Lucene search
K

4072 matches found

Huntr
Huntr
added 2023/04/26 6:47 a.m.23 views

Local File Inclusion (LFI)

Description The vulnerability in the code is a Local File Inclusion LFI vulnerability. It allows an attacker to read arbitrary files on the server by exploiting a flaw in the code that allows the attacker to manipulate the "InternalPath" parameter in a request to include files from the server's...

5CVSS6.9AI score0.00759EPSS
Exploits2References1
Huntr
Huntr
added 2023/04/25 9:59 p.m.19 views

File Upload Path Validation Error

Description An administrator user can use the easyUpload function to create files in any path of the system where the application has write permissions. This vulnerability arises because the application is using user input to build the file path and does not properly validate this input. Proof of...

5.8CVSS7.1AI score0.29134EPSS
Exploits1
Huntr
Huntr
added 2023/04/25 7:20 p.m.19 views

Stored XSS in the module named "Create Case"

Description I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible. You have almost filtered out all possible cases of XSS, but I noticed that there is still 1 case that you left out. by using this xss command: Pro...

4.3CVSS6.3AI score0.00547EPSS
Exploits1References1
Huntr
Huntr
added 2023/04/24 7:56 p.m.16 views

Bypass change password policy

Description I tested your demo site and discovered a vulnerability that could bypass password length and password complexity validation in your account's password change function. Proof of Concept link video PoC https://drive.google.com/file/d/1r2TAeFdLAeEREUccDoE86Yacavv79VR/view?usp=sharing...

7.5CVSS7AI score0.00597EPSS
Exploits1
Huntr
Huntr
added 2023/04/24 7:26 p.m.17 views

Stored XSS

Description I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible. Proof of Concept link video PoC https://drive.google.com/file/d/186jNX2EJWaIaknmOmwBhQ663SSzv289/view?usp=sharing Step 1.Go to my preferences and...

4.9CVSS6.4AI score0.00569EPSS
Exploits1
Huntr
Huntr
added 2023/04/24 7:23 a.m.21 views

Stored XSS in the module named "Dashboard"

Description I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible. Proof of Concept link video PoC https://drive.google.com/file/d/19lzyLY20fn0WdgRxsIrIRSfkrq36j7s5/view?usp=sharing Steps 1.Login as administrator...

6.3AI score0.0044EPSS
Exploits1References1
Huntr
Huntr
added 2023/04/23 10:21 p.m.19 views

Stored XSS on items in Folder

Description first create two user accounts and grant them permission to access a same folder. In one of the accounts, generate a new item within the folder. Paste the payload XSS into this field, then save the item. Once saved, click on the item to activate an XSS alert. To confirm the success of...

4.9CVSS6.2AI score0.00612EPSS
Exploits1
Huntr
Huntr
added 2023/04/23 12:26 a.m.18 views

OS Command Injection via Type Confusion in Scan and Preview Parameters

Description Scanservjs has a RESTful API that provides endpoints for interacting with scanners using the SANE library. There are two APIs for scanning an image and generating a preview image that call out to Process.spawn, invoking a scanimage command as a subprocess of the server, and passing...

7.5CVSS8.7AI score0.40516EPSS
Exploits1
Huntr
Huntr
added 2023/04/22 6:37 p.m.22 views

Cross-site scripting (XSS) stored in href bypasses filter using data wrapper

Description The XSS Cross-Site Scripting vulnerability found in the Caliber-Web application allows an attacker to inject malicious JavaScript code into a href via a data wrapper, containing a base64-encoded payload. This vulnerability specifically occurs in a book's Tag editing functionality. By...

6.7AI score
Exploits0
Huntr
Huntr
added 2023/04/22 4:19 p.m.10 views

SMTP server credentials are returned

Description The vulnerability discovered in the Calibre-Web application is a security flaw in the management of email configurations that allows the SMTP server credentials to be viewed by an account with editing permission. This could allow a malicious user with access to the administrative...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/04/22 1:56 p.m.33 views

Uncaught exception in document parsing functions

Description The parseDocument and parseAllDocuments functions should never throw according to the documentation. However, when these functions are fed an invalid input with a lot ≥80 of carriage return characters \r, an exception is thrown, which originates in the prettifyError function. Proof of...

5CVSS6AI score0.01093EPSS
Exploits1
Huntr
Huntr
added 2023/04/22 4:43 a.m.6 views

Cross-site Scripting (XSS) - Stored

Description The stored XSS vulnerability found in the caliber-web application is a security flaw that allows an attacker to execute malicious code in a user's browser. The vulnerability affects the "/ajax/pathchooser/" endpoint and is present in the "path" parameter, which is sent via the GET...

6.4AI score
Exploits0
Huntr
Huntr
added 2023/04/21 12:14 a.m.17 views

Broken Rate Limiting

Description The request rate limiting feature on the login page can be bypassed. If we look at the code in src/Controller/Frontend/Account/LoginAction.php php $this-rateLimit-checkRequestRateLimit$request, 'login', 30, 5; We see that checkRequestRateLimit is invoked with a restriction of a maxmim...

7.5CVSS7.1AI score0.00787EPSS
Exploits1
Huntr
Huntr
added 2023/04/20 10:14 p.m.41 views

Session is not expiring after password reset

Description 1. Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization, in this case the session is not getting expired after the password change Steps to reproduce : 1. Open...

6.5CVSS7AI score0.00479EPSS
Exploits1
Huntr
Huntr
added 2023/04/20 6:40 p.m.23 views

LFI in Model Version REST API creation

Description By creating a model version through the REST API endpoint api/2.0/mlflow/registered-models/create and specifying a relative path redirection to the source argument, local server files can be accessed on the tracking server when a subsequent REST API v1.1 call is made to...

5CVSS7.2AI score0.04153EPSS
Exploits1
Huntr
Huntr
added 2023/04/20 12:52 p.m.10 views

Reflected XSS in Path Traversal detector

Description Azuracast has a feature that block all Path Traversal tentative good job implementing it. But when azuracast block an attack reflect the path without sanitize the output PathTraversalDetected.php. It is possibile to do attack like Reflected XSS or HTML injection. Step to reproduce 1. ...

6.4AI score
Exploits0
Huntr
Huntr
added 2023/04/20 11:0 a.m.25 views

Account TakeOver Due to Improper Handling of JWT Tokens

Description I have discovered a vulnerability where any user can modify another user's data including password simply by intercepting and changing the access token of the JWT using https://token.dev. The system does not verify whether the JWT token was issued by the server or not, allowing it to...

7.5CVSS7AI score0.00899EPSS
Exploits0References1
Huntr
Huntr
added 2023/04/20 8:2 a.m.18 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description There is a taint path can store payload into the database. visit http://127.0.0.1/corebos-master/index.php?action=PickList&module=PickList and click Add Item, the Add new entries here: can be tainted. Although there has a front limitation, but we can bypass it by modifying the request...

4.9CVSS7AI score0.00517EPSS
Exploits1
Huntr
Huntr
added 2023/04/20 7:2 a.m.16 views

Arbitrary Code Execution in Apache BRPC

Description BRPC is an Industrial-grade RPC framework using C++ Language, which is often used in high performance system such as Search, Storage, Machine learning, Advertisement, Recommendation etc. In server.cpp there are function call to wordexp, it used for expanding path from user input. Due ...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/04/19 9:22 p.m.11 views

CSRF Leading to reset Boxes

Description Hello everyone, During my testing on LimeSurvey's admin demo, it's found that the Boxes part of the application is vulnerable to CSRF affecting reset boxes functionality meaning that if an admin created some boxes an attacker could trick the admin to reset the boxes by following a lin...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/04/19 4:48 p.m.38 views

XSS in Seo & Settings tab of Documents in pimcore/pimcore

Description pimcore is vulnerable to XSS at Title field in SEO & Settings tab of Document. Proof of Concept 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In Documents, go to home - click on SEO & Settings icon to go to this tab. 3.In the SEO & Setting tab, input the payload " into the Titl...

4.9CVSS6.3AI score0.00479EPSS
Exploits1
Huntr
Huntr
added 2023/04/19 11:55 a.m.27 views

CSRF bypass

Description URL parsing with Qwik uses the new URLa, b constructor. A little-known fact about this constructor is that if an attacker controls a they have complete control of the finally resolved URL. For example: const url = new URLattackervalue, "http://localhost" By