Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/09/13 2:52 p.m.34 views

XSS via Mathematical Typesetting

🔒️ Requirements Feature: Extras Mathematical Typesetting enabled. User interaction: Access vulnerable page || diagram and wheel click on a link. 📝 Description The Mathematical Typesetting feature allows to use inline content such as AsciiMath or LaTeX. Using it allows you to create a tag via \href...

5.8CVSS0.8AI score0.0061EPSS
Exploits1
Huntr
Huntr
added 2022/09/08 10:22 a.m.34 views

HTML Injection vulnerability in create tag functionality

Vulnerability Details In the Microweber CMS, While doing a live edit on to the application, we have the option to create a new global tag in the application. While creating a global tag, the "Tag Name" input field doesn't properly get sanitized and it's vulnerable to HTML Injection vulnerability...

5.8CVSS0.3AI score0.00565EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/23 5:17 a.m.34 views

Use After Free in function qf_fill_buffer

Description Use After Free in function qffillbuffer at vim/src/quickfix.c:4790 vim version git log commit adce965162dd89bf29ee0e5baf53652e7515762c HEAD - master, tag: v9.0.0246, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/poc5huaf.dat -c :qa!...

4.4CVSS0.7AI score0.00787EPSS
Exploits1
Huntr
Huntr
added 2022/08/11 12:2 p.m.35 views

2FA Bypass in Cockpit Content Platform ≤ v2.2.1

Description 2FA secret is disclosed in JWT token after user logs into his account in Cockpit Content Platform ≤ v2.2.1 allowing attacker to bypass the 2FA code. Proof of Concept 1.Login with your admin account and enable 2FA in your account and logout. 2.Go to...

6.5CVSS9.3AI score0.01278EPSS
Exploits1
Huntr
Huntr
added 2022/07/22 6:25 p.m.34 views

OS Command Injection user to admin

Summary Arbitrary commands can be injected when installing DokuWiki. Description Authenticated as "User" role users can inject commands. Injected commands are running as "admin" user. Prerequisite 1. Any user access 2. php 7.4 must be installed in order to install dokuwiki only admin can install...

6.5CVSS0.9AI score0.4749EPSS
Exploits1References1
Huntr
Huntr
added 2022/06/16 7:50 a.m.34 views

The NocoDB application allows large characters to insert in the input field "New Project" on the create field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request

Proof of Concept Go to http://localhost:8080/dashboard//projects Click on New project and create Fill the "Enter project name" field with huge characters, more than 1 lakh Copy the below payload and put it in the input fields and click on continue. You will see the application accepts large...

4CVSS2.7AI score0.01787EPSS
Exploits1References2
Huntr
Huntr
added 2022/06/06 9:4 p.m.34 views

Client-Side RCE and Stored XSS via Unsafe Deserialization of Diagrams

Description The deserialization mechanism of diagram files is based on an XML like structure. When it is read, internal objects are created and properties on those can be set. Furthermore it allows calling any top-level constructor function and cloning of top level XML/HTML nodes. This has the...

3.5CVSS0.00698EPSS
Exploits1
Huntr
Huntr
added 2022/06/03 12:37 p.m.34 views

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File

Description Formula Injection/CSV Injection in "Task" due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept 1. Click on plus track button 2. Under the task input field enter the payloads =1+1 3. Now enter the work hour as 2 4. Then click on save 5. Now go to details and...

3.5CVSS0.5AI score0.0234EPSS
Exploits2References1
Huntr
Huntr
added 2022/05/25 8:51 a.m.34 views

Use After Free in function find_pattern_in_path

Description Use After Free in function findpatterninpath at search.c:3653 vim version git log commit 4c3d21acaa09d929e6afe10288babe1d0af3de35 HEAD - master, tag: v8.2.5014, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch16s.dat -c :qa!...

6.8CVSS7.8AI score0.01406EPSS
Exploits1
Huntr
Huntr
added 2022/05/20 6:32 a.m.34 views

Allocation of Resources Without Limits in

Steps to reproduce: 1. As an admin, start a new conversation with any membernormal user 2. If the membernormal user reply with a text of huge characters, more than crores, etcthe admin may not able to access the dash board and its get started lagging, because the server get DOS POC Screenshot: PO...

