Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2022/04/22 6:4 p.m.33 views

XSS in /demo/module/?module=HERE

Description Reflected XSS in /demo/module/?module= bypass of fix for CVE-2022-1439 Proof of Concept In this report I showed an XSS and while one of the filter evasion mechanisms was fixed, the root cause persists to allow other payloads. As I mentioned there are event handlers which are unblocked...

4.3CVSS0.8AI score0.0327EPSS
Exploits2References1
Huntr
Huntr
added 2022/04/13 12:36 p.m.33 views

SQL injection in GridHelperService.php

Description In line 786, we can see $conditionFilters = $filterField . ' ' . $operator . ' ' . $value;. The three variables joins to a string, and the variables come from the request parameter.Maybe line 793 is vulnerable too. The code comes from prepareAssetListingForGrid function. The function ...

5CVSS0.7AI score0.63859EPSS
Exploits1
Huntr
Huntr
added 2022/03/08 5:12 p.m.33 views

Cross-site Scripting (XSS) - Stored

Description pimcore datahub is vulnerable to Stored XSS in multiple places including: 1 the Pricing Rule of Online Shop in EcommerceFrameworkBundle. Whenever an admin user access Pricing Rule, a stored XSS will be triggered. 2 Image Thumbnails in Settings. Whenever an admin user access Image...

3.5CVSS5.5AI score0.0079EPSS
Exploits1
Huntr
Huntr
added 2022/03/06 4:12 p.m.33 views

Static Code Injection

Description The Microweber application allows HTML tags in the "First name", "Last name" and "Phone number" which can be exploited by Injecting HTML payloads. Proof of Concept 1.While buying product we need to fill contact information form. 2.Insert your html code in code block. e.g., Hurry Up!Go...

7.5CVSS0.5AI score0.04998EPSS
Exploits2References1
Huntr
Huntr
added 2022/03/02 2:30 p.m.33 views

Cross-site Scripting (XSS) - Stored

Description Autolab is vulnerable to stored cross-site-scripting in the upload files functionality in courses feature, this can be used to execute XSS attack against the victim who is a student/teacher. Steps to Reproduce PoC 1 login to autolab 2 go to...

3.5CVSS0.00646EPSS
Exploits1References1
Huntr
Huntr
added 2022/03/01 2:11 p.m.33 views

Open Redirect

Description bypass https://huntr.dev/bounties/f53d5c42-c108-40b8-917d-9dad51535083/ urijs fix CVE-2022-0613 , however attacker can bypass to exploit this issue Proof of Concept // PoC.js var URI = require'urijs'; var url = new URI"https::\\github.com/foo/bar"; console.logurl; output: URI string:...

5.8CVSS0.1AI score0.0158EPSS
Exploits2
Huntr
Huntr
added 2022/02/22 3:9 p.m.33 views

Improper Access Control (IDOR)

Description Dolibarr v14.0.5 allows improper access control issues in the userphoto modulepart. The impact could lead to data exposure as the attached files and documents may contain sensitive information of relevant parties such as contacts, suppliers, invoices, orders, stocks, agenda, accountin...

4CVSS0.7AI score0.00996EPSS
Exploits1
Huntr
Huntr
added 2022/02/19 5:7 p.m.33 views

NULL Pointer Dereference

Description Null pointer dereferencing occurs in finducmd. commit : cdf717283ca70b18f20b8a2cefe7957083280c6f Proof of Concept $ echo -ne "dGFiZQpzaWwwbm9ybTBxL2cJOkkb" | base64 -d poc Valgrind $ /valgrind/vg-in-place -s ./src/vim-u NONE -i NONE -n -X -Z -e -m -s -S poc -c ":qa!" ==1411416==...

4.3CVSS6.3AI score0.01525EPSS
Exploits1
Huntr
Huntr
added 2022/02/19 5:59 a.m.33 views

Use of Out-of-range Pointer Offset

Description Using out-of-range Pointer Offset occurs in unixexpandpath. commit : e89bfd212b21c227f026e467f882c62cdd6e642d Proof of Concept $ echo -ne "c2UgbWwgd2ljCnRj+42NjaYq" | base64 -d poc valgrind $ /valgrind/vg-in-place -s /vim-debug/src/vim.debug -u NONE -i NONE -n -X -Z -e -m -s -S poc -c...

