account , or Any other page 3 Click logout 4 Click browser back button Impact When a user logs out without closing the...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2021/09/30 11:2 a.m.7 views

in opensourcepos/opensourcepos

Description The use == and != of might cause type juggling at the affected code if $row-hashversion == 1. Proof of Concept If the md5 sum of users password starts with 0e, then any input with md5 sum starting with 0e will result in true at statement $row-password == md5$password Impact This...

2AI score
Exploits0References1
Huntr
Huntr
added 2021/09/30 6:51 a.m.7 views

in youzan/vant

✍️ Description The @vant/cli package is vulnerable to Regular Expression Denial of Service ReDoS. An attacker that is able to provide a crafted string as the input to the decamelize function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/09/27 1:46 a.m.7 views

Cross-site Scripting (XSS) - Stored in jonschoning/espial

Description Stored XSS in url link Proof of Concept // PoC reqest POST /api/add HTTP/2 Host: esp.ae8.org Cookie:...

5.9AI score
Exploits0
Huntr
Huntr
added 2021/09/26 9:25 p.m.7 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in jonschoning/espial

Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2021/09/26 9:12 p.m.7 views

in jonschoning/espial

Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. PoC https://i.ibb.co/QFTZD9j/clickjack.png Impact According to PortSwigger references, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable ...

0.9AI score
Exploits0References1
Huntr
Huntr
added 2021/09/25 2:58 p.m.7 views

in kcal-app/kcal

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes...

1AI score
Exploits0References1
Huntr
Huntr
added 2021/09/24 3:54 p.m.7 views

Inefficient Regular Expression Complexity in crankyoldgit/irremoteesp8266

✍️ Description The IRremoteESP8266 package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the extractsupports function in the file scrapesupporteddevices.py may cause an application to consume an excessive amount of CPU. Below...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/09/23 2:24 p.m.7 views

Cross-site Scripting (XSS) - Reflected in forkcms/forkcms

Description Reflected XSS in form Search Proof of Concept // PoC.request POST /frontend/ajax HTTP/1.1 Host: demo.fork-cms.com Cookie: frontendlanguage=en; PHPSESSID=megjfhiirsim3v6klp91i7qjat User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/09/21 2:44 p.m.7 views

Inefficient Regular Expression Complexity in tapjs/tap-mocha-reporter

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in tap-mocha-reporter. The ReDoS vulnerability is mainly due to the regex /^\s+|\s+$|/g and can be exploited with the following code. Proof of Concept // PoC.js var tapMochaReporter =...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/09/14 2:34 p.m.7 views

Cross-site Scripting (XSS) - Stored in mineweb/minewebcms

Description A malicious actor is able to add a malicious payload as a new Page Title, and after every time any administrative user visits the /admin/pages route, the XSS payload is executed. Proof of Concept 1;Create a new Page at the following route: /admin/pages/add. Use the following payload a...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/09/12 9:45 a.m.7 views

Inefficient Regular Expression Complexity in yiminghe/async-validator

✍️ Description It allows cause a denial of service when validating crafted invalid URLs. 🕵️‍♂️ Proof of Concept // PoC.js var asyncValidator = require"async-validator" const validator = new asyncValidator.default v: type: 'url', , forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr =...

2.4AI score
Exploits0
Huntr
Huntr
added 2021/09/11 7:37 a.m.7 views

Inefficient Regular Expression Complexity in jaywcjlove/colors-cli

✍️ Description The colors-cli package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the ansi-regex functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS i...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/09/09 7:48 a.m.7 views

Cross-site Scripting (XSS) - Reflected in podcastgenerator/podcastgenerator

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.2AI score
Exploits0References1
Huntr
Huntr
added 2021/09/07 2:12 a.m.7 views

Cross-site Scripting (XSS) - Reflected in kasuganosoras/pigeon

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.2AI score
Exploits0References1
Huntr
Huntr
added 2021/09/04 9:29 a.m.7 views

Improper Authorization in imran300/inventory

✍️ Description A designer user can delete any other users IDOR. 🕵️‍♂️ Proof of Concept go to this url when logging in as a Designer. localhost/inventory/users/deleteusers/10 and then you can see that a user with id 10 will be deleted. 💥 Impact This vulnerability is capable of delete any user...