4CVSS0.00919EPSS
Exploits1
Huntr
Huntr
added 2022/05/19 6:42 p.m.34 views

Account Takeover

Description Hi I found a way to takeover user's account Proof of Concept 1.Victim A is a member of a organization orgA 2.Attacker create a new account with orgB 3.Invite victimA to orgB 4.Since an admin can access invitation link attacker copy this link and set new password using this link 5.Now...

6CVSS0.6AI score0.01081EPSS
Exploits1
Huntr
Huntr
added 2022/05/11 7:32 p.m.34 views

Allowing long password leads to denial of service

Description The Organizr application allows to sending a very long password 10000000 characters it's possible to cause a denial of service attack on the server. This may lead to the website becoming unavailable or unresponsive. Usually, this problem is caused by a vulnerable password hashing...

5CVSS7.6AI score0.01046EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/28 3:47 a.m.34 views

Heap-based Buffer Overflow in function cmdline_erase_chars

Description Heap-based Buffer Overflow in function cmdlineerasechars at exgetln.c:1085 POC ./vim -u NONE -X -Z -e -s -S ./poch1.dat -c :qa! ================================================================= ==3840814==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60b00000087f at pc...

6.8CVSS6.9AI score0.02481EPSS
Exploits1
Huntr
Huntr
added 2022/04/06 7:52 p.m.34 views

NULL Pointer Dereference in r_bin_ne_get_entrypoints function

Description A NULL pointer deference vulnerability in rbinnegetentrypoints function due to a missing check before using the pointer. Version bash radare2 5.6.7 27746 @ linux-x86-64 git.5.6.6 commit: 2b77b277d67ce061ee6ef839e7139ebc2103c1e3 build: 2022-04-0614:41:37 POC bash radare2 -q -A poc poc...

4.3CVSS1AI score0.00668EPSS
Exploits1
Huntr
Huntr
added 2022/04/04 3:25 p.m.34 views

XSS in livehelperchat

Description LiveHelperChat is vulnerable to XSS in /cobrowse/checkmirrorchanges/ in it response the url parameter to json content while response content type is html. SETP1: set the url in following request POST /cobrowse/storenodemap/hash/174QXubVQ2cHdPR5xt5vNLBWVRnRwNu6MBWHoxRs3/?url= HTTP/1.1...

4.3CVSS6.2AI score0.00715EPSS
Exploits1
Huntr
Huntr
added 2022/03/26 2:36 a.m.34 views

Null Pointer Dereference Caused Segmentation Fault

Description Null pointer dereference caused segmentation fault Proof of Concept version ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.1-DEV-rev65-g718843df4-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters:...

4.3CVSS5.3AI score0.00741EPSS
Exploits1
Huntr
Huntr
added 2022/03/25 8:4 a.m.34 views

Old sessions are not blocked by the login enable function.

Description If you disable logic function of an user, that user can still login by using their old session. Proof of Concept Step 1: login to dashboard by a normal account. Step 2: use a diffrent browser to login as admin Step 3: make the normal account in step 1 unable to login. Step 4: return t...

6.5CVSS1AI score0.00977EPSS
Exploits1
Huntr
Huntr
added 2022/03/14 1:51 p.m.34 views

Stored XSS via File Upload in star7th/showdoc

Description Stored XSS via uploading file in .properties format. Proof of Concept filename="test.properties" alert1 Steps to Reproduce 1. Login into showdoc.com.cn. 2. Navigate to file library https://www.showdoc.com.cn/attachment/index 3. In the File Library page, click the Upload button and...

3.5CVSS5.3AI score0.00533EPSS
Exploits1
Huntr
Huntr
added 2022/03/09 5:44 p.m.34 views

Cross-site Scripting (XSS) - Stored

Description Type parameter in the body of POST request triggered by add/edit tax in microweb are vulnerable to stored XSS. 1 Settings Taxes Tax type Proof of Concept Step 1: Access https://demo.microweber.org/?template=dream Step 2: Browse to Settings Taxes Tax type Step 3: Add or Edit current ta...

3.5CVSS5.4AI score0.02389EPSS
Exploits1
Huntr
Huntr
added 2022/03/05 2:24 p.m.34 views

Cross-site Scripting (XSS) - Stored

Description Iframe tags don't have a sandbox attribute, this makes an attacker able to execute malicious javascript via an iframe and perform phishing attacks. The sandbox attribute will block script execution and prevents the content to navigate its top-level browsing context which will stop thi...