6.8CVSS8.1AI score0.01723EPSS
Exploits1
Huntr
Huntr
added 2022/02/17 6:7 a.m.33 views

Improper Authorization in webmin/webmin

Description The /cron/saveallow.cgi endpoint is accessible to any authenticated low privilege users resulting in controlling user access to cron jobs. They could allow and deny other users access to cron jobs affecting the Scheduled Cron Jobs module. Proof of Concept Affected Endpoint: GET...

5.5CVSS1AI score0.01275EPSS
Exploits4
Huntr
Huntr
added 2022/02/15 9:21 a.m.33 views

Improper Access Control in zulip/zulip

Description According to the current design of the application, when the user wants to get value of apikey, API /json/fetchapikey will require password to authentication. However, the application exists another API routed at /json/users/me/apikey/regenerate that allows regenerating apikey value a...

6.5CVSS0.1AI score0.00825EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 6:51 a.m.33 views

in unshiftio/url-parse

Description Incorrect conversion of @ in protocol in the href leads to improper validation of hostname. Proof of Concept Url-parse is not able to verify broken protocol. This will allow to bypass hostname validation. parse = require'url-parse' console.logparse"http:@/127.0.0.1" Now imagine if the...

5CVSS0.7AI score0.01535EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/10 9:24 a.m.33 views

Path Traversal in pimcore/pimcore

Description The application doesn't perform a check/filter against the value of "importFile" parameter at endpoint "/admin/translation/import". After the API is executed, PHP unlink function will proceed to delete the file. Proof of Concept - Step 1: Login as admin at...

5.5CVSS5.7AI score0.01483EPSS
Exploits1
Huntr
Huntr
added 2022/02/03 8:58 a.m.33 views

Improper Access Control in phpipam/phpipam

Description In phpIPAM 1.4.5, a normal user with the role of User could download or export IP subnets that may contain sensitive information related data such as IP address, IP state, MAC, owner, hostname and device via export-subnet.php endpoint. The bug is the export-subnet.php should verify th...

4CVSS6.2AI score0.01162EPSS
Exploits1
Huntr
Huntr
added 2022/01/24 2:53 p.m.33 views

in vim/vim

Description A heap-based OOB read of size 4 occurs when a user tries to open a vim session file specified below. This happens regardless of any command line options that could be specified to restrict vim, such -Z and -m. This bug has been found on default vim build lastest commit hash...

6.8CVSS8.1AI score0.01521EPSS
Exploits1
Huntr
Huntr
added 2022/01/17 1:59 p.m.33 views

in mruby/mruby

Description There is a NULL Pointer Dereference in ivfree src/variable.c:232:20. This bug has been found on mruby lastest commit hash 31fa3304049fc406a201a72293cce140f0557dca on Ubuntu 20.04 for x8664/amd64. Proof of Concept 6.times3.times%until-break b= 0,m:0 s=0 Steps to reproduce 1- Clone repo...

4.3CVSS0.3AI score0.0081EPSS
Exploits1
Huntr
Huntr
added 2022/01/02 10:31 a.m.33 views

Open Redirect in microweber/microweber

Description An Open Redirect vulnerability enables attacker to redirect the victims/users to malicious websites. Proof of Concept 1. Visit https://demo.microweber.org/demo/api/logout?redirectto=https://example.com It will redirect you to example.com Impact Attackers can use it in phishing campaig...

5.8CVSS1.6AI score0.01036EPSS
Exploits1
Huntr
Huntr
added 2022/01/02 5:58 a.m.33 views

Server-Side Request Forgery (SSRF) in dompdf/dompdf

Description DomPDF uses filegetcontents to obtain HTTP files when allowurlfopen is "On". On default contexts, filegetcontents will redirect whenever served with a 302 response. When developers use DomPDF with isRemoteEnabled set to "true" and allowurlfopen set to "true", but restrict IP addresses...

4.3CVSS4.6AI score0.00953EPSS
Exploits1
Huntr
Huntr
added 2021/08/29 11:36 a.m.33 views

Cross-site Scripting (XSS) - Stored in yogeshojha/rengine

✍️ Description 'Delete Scheduled Task' confirmation model executes javascript as part of the name of a scan engine. 🕵️‍♂️ Proof of Concept 1. Name a scan engine as a XSS payload. Example: 2. Schedule a scan for any target using the created scan engine. 3. Try to delete the scheduled task Location...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/08/25 12:25 p.m.33 views

Cross-site Scripting (XSS) - Reflected in zoujingli/thinkadmin

✍️ Description The Application is Vulnerable to reflected XSS Attack. 🕵️‍♂️ Proof of Concept Open the following page in the browser as admin. The 商品名称 field is vulnerable to reflected XSS. An alert box is displayed as PoC...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2021/07/18 3:31 p.m.33 views

Inefficient Regular Expression Complexity in liriliri/licia

✍️ Description A ReDoS regular expression denial of service flaw was found in the licia package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar to https://nvd.nist.gov/vuln/detail/CVE-2020-28500 🕵️‍♂️...

0.6AI score0.07336EPSS
Exploits1
Huntr
Huntr
added 2021/06/12 1:54 p.m.33 views

Code Injection in laravel/framework

✍️ Description Function injection in Illuminate\Validation\Rules\RequiredIf can be exploited to generate gadget chains for deserialization vulnerabiltiies. 🕵️‍♂️ Proof of Concept ?php use Illuminate\Validation\Rules\RequiredIf; require"vendor/autoload.php"; $gadget = serializenew...

2AI score
Exploits0
Huntr
Huntr
added 2021/02/11 12:0 a.m.33 views

Denial of Service in sebhildebrandt/systeminformation

Description systeminformation is vulnerable to Denial of Service. It is possible to overwrite the ping command parameters, which results in too long execution. Proof of Concept Create a .js file with the content below and run it. javascript const si = require'systeminformation'; si.inetLatency"-c...

4.6CVSS4.3AI score0.9024EPSS
Exploits4
Huntr
Huntr
added 2020/10/15 12:0 a.m.33 views

Denial of Service in locutusjs/locutus

Description locutus is vulnerable to ReDoS. The regular expression at src/php/network/inetpton.js:24 is vulnerable to ReDoS. It is possible to cause increasing slow-downs which lock the event loop by passing strings which have some number of repeating a characters followed by a . character. For...

7.5CVSS0.5AI score0.02753EPSS
Exploits1References1
Huntr
Huntr
added 2023/10/06 7:24 a.m.32 views

Cross-Site Request Forgery Vulnerability in Logout Functionality

Description Logout CSRF is a security vulnerability where an attacker forces a user to unknowingly log out of their session by tricking them into triggering a logout request through a malicious website or link. The csrftoken for the logout interface is invalid, it is recommended to change it to...

6.8CVSS6.9AI score0.00428EPSS
Exploits1References1
Huntr
Huntr
added 2023/08/25 5:0 p.m.32 views

Store XSS in Widgets and pages

Description I noticed that you filtered the comment very carefully. But there are still some parts you missed Proof of Concept 1 .Login with admin 2 .Go to "https://demo.instantcms.io/admin/widgets" 3 . Insert payload in Position name and Title test" onmouseover = "alertdocument.cookie 4 .Click...

4.3CVSS6.8AI score0.00348EPSS
Exploits1
Huntr
Huntr
added 2023/06/22 10:11 p.m.32 views

Secret information exfiltration by hard coding twitter API keys

Description Secret information used for API calls was embedded in the microweber source code. PoC It's hardcoded in the source code below. - https://github.com/microweber/microweber/blob/master/userfiles/modules/twitterfeed/functions.php php $oauthaccesstoken =...

5CVSS7.2AI score0.00541EPSS
Exploits0References3
Huntr
Huntr
added 2023/06/12 8:34 p.m.32 views

Desktop APP RCE via saveDraft IPC

🔒️ Requirements The user must load a malicious project. 📝 Description In version 20.3.3 commit 5383c20e947fd772668316e407edc5d5db4850db, the shell=true option is added to a spawn execution. This is really dangerous has it allows a malicious user to execute commands even from attributes. Example: j...

7.5CVSS7.1AI score0.01069EPSS
Exploits0
Huntr
Huntr
added 2023/05/02 2:41 p.m.32 views

all user password hash is disclosed

Proof of Concept login to admin account and then visit https://demo.pimcore.fun/admin/customermanagementframework/customers/detail?id=1016&filteroperator-customer=AND&filteroperator-segments=AND&filtershowSegments0=832&filtershowSegments1=833&filtershowSegments2=874&filterDefinitionid=1 able to...

3.3CVSS7.1AI score0.00547EPSS
Exploits0
Huntr
Huntr
added 2023/03/22 6:12 p.m.32 views

Unhandled SWF Tags in MP4Box: Potential Vulnerability in GPAC

An unhandled series of SWF tags have been identified in the MP4Box software, which is part of the GPAC multimedia framework. These tags are not properly processed, leading to potential vulnerabilities such as denial of service, buffer overflows, or other malicious attacks. POC: ./MP4Box -dash 100...

4.3CVSS7.8AI score0.00318EPSS
Exploits0
Huntr
Huntr
added 2023/02/21 7:2 a.m.32 views

segmentation fault in regexp.c:1788

Description SIGSEGV raised on regtilde function at regexp.c. As the function processes the tainted string inside the poc file, constant calls to the alloc function with ever-increasing size actually exhausts memory and the process terminates. At last negative size value is assigned. Version $ git...

4.4CVSS6.8AI score0.00485EPSS
Exploits1
Huntr
Huntr
added 2023/02/14 12:42 p.m.32 views

Stored XSS in Email Blacklist Function

Description Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XS...

4.9CVSS4.9AI score0.0051EPSS
Exploits1
Huntr
Huntr
added 2023/01/23 1:11 p.m.32 views

Divide By Zero in function adjust_skipcol

Description Divide By Zero in function adjustskipcol at move.c:1978 vim version git log commit 7193323b7796c05573f3aa89d422e848feb3a8dc HEAD - master, tag: v9.0.1223, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocdbz01s.dat -c :qa! Floating point exception GDB gdb...

4.4CVSS7.6AI score0.0049EPSS
Exploits1
Huntr
Huntr
added 2022/12/29 9:18 a.m.33 views

CSRF allows attacker trigger admin add HOST user lead to takeover memos application

Description This vuln allow attacker trigger admin submitting a malicious request to create new user with any role. Proof of Concept 1. Attacker create malicious script with csrf payload and upload it to attacker server httpx://attacker.server/csrf.html 2. Attacker send this link to memos admin 3...

6.8CVSS0.9AI score0.00308EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/23 8:13 p.m.32 views

Users can edit and delete all other user shortcuts

Description Users can edit and delete all other user shortcuts Proof of Concept Step 1. Log in as user A and make a shortcuts Step 2. View shortcut information including: ID, rowStatus, title, payload... For ex: user A creates a shortcut with ID 10 Step 3. Log in as user B and make a shortcuts...

4CVSS0.1AI score0.00571EPSS
Exploits1References2
Huntr
Huntr
added 2022/12/22 7:59 p.m.32 views

Email exposure of users to an authorized user

Description Hello, this is an endpoint that leaks all the information of the users like names, email, role, and OpenID to an authenticated user Steps to reproduce 1 build the web app 2 either you host it locally or on a server 3 try to add users with their data 4 visite...

4CVSS0.4AI score0.00773EPSS
Exploits1
Huntr
Huntr
added 2022/12/20 2:45 p.m.32 views

XSS by uploading svg files

Description Hi there, Your project has a function of uploading files.That is the section named "Resource".But it does not filter the content of the uploaded files. If we upload an svg file containing malicious data and a user accesses it, xss will be triggered. Video Please visit my video link...

4.9CVSS5.6AI score0.00564EPSS
Exploits1
Huntr
Huntr
added 2022/12/20 8:15 a.m.33 views

Stored XSS via SVG File

Description usememos has a feature to upload file and display it. By uploading a crafted SVG files, the users can perform Stored XSS attack with the image direct link. Copy the following code and save as filename.svg. Proof of Concept filename.svg alertdocument.location; 1. Login as user 2. creat...

4.9CVSS5.5AI score0.00601EPSS
Exploits1
Huntr
Huntr
added 2022/12/17 2:35 p.m.32 views

Blind Stored XSS in admin panel (open question page)

Description Blind stored XSS via any unauthorized or anonymous visitor user without any privileges can inject XSS payload in "Add question" page in "Your Name" input field then it will be executed in admin panel in Open Question page Proof of Concept...

4.9CVSS5.2AI score0.00487EPSS
Exploits0
Huntr
Huntr
added 2022/09/29 7:45 p.m.32 views

No limit in length of "Token name" parameter results in DOS attack /memory corruption

Proof of Concept 1Go to https://rdiffweb-dev.ikus-soft.com/prefs/tokens endpoint . 2You will see a field called "Token name" 3Here you will see that there is no limit for the "Token name" parameter that allows a user to to set a very long string as long as 1 million characters . 4This may possibl...

5CVSS1.4AI score0.00983EPSS
Exploits1
Huntr
Huntr
added 2022/09/10 8:56 p.m.32 views

Exposure of "Forgot Password" Token on Threads Controller Leads to Account Takeover

Description Hello there! Hope you are doing great! I kept looking for issues that are similar to CVE-2022-3019, and ended up finding one more, it's in the Thread entity, and I found it by looking at the /api/threads/:appid/all endpoint. It retrieves sensitive information about every user that's i...

3.3CVSS0.6AI score0.00844EPSS
Exploits2
Huntr
Huntr
added 2022/07/15 6:15 a.m.32 views

Undefined behavior in diff_write_buffer()

Description Undefined behavior. commit hash: 99af91e5820c78a196c9272cd8ce5aa5be7bf374 It may occur heap-buffer-overflow. Proof of Concept Download POC file POC GDB gdb-peda$ r -u NONE -i NONE -n -m -X -Z -e -s -S undefinedpoc -c :qa! 0000089bd31 in diffwritebuffer buf=0x62500000f100, din= at...

1.9CVSS6.5AI score0.00872EPSS
Exploits1
Huntr
Huntr
added 2022/07/08 3:57 p.m.32 views

Heap-based buffer overflow in function vim_iswordp_buf

Description Heap-based buffer overflow in function vimiswordpbuf at charset.c:835 Version commit fee0c4aa99eb0a7a801dade758ce5e04b48c15d1 HEAD - master, origin/master, origin/HEAD Proof of Concept guest@elk:/trung$ valgrind ./vimlatest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc196min ...

4.4CVSS0.2AI score0.00478EPSS
Exploits1
Huntr
Huntr
added 2022/07/06 2:15 a.m.32 views

Out-of-bounds Read in function utf_ptr2char

Description Out-of-bounds Read in function utfptr2char at mbyte.c:1794 vim version git log commit 324478037923feef1eb8a771648e38ade9e5e05a HEAD - master, tag: v9.0.0042, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocobr5s.dat -c :qa!...

4.4CVSS7.6AI score0.00485EPSS
Exploits1
Huntr
Huntr
added 2022/07/06 2:0 a.m.32 views

Heap Use After Free in function skipwhite

Description Heap Use After Free in function skipwhite at charset.c:1428 vim version git log commit 324478037923feef1eb8a771648e38ade9e5e05a HEAD - master, tag: v9.0.0042, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochuaf4s.dat -c :qa!...

6.8CVSS0.6AI score0.01207EPSS
Exploits1
Huntr
Huntr
added 2022/06/19 1:42 a.m.32 views

Lack of Character Limit in Notes Sections Leads to Denial of Service

Description The InvenTree application allows for the inclusion of notes for various objects in the application. The notes functionality does not include a character limit. An attacker can submit an infinite number of characters into the notes section, which causes a denial of service and increase...

4.3CVSS0.1AI score0.00807EPSS
Exploits1References1
Huntr
Huntr
added 2022/06/02 11:28 p.m.32 views

Path Traversal vulnerability on the endpoint '/info/refs'

Summary It seems "gogs" suffers from a Path Traversal which may lead a malicious user to access another legitimate user's git config files or issue a couple of git commands on its behalf. Steps to reproduce and Proof of Concept 1. I created two users sim4n6 and sim4n62. 2. From sim4n6 dashboard...

5.5CVSS8.2AI score0.51136EPSS
Exploits1
Huntr
Huntr
added 2022/05/25 2:44 p.m.32 views

Heap-based Buffer Overflow in function vim_regsub_both

Description Heap-based Buffer Overflow in function vimregsubboth at regexp.c:1954 vim version git log commit 4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 HEAD - master, tag: v8.2.5037, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pocobw5s.dat -...

6.8CVSS7.7AI score0.01559EPSS
Exploits1
Huntr
Huntr
added 2022/05/22 3:6 a.m.32 views

Buffer Over-read in function utf_ptr2char

Description Buffer Over-read in function utfptr2char at mbyte.c:1794 vim version git log commit 31d9948e3a2529c2f619d56bdb48291dc261233d HEAD - master, tag: v8.2.5026, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch10ns.dat -c :qa!...

6.8CVSS7.8AI score0.02481EPSS
Exploits3References2
Huntr
Huntr
added 2022/05/14 3:25 a.m.32 views

NULL Pointer Dereference in function vim_regexec_string

Description NULL Pointer Dereference in function vimregexecstring at regexp.c:2733 allows attackers to cause a denial of service application crash via a crafted input. vim version git log commit 31ad32a325cc31f0f2bdd530c68bfb856a2187c5 HEAD - master, tag: v8.2.4949, origin/master, origin/HEAD...

1.9CVSS1.2AI score0.00517EPSS
Exploits1References2
Total number of security vulnerabilities4072