2.2AI score
Exploits0
Huntr
Huntr
added 2021/08/31 10:50 p.m.7 views

Session Fixation in slackero/phpwcms

✍️ Description A malicious actor with access to the computer is able to reveal the loaded site's actual PHPSESSID value. Since upon login, this value does not change, the attacker can gain access via session hijacking, when the target logs in on the compromised computer. 🕵️‍♂️ Proof of Concept -...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/08/26 2:40 p.m.7 views

Open Redirect in openwhyd/openwhyd

✍️ Description There is an open redirect in the following URL: https://openwhyd.org/consent?redirect=https://mdakh404.github.io after the user agrees on the site policy, it will be redirected to my blog ! it's an open redirect. 🕵️‍♂️ Proof of Concept 1- Open the link:...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2021/08/24 10:0 p.m.7 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

✍️ Description csrf bug to stick a topic 🕵️‍♂️ Proof of Concept Bellow url is vulnerable to csrf attack to stick a topic . http://localhost/nameless/index.php?route=/forum/stick/&tid=1 💥 Impact csrf bug to stick a topic...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/08/24 2:15 p.m.7 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description Attacker is able to rename any file on the server if logged in user visits attacker website. 🕵️‍♂️ Proof of Concept Create a test.txt file under /home/user when you logged in open this POC.html in a browser you can check test.txt renames to test.php. //PoC.html history.pushState'',...

1.2AI score
Exploits0References1
Huntr
Huntr
added 2021/08/24 2:5 p.m.7 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description The download/web-log endpoint does not have CSRF Protection. This could be used to force download access log and potentially sensitive information leakage. 🕵️‍♂️ Proof of Concept Login to user account. Create the following POC.html file and open the page in browser. To verify that...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2021/08/23 11:38 a.m.7 views

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

5.2AI score
Exploits0References2
Huntr
Huntr
added 2021/08/23 8:10 a.m.7 views

Cross-site Scripting (XSS) - Reflected in erikdubbelboer/phpredisadmin

✍️ Description The application is vulnerable to XFS attack. 🕵️‍♂️ Proof of Concept Navigate to https://domain.tld/phpRedisAdmin/?https://www.eia.gov/state/maps The page https://www.eia.gov/state/maps.php will be loaded in an iframe on the page. 💥 Impact Cross-Frame Scripting XFS is an attack that...

0.8AI score
Exploits0References1
Huntr
Huntr
added 2021/08/20 3:26 p.m.7 views

in cortezaproject/corteza-server

✍️ Description Hi team i found an Unrestricted File Upload on https://latest.cortezaproject.org/ which let me upload anything. File Extensions Such as .html , .svg and others should not be executed on the server side. 🕵️‍♂️ Proof of Concept Step to Reproduce 1- Go to the Employees tab and choose an...

5.9AI score
Exploits0
Huntr
Huntr
added 2021/08/17 8:19 p.m.7 views

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any album of a user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

1AI score
Exploits0
Huntr
Huntr
added 2021/08/17 2:24 p.m.7 views

Cross-Site Request Forgery (CSRF) in aces/loris

✍️ Description Attacker able to Create a New Candidate Profile with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/08/13 8:39 a.m.7 views

Cross-site Scripting (XSS) - Stored in poowf/invoiceneko

✍️ Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content...

5AI score
Exploits0References1
Huntr
Huntr
added 2021/08/12 3:28 p.m.7 views

Cross-site Scripting (XSS) - Stored in circuitverse/circuitverse

✍️ Description CircuitVerse is a free, open-source platform which allows users to construct digital logic circuits online this app is vulnerable for XSS thru creating projects 🕵️‍♂️ Proof of Concept 💥 Impact This vulnerability is capable Steeling cookies of users 📍 Location projectscontroller.rbL5...

2.5AI score
Exploits0
Huntr
Huntr
added 2021/08/04 3:54 p.m.7 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

✍️ Description Attacker is able to change a user profile state to visible if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check your profile state changed to visible history.pushState'', '', '/'...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/08/04 6:52 a.m.7 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

✍️ Description CSRF bug in applicant 🕵️‍♂️ Proof of Concept Bellow request is vulnerable to csrf attack .\ Although there is csrf token in request but it does not checked in server-side . Any attacker provided csrf token is accepted here. POST /online-rental/app/applicantsandtenantsview.php...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/08/01 3:4 p.m.7 views

Open Redirect in erudika/scoold

✍️ Description Open redirect bypass 🕵️‍♂️ Proof of Concept i see you resently fixed open-redirect . But it can be bypassed .\ 1. First login into your account and visit https://live.scoold.com/signin?returnto=https://[email protected]/xx and see you just redirected to different site 💥...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/07/30 2:11 p.m.7 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

✍️ Description Attacker able to batch delete any Website pages if knows the pages id parameter value. 🕵️‍♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the files with id from 9 to 15 have been deleted...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/07/25 8:43 a.m.7 views

Cross-Site Request Forgery (CSRF) in pimcore/pimcore

✍️ Description Your application have not any CSRF protection and also You set the SameSite attribute to Lax, this means if you want to alter some data with GET HTTP requests, then your site should be vulnerable to CSRF attacks with no doubt. First you run this Html payload and then you should see...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/07/24 8:57 a.m.7 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/07/23 11:53 a.m.7 views

in kestasjk/webdiplomacy

✍️ Description Bypass rate limit and sent unlimited email to any email address. 💥 Impact Attacker can sent unlimited email to any mail address . Many email service provider has limited email sending like 10000 email per month . If you exeed that limit then you will be extra charged . So, using thi...

7.2AI score
Exploits0
Huntr
Huntr
added 2021/07/18 4:22 p.m.8 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker can add or delete any permission for any user with CSRF vulnerability when the Admin or SuperAdmin or an authorized user click on PoC.html file, it is enough to attacker know the permission id on server that start from 1. There is no CSRF token in this situation and the CSR...

3.1AI score
Exploits0
Huntr
Huntr
added 2021/07/16 10:59 p.m.7 views

Business Logic Errors in seriawei/zkeacms

✍️ Description ZKEACMS is vulnerable to Business Logic error through negative product amount. 🕵️‍♂️ Proof of Concept PoC file content: HTML setTimeout = form.submit , 2000; 1. Save the above content into an HTML file. 2. Open it on the browser. Check the shopping cart negative value. PoC video. 💥...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/07/10 5:34 p.m.7 views

in erudika/scoold

Reuse of cookies: The cookies are not expiring after sign out. Once the user signs out of his account, the cookies needs to be expired and should not be any use of reuse. But in this case, an attacker can grab the cookies and use them to log them into a user's account POC: 1Go to...

1AI score
Exploits0
Huntr
Huntr
added 2021/07/09 3:4 p.m.7 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

✍️ Description pimcore is a Open Source Data & Experience Management Platform PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce this package is vulnerable for Stored XSS thru gender tag 🕵️‍♂️ Proof of Concept 💥 Impact This vulnerability is capable of stored xss 📍 Location Gender.phpL21...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/07/05 5:39 p.m.7 views

Cross-site Scripting (XSS) - Stored in sylius/sylius

✍️ Description Open Source eCommerce Platform on Symfony this package vulnerable for stored xss thru svg files 🕵️‍♂️ Proof of Concept https://i.imgur.com/UNqIg8l.mp4 💥 Impact This vulnerability is capable of XSS...

0.2AI score0.00239EPSS
Exploits0
Huntr
Huntr
added 2021/07/05 6:23 a.m.7 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description I found a stored XSS in your project which is lead by adding Units description. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a Unit. 2. Enter " in the description. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...

1.2AI score
Exploits0
Total number of security vulnerabilities4072