3.5CVSS2.1AI score0.0077EPSS
Exploits1
Huntr
Huntr
added 2022/02/28 2:48 p.m.34 views

Improper Resolution of Path Equivalence

DESCRIPTION Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. This behavior can be...

5.8CVSS0.2AI score0.02388EPSS
Exploits1References4
Huntr
Huntr
added 2022/02/19 8:40 p.m.34 views

Insecure Storage of Sensitive Information

Description:- When the user uploads his profile picture, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of microweber users like their Geolocation, their Device information like Device Name, Version, Software & Software version...

4CVSS0.4AI score0.01961EPSS
Exploits2References6
Huntr
Huntr
added 2022/01/21 9:30 a.m.34 views

Cross-site Scripting (XSS) - Reflected in pimcore/data-hub

Description pimcore Datahub is vulnerable to Reflected XSS in the Path of Documents, Assets and Objects in the Security Definition tab Steps to reproduce 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In the left menu bar, click the Datahub icon and click on any existing configuration then ...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/01/20 2:2 p.m.34 views

Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore

Description XSS Proof of Concept Previous bug https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6/ is not properly fixed. it can be bypassed using with event handler . https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911 its only checking...

5CVSS6.8AI score0.01102EPSS
Exploits1
Huntr
Huntr
added 2022/01/12 11:14 a.m.34 views

Heap-based Buffer Overflow in vim/vim

Description A Heap-based Buffer Overflow has been found in vim commit 3cf21b3 Proof of Concept base64 poc ZggwMDAwMDAwMDAwMDAwMDAwMBkwMDAwCmYIMDAwMDAwMCUlJSUlJSUlJSUlMDAwMDD8CmUlJSUl JSUlJSUlJSUlJQp2cwp2MP8wbwo= /fuzzing/vim/vim/src/vim -u NONE -X -Z -e -s -S ./poc -c :qa! ASan stack trace:...

6.8CVSS7.5AI score0.01242EPSS
Exploits1
Huntr
Huntr
added 2021/10/05 4:13 a.m.34 views

Sensitive Cookie Without 'HttpOnly' Flag in yeswiki/yeswiki

Description The software uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag. The HttpOnly flag directs compatible browsers to prevent client-side script from accessing cookies. Including the HttpOnly flag in the Set-Cookie HTTP response header helps...

6AI score
Exploits0
Huntr
Huntr
added 2021/09/10 1:31 p.m.34 views

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Hello dear glpi team I found one more CSRF vulnerability in following directory: Home/Setup/General/performance 🕵️‍♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here User...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/08/26 12:9 p.m.34 views

Inefficient Regular Expression Complexity in ramda/ramda

✍️ Description A ReDoS regular expression denial of service flaw was found in the ramda package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar attack ref: https://nvd.nist.gov/vuln/detail/CVE-2020-7753...

0.5AI score0.03732EPSS
Exploits1
Huntr
Huntr
added 2021/06/30 9:36 p.m.34 views

Inefficient Regular Expression Complexity in chatwoot/chatwoot

✍️ Description If we want to use Regex in our match or search or replace or ... functions, we must be sanitize this function's inputs. if an attacker capable to inject any Regex or abuse the bad Regexes that used in our codes, then the ReDoS vulnerability appear and according to "freezing the web ...

5CVSS1.4AI score0.01222EPSS
Exploits1
Huntr
Huntr
added 2023/10/03 11:38 a.m.33 views

SQL Injection in opportunities module

Description During the save of the the opportunity the duplicateparentid is not properly validated and cleaned, which allows for injecting sql. Proof of Concept Add sql injection statement to opportunities duplicateparentid on save request...

6.4CVSS7.3AI score0.0191EPSS
Exploits2
Huntr
Huntr
added 2023/10/02 7:37 p.m.33 views

Stored XSS in Attachment File Name

Description A stored cross-site scripting vulnerability exists within the file attachment upload functionality. Replication Steps 0x01. As a user with only the "Edit Record" and "Add Attachments" permissions, the user proceeded to edit a FAQ record and clicked "Add new attachment", as seen in the...

5.5AI score0.00414EPSS
Exploits1
Huntr
Huntr
added 2023/09/04 11:24 a.m.33 views

Out of Bounds Read in scene_manager/loader_bt.c:478

Description Out of Bounds Read in MP4Box. Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.9AI score0.00253EPSS
Exploits1References1
Huntr
Huntr
added 2023/09/01 6:44 p.m.33 views

Store XSS in Users

Description I noticed, your website is very secure. But you overlooked a flaw XSS . Proof of Concept Detail: 1 .Login vs admin demo account and access admin page. 2 .Create a users ,insert payload in to Real name test" 3 .Click edit on the user just created, detect XSS Video Poc...

4.9CVSS6.1AI score0.00412EPSS
Exploits0
Huntr
Huntr
added 2023/07/10 12:42 a.m.33 views

Arbitrary command execution on Windows

Description Opening files from an untrusted directory can lead to execution of arbitrary commands on Windows systems, this is possible by having a malicious file with the same name as a trusted executable, Windows gives priority to the current directory when searching for executables. Several...

4.4CVSS7.5AI score0.06796EPSS
Exploits1
Huntr
Huntr
added 2023/04/22 1:56 p.m.33 views

Uncaught exception in document parsing functions

Description The parseDocument and parseAllDocuments functions should never throw according to the documentation. However, when these functions are fed an invalid input with a lot ≥80 of carriage return characters \r, an exception is thrown, which originates in the prettifyError function. Proof of...

5CVSS6AI score0.01093EPSS
Exploits1
Huntr
Huntr
added 2023/01/22 2:49 p.m.33 views

Heap Use After Free in function ins_compl_get_exp

Description Heap Use After Free in function inscomplgetexp at insexpand.c:3846 vim version git log commit 7193323b7796c05573f3aa89d422e848feb3a8dc HEAD - master, tag: v9.0.1223, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochuaf01s.dat -c :qa!...

4.4CVSS7.1AI score0.00559EPSS
Exploits1
Huntr
Huntr
added 2023/01/12 3:2 a.m.33 views

Image upload function has storage xss vulnerability

Description Malicious users can upload files containing malicious html code through this vulnerability, resulting in the theft of identity tokens of other users/administrators accessing related pages and the account being taken over Proof of Concept step1. Log in to a common user account step2...

6CVSS8.8AI score0.00745EPSS
Exploits1
Huntr
Huntr
added 2022/12/30 8:19 p.m.33 views

Authenticated HTMLi via theme parameter on /lib/ajax.php

Description The theme parameter is vulnerable to HTMLi on /lib/ajax.php endpoint Proof of Concept - go to https://v2.demo.froxlor.org - Login with a user - Go to https://v2.demo.froxlor.org/lib/ajax.php?action=newsfeed&theme=%3C/br%3E%3Ch1%3EHTMLi%20by%20leorac%3C/h1%3E%3Cbr%3E - You'll see the...

4.9CVSS0.7AI score0.00479EPSS
Exploits1
Huntr
Huntr
added 2022/12/30 9:18 a.m.33 views

Bypass Stored XSS while creating a new post

Description After login to portal create a new post and type the following text with XSS payload bypass of this fix Proof of Concept Login to portal. create a post with xss paylaod save it POC: https://drive.google.com/file/d/1WkQpGyQGKBS-9To5mludqkkL7VOp9Au/view?usp=sharelink Bypass Payload //X/...

6CVSS8.6AI score0.00991EPSS
Exploits1
Huntr
Huntr
added 2022/11/30 6:30 a.m.33 views

Authenticated Remote Command Execution on GLPI 10.0.5 due to vulnerable marketplace plugin

Description It was found that GLPI at the current version 10.0.5 is vulnerable to a remote command execution when an attacker has super-user privileges. This is possible due to an attacker being able to download a plugin that contains files that was calling unserialize into $POST'entityrestrict'...

7.4AI score
Exploits0
Huntr
Huntr
added 2022/10/12 8:37 a.m.33 views

heap-buffer-overflow in function skipwhite

Description heap-buffer-overflow in function skipwhite at charset.c:1706:12 vim version shell git log commit 56564964e6d0956c29687e8a10cb94fe42f5c097 HEAD - master, tag: v9.0.0719, origin/master, origin/HEAD Proof of Concept shell /home/mist/fuzz/vim/vim/src/vim -u NONE -X -Z -e -s -S poc1 -c :qa...

4.4CVSS7.9AI score0.00496EPSS
Exploits1
Huntr
Huntr
added 2022/08/26 7:49 a.m.33 views

Use After Free in function get_next_valid_entry

Description Use After Free in function getnextvalidentry at vim/src/quickfix.c:2709. vim version git log commit 2bd9dbc19fc67395cfa1226dda7326071ab22464 HEAD - master, tag: v9.0.0270, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/test/poc/poc6huaf.da...

4.4CVSS7.7AI score0.00497EPSS
Exploits1
Huntr
Huntr
added 2022/06/16 6:9 a.m.33 views

Buffer Over-read in function current_quote

Description Buffer Over-read in function currentquote at textobject.c:1801 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC root@fuzz-vm0-187:/home/fuzz/fuzz/vim/afl/src ./vim -u NONE -i NONE -n -m -X -Z -e -s -S...

6.8CVSS1.2AI score0.01492EPSS
Exploits1
Huntr
Huntr
added 2022/06/10 8:32 p.m.33 views

Chatwoot's Misconfigured Rack_Attack.rb Does Not Appropriately Protect Against Brute Force Attacks

Description Chatwoot relies on the rackattack.rb file to defend the application against various brute force attacks. The Chatwoot application fails to prevent brute force attacks against the listed paths when strings are appended to the end of POST directory names. Some protection still exists,...

7.5CVSS0.3AI score0.00882EPSS
Exploits1References3
Huntr
Huntr
added 2022/06/03 12:15 p.m.33 views

Stored XSS in Name

Description The application Titra is vulnerable to Stored XSS in user's name field. Proof of Concept Go to profile and under the name put the payload " Video POC: https://drive.google.com/file/d/1MHPloy-i2hsxaLuuVn46oUZVpFm6Nywf/view?usp=sharing...

3.5CVSS0.00674EPSS
Exploits1
Huntr
Huntr
added 2022/05/30 5:22 p.m.33 views

Use After Free in function utf_ptr2char

Description Use After Free in function utfptr2char at mbyte.c:1794 vim version git log commit be99042b03edf7b8156c9adbc23516bfcf2cec0f HEAD - master, tag: v8.2.5044, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochuaf2s.dat -c :qa!...

6.8CVSS7.8AI score0.01419EPSS
Exploits1
Huntr
Huntr
added 2022/05/23 4:16 p.m.33 views

Meta Data Is Not Stripped From images

Hey team, while uploading site/page logo as an administrator, The meta data of the image like geolocation, device information, version, name etc is not getting stripped, as a result the attacker can collect all the meta data information of the image by using tools like exif tool, metadata...

5CVSS0.1AI score0.00788EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/08 3:52 a.m.33 views

Heap-based Buffer Overflow in function skip_string

Description Heap-based Buffer Overflow in function skipstring at cindent.c:92 vim version git log commit 5a8fad32ea9c075f045b37d6c7739891d458f82b HEAD - master, tag: v8.2.4962, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch7s.dat -c :qa!...

4.6CVSS7AI score0.00599EPSS
Exploits1
Huntr
Huntr
added 2022/04/29 1:54 a.m.33 views

Blind command injection

Description Hello , its my first report in huntr.dev fast code review : file https://github.com/yogeshojha/rengine/blob/master/web/api/views.pyL820 class CMSDetectorAPIView: def getself, request: req = self.request url = req.queryparams.get'url' savedb = True if 'savedb' in req.queryparams else...

7.5CVSS9.2AI score0.02664EPSS
Exploits1
Huntr
Huntr
added 2022/04/22 6:4 p.m.33 views

XSS in /demo/module/?module=HERE

Description Reflected XSS in /demo/module/?module= bypass of fix for CVE-2022-1439 Proof of Concept In this report I showed an XSS and while one of the filter evasion mechanisms was fixed, the root cause persists to allow other payloads. As I mentioned there are event handlers which are unblocked...

4.3CVSS0.8AI score0.0321EPSS
Exploits2References1
Total number of security vulnerabilities4072