Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/07/03 9:25 a.m.7 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss via employmentandincomehistoryview 🕵️‍♂️ Proof of Concept plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1wmBmdvdHTLORNc9det4HYj1Dtfd97Y/view?usp=sharing...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/07/03 3:47 a.m.7 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss in pageTransferOwnership.php where sourceMemberID parameter leads to xss which gets stored in pageViewRecords.php 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Go to admin account 2. Visit URL /app/admin/pageTransferOwnership.php?sourceGroupID=2&sourceMemberID="alert1 💥...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/07/03 2:33 a.m.7 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description There is a stored xss in member profile in the full name 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the Full Name field. 4. Update the profile and You will see an alert. 💥 Impact Stored XSS...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/06/30 8:58 a.m.7 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS in the online invoicing system which could be exploited by any user who has permission to add the invoice. when a comment is added during the creation of invoices by any user then due to improper sanitization XSS payload gets triggered. 🕵️‍♂️ Proof of Concept...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/06/27 3:42 a.m.7 views

Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Unsanitized user input leads to command injection. 🕵️‍♂️ Proof of Concept // PoC whatweb CI https://drive.google.com/file/d/1mrYiu7oTaAm2qjLDKz23VMUkiujafTh/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/06/25 10:53 a.m.7 views

in hascheksolutions/opentrashmail

✍️ Description Attackers can control the filesystem path argument to readfile at api.php line 35 for ?email= parameter, which allows them to access or modify otherwise protected files. Analysis Trace: 1. application take unsensitized input at: $email = strtolower$REQUEST'email'; 2. Assigning user...

2.5AI score
Exploits0References1
Huntr
Huntr
added 2021/06/23 7:41 a.m.7 views

Heap-based Buffer Overflow in rup0rt/pcapfix

Description A heap over flow was found in pcapfix in function fixpcapng in pcapng.c at line 1571 Test version : 1.1.6 2fe168e Test env: gcc 9.3.0 ubuntu 20.04 x86-64 Proof of Concept CFLAGS="-fsanitize=address" make ./pcapfix poc poc is attatched in reference link c ==618350==ERROR:...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2021/06/20 5:16 p.m.7 views

Server-Side Request Forgery (SSRF) in kalcaddle/kodexplorer

✍️ Description SSRF via SVG due to improper processing of SVG files. 🕵️‍♂️ Proof of Concept Payload: https://drive.google.com/file/d/1q-GHJ01p8Ssok1GWN-QxSznBy1JGvY8x/view?usp=sharing Download and upload it on the server and run the server on port 8000 and then view the file. 💥 Impact This...

1AI score
Exploits0
Huntr
Huntr
added 2021/06/20 9:50 a.m.7 views

None in babybuddy/babybuddy

✍️ Description Improper restriction at login portal which lets an attacker brute force user's accounts. 🕵️‍♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1udzAGroSqDbEqPRYlUzv7bHgHq7oMNuk/view?usp=sharing You will get 200 for incorrect as it opens the same page for login and 302...

1AI score
Exploits0
Huntr
Huntr
added 2021/06/08 4:24 p.m.7 views

in kestasjk/webdiplomacy

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The file https://github.com/kestasjk/webDiplomacy/blob/07de41f21192b0b611af343bc0d880c1de78d194/header.php does not set the response header X-Frame-Options: DENY. This issue can be found from...

0.9AI score
Exploits0References2
Huntr
Huntr
added 2021/06/02 5:36 p.m.7 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Reflected XSS in shutdownRemoteFPP.php when a user asked to provide an IP in URL, resulting in XSS 🕵️‍♂️ Proof of Concept https://drive.google.com/file/d/1RXF4AO1j7OFfr7RhU1ZM0yPftd0qsxHt/view?usp=sharing payload: alert111 💥 Impact This vulnerability is capable of Reflected XSS...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/05/31 12:36 p.m.7 views

Cross-site Scripting (XSS) - Stored in typecho/typecho

💥 BUG Stored xss against higher level user 💥 IMPACT I see there is no xss protection in post writing ,allow to execute javascript command .\ There is many type of role like admin,contributor etc .\ So, here contributor user can write a post with xss payload and when admin open this post then xss ...

Exploits0
Huntr
Huntr
added 2021/05/30 5:12 p.m.7 views

Classic Buffer Overflow in falconchristmas/fpp

✍️ Description Hi, There are multiple .bss buffer overflows in https://github.com/FalconChristmas/fpp/blob/f4a1621c8be15a41305269830b700a2b5443aa0f/src/fpp.cL64 : c char command8192; char response256; // int main int argc, char argv memsetcommand, 0, sizeofcommand; SetupDomainSocket; ifargc1 //...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/05/29 8:43 p.m.7 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Hi, In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/virtualdisplay.phpL14 you create a variable canvasWidth that will be used and reflected multiple times without sanitizing user input : php Later in the script : another PHP file will be...

Exploits0
Huntr
Huntr
added 2021/05/29 3:23 a.m.7 views

Heap-based Buffer Overflow in mcfriend99/bird

✍️ Description Heap-based Write Violation. Certain input programs can result in write access violations by the syntax checker component of the interpreter. One such program writes 23 bytes onto the heap outside of bounds and may result in arbitrary code execution and memory leaks. 🕵️‍♂️ Proof of...

Exploits0
Huntr
Huntr
added 2021/05/22 6:10 p.m.7 views

Improper Privilege Management in dolibarr/dolibarr

💥 BUG unprivileged user can download file of a agenda 💥 IMPACT user dont have access to specific agenda but still can download file uploaded to this agenda . 💥 TESTED VERSION dolibarr 14.0.0-beta 💥 STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/05/21 10:58 p.m.7 views

Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr

✍️ Description dolibarr is vulnerable to XSS. It is possible to upload SVG files containing JavaScript code. 🕵️‍♂️ Proof of Concept SVG file content: html alertdocument.domain; 1. With an authenticated user, access http://localhost/societe/card.php?action=create&leftmenu=. 2. Write any content in...

Exploits0
Huntr
Huntr
added 2021/05/21 9:15 p.m.7 views

Heap-based Buffer Overflow in croatiacontrolltd/asterix

✍️ Description Whilst experimenting with asterix, built from commit f44cfea, compiled with Clang 10 + ASan on Ubuntu 20.04.2 LTS, we are able to induce a heap-buffer-overflow in DataItemBits::getBits asterix/src/asterix/DataItemBits.cpp:125. Since there is no bounds checking, when the software...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2021/05/20 9:53 p.m.7 views

in koel/koel

✍️ Description Koel is lacking any form of rate limiting in the login form, thus allowing an attacker to brute force their way in. 🕵️‍♂️ Proof of Concept - Spin up an instance of Koel. - Open up burpsuite and capture a login request, send it to intruder, set your options and run. - 401 is shown...

2.2AI score
Exploits0
Huntr
Huntr
added 2021/05/17 7:59 p.m.7 views

Cross-site Scripting (XSS) - Stored in knadh/listmonk

✍️ Description Hello, I found stored xss on Logs while creating new campaign works with other stuff not only campaign 🕵️‍♂️ Proof of Concept https://drive.google.com/file/d/1Y5CMQdfzzdWwcCsQ8y85GgWPOilJVOgo/view?usp=sharing sorry for bad quality Payload: asdf" 💥 Impact xss...

Exploits0References2
Huntr
Huntr
added 2021/05/12 1:56 p.m.7 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description FalconChristmas/fpp suffer from a XSS vulnerability. In https://github.com/FalconChristmas/fpp/blob/master/www/playlists.phpL15 we see : php var initialPlaylist = ""; XSS is possible because the playlist variable isn't sanitized before reflection in the webpage. 🕵️‍♂️ Proof of...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/05/06 12:25 a.m.7 views

Cross-site Scripting (XSS) - Reflected in coppermine-gallery/cpg1.6.x

✍️ Description Coppermine is vulnerable to XSS attacks on /plugins/uploadh5a/help.php because it doesnt sanitize user supplied parameters as shown below. Vulnerable variable: t Method: GET The $styles variable is constructed using the user supplied data, and then is echo in the response. $styles =...

0.6AI score
Exploits0References2
Huntr
Huntr
added 2021/03/26 11:46 a.m.7 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtererclient" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/01/10 12:0 a.m.7 views

Prototype Pollution in indlekofer/object_set

Description Prototype Pollution in @indlekofer/objectset Proof of Concept 1. Create the following PoC file: // poc.js var objectSet = require"@indlekofer/objectset" var obj = console.log"Before : " + .polluted; objectSet.defaultobj,"proto","polluted","Yes! Its Polluted"; console.log"After : " +...

2AI score
Exploits0
Huntr
Huntr
added 2021/01/07 12:0 a.m.7 views

Code Injection in facebookresearch/parlai

Description ParlAI pronounced “par-lay” is a python framework for sharing, training and testing dialogue models, from open-domain chitchat to VQA Visual Question Answering. Vulnerability description Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Run exploit.p...

2.1AI score
Exploits0References1
Huntr
Huntr
added 2026/03/19 7:12 a.m.6 views

Unauthenticated remote shutdown in nltk.app.wordnet_app

This report is not public...

7.5CVSS7.3AI score0.00325EPSS
Exploits0
Huntr
Huntr
added 2026/03/05 1:20 p.m.6 views

NLTK Data Module - Arbitrary File Read via Dead Security Check

This report is not public...

5.3AI score
Exploits0
Huntr
Huntr
added 2026/02/11 9:16 a.m.6 views

Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution

Description Analyzed project version: MLflow 3.9.0 /version, commit 6e61043b0ff5d845bea479d7e7ea24dcd4b2c629. In MLflow 3.9.0, a new feature called MLflow Assistant was introduced, intended only for local development and designed to integrate with Claude Code accepting requests only from loopback...

9.6CVSS7.9AI score0.00371EPSS
Exploits1
Huntr
Huntr
added 2026/01/12 2:22 a.m.6 views

XSS in Chat Message Leads to Account Tackover

Description The vulnerability resides in the data persistence layer of the application. The fromdict method in the AppLollmsMessage class acts as a "sink" for raw data. It retrieves the content value from an input dictionary and assigns it directly to the object without any form of sanitization o...

8.2CVSS6AI score0.00258EPSS
Exploits1
Huntr
Huntr
added 2026/01/10 6:22 a.m.6 views

Stored XSS in Home Feed via Post Content Lead to Account Takeover

Description A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of the application. The backend fails to sanitize user-provided content in the post creation endpoint. This allows an attacker to inject and store malicious JavaScript, which is then executed in the...

9.6CVSS7.5AI score0.00405EPSS
Exploits1
Huntr
Huntr
added 2026/01/07 6:18 a.m.6 views

Improper Access Control via Weak JWT Token Leads to Admin Takeover and Privilege Escalation

Description The application's session management is vulnerable to Authorization Bypass and Vertical Privilege Escalation. During dynamic analysis of the application's authentication flow, I discovered that the JSON Web Tokens JWT are signed with a weak secret key. This allowed me to perform an...

9.8CVSS5.9AI score0.0054EPSS
Exploits1
Huntr
Huntr
added 2026/01/06 2:55 p.m.6 views

TFSMLayer bypasses `safe_mode=True`, allowing attacker-controlled code execution during model inference

Summary TFSMLayer allows loading attacker-controlled TensorFlow SavedModels when deserializing a .keras model, even when safemode=True the default. While TensorFlow does not execute SavedModel functions during load, the attacker-controlled graph is registered during deserialization and executes...

8.8CVSS7.8AI score0.00354EPSS
Exploits1
Huntr
Huntr
added 2025/12/29 5:53 p.m.6 views

Unauthenticated File Upload in LollMS

Executive Summary A critical security vulnerability has been identified in LollMS that allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint lacks authentication requirements, contradicting the application's documented "Secure...

9.8CVSS5.8AI score0.0043EPSS
Exploits1
Huntr
Huntr
added 2025/12/29 5:51 p.m.6 views

Server-Side Request Forgery (SSRF) in LollMS Export Content

Executive Summary A security vulnerability has been identified in LollMS that allows Server-Side Request Forgery SSRF attacks through the /api/files/export-content endpoint. The downloadimagetotemp function downloads images from arbitrary user-controlled URLs without validation, allowing attacker...

7.5CVSS6AI score0.01765EPSS
Exploits1
Huntr
Huntr
added 2025/12/29 5:49 p.m.6 views

Insecure Direct Object Reference (IDOR) in LollMS Friend Request Response

Executive Summary A critical security vulnerability has been identified in LollMS that allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function lacks authorization checks, enabling Insecure Direct Object Reference IDOR attacks. Affect...

8.3CVSS5.8AI score0.00268EPSS
Exploits1
Huntr
Huntr
added 2025/12/20 9:56 p.m.6 views

Apache Arrow IPC cached prebuffer path triggers signed integer overflow UB in read-range coalescing

Description Apache Arrow C++ commit d89c14b5d5203bc403fb62060fdf1ef2c0a49339 contains a signed integer overflow undefined behavior in the IO range coalescing logic, specifically in arrow/cpp/src/arrow/io/interfaces.cc:475 arrow::io::internal::CoalesceReadRanges. The overflow is reachable from...

6AI score
Exploits0
Huntr
Huntr
added 2025/10/19 4:53 a.m.6 views

Path traversal vulnerability via `FileSystemPathPointer.join()` method allows unauthorized file access

Description A critical path traversal vulnerability exists in the FileSystemPathPointer.join method within the nltk library. The vulnerability allows attackers to bypass directory restrictions and access files outside the intended directory structure by using path traversal sequences such as ../ ...

5.5AI score
Exploits0
Huntr
Huntr
added 2025/07/21 5:38 a.m.6 views

SQLite Operator-Based SQL Injection Vulnerability in LangGraph

This report is not public...

7.3CVSS6.9AI score0.00162EPSS
Exploits0
Huntr
Huntr
added 2025/06/13 3:14 p.m.6 views

Brotli decompression bomb DoS

Description urllib3 can not stream brotli-encoded responses properly unlike the way it handles gzip responses. It always loads entire decompressed response body into memory when reading brotli-encoded response, which allows malicious servers to perform DoS attack by responding with decompression...

8.9CVSS6.8AI score0.00633EPSS
Exploits0
Huntr
Huntr
added 2025/06/04 11:14 a.m.6 views

H2O-3 MySQL JDBC Driver Deserialization Vulnerability_Key-Value Bypass Parameter Inspection

Creator: zack H2O-3 Version: 3.46.0.7、3.47.0.6928 MySQL JDBC Driver Version: 8.0.19 JDK Version: 8u112 Description There is a JDBC deserialization vulnerability in the H2O-3 REST API(POST /99/ImportSQLTable) that does not require authentication. This vulnerability can lead to Remote Code Executio...

9.8CVSS7.4AI score0.0064EPSS
Exploits0
Huntr
Huntr
added 2025/05/25 6:55 a.m.6 views

Environment Variable XSS in Analytics Component

Description A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This allows...

9.6CVSS7.5AI score0.00458EPSS
Exploits1
Huntr
Huntr
added 2025/05/01 11:53 a.m.6 views

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's weight conversion utility. The vulnerability exists in the converttfweightnametoptweightname function, which converts TensorFlow weight names to PyTorch format. Th...

5.3CVSS5.2AI score0.00391EPSS
Exploits1
Huntr
Huntr
added 2025/04/23 9:46 a.m.6 views

Divide By Zero lead to DOS

This report is not public...

7.1AI score
Exploits0
Huntr
Huntr
added 2025/03/15 7:42 p.m.6 views

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's configuration file resolution mechanism. The vulnerability exists in the getconfigurationfile function, which uses the vulnerable regular expression pattern...

5.3CVSS7AI score0.00431EPSS
Exploits1
Huntr
Huntr
added 2025/02/28 5:24 a.m.6 views

XML Entity Expansion vulnerability in Sitemap parser

Description There is an XML entity expansion billion laughs vulnerability in the sitemap parser. When accessing a malicious Sitemap XML, this results in a Denial of Service. Vulnerable class: import urllib.request import xml.etree.ElementTree as ET from typing import List from...

7.5CVSS7.1AI score0.00415EPSS
Exploits1
Huntr
Huntr
added 2025/02/22 5:56 p.m.6 views

Unauthenticated Stored XSS via dangerouslySetInnerHTML

An UNAUTHENTICATED attacker can achieve stored cross-site scripting XSS by injecting malicious JavaScript the v1/runs/ingest if he adds an empty citations field to trigger a code path where dangerouslySetInnerHTML is used to render the attacker controlled text. This vulnerability allows the...

9.1CVSS5.3AI score0.00415EPSS
Exploits1
Huntr
Huntr
added 2025/02/02 1:21 p.m.6 views

A DoS attack occurred in run-llama/llama_index due to inappropriate secure coding measures

Description A DoS vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llamaindex project, and this issue has been reported see the link below: Huntr Report : https://huntr.com/bounties/27883f22-35ff-49df-aaa5-05031c7d6ad8 However, due to the developer's...

7.5CVSS7.9AI score0.00438EPSS
Exploits1
Huntr
Huntr
added 2025/01/11 5:16 p.m.6 views

Bug Bounty Report: Command Injection Vulnerability in subprocess Call

This report is not public...

7.1AI score
Exploits0
Huntr
Huntr
added 2024/12/14 4:48 a.m.6 views

Denial of Service(DOS) in LangChainLLM due to missing exception handler.

Summary The streamcomplete method of the LangChainLLM class executes the llm using a thread and retrieves the result of the llm via the getresponsegen method of the StreamingGeneratorCallbackHandler class. During this process, getresponsegen recursively detects the onllmerror and onllmend events...

7.5CVSS7.7AI score0.00761EPSS
Exploits1
Huntr
Huntr
added 2024/12/03 4:27 a.m.6 views

AutoGPT SSTI Vulnerability Leading to Remote Code Execution (RCE)

Summary AutoGPT, an open-source AI tool that automates task execution, is vulnerable to a Server-Side Template Injection SSTI that could lead to arbitrary command execution. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation,...

8.8CVSS9.1AI score0.01522EPSS
Exploits1
Total number of security vulnerabilities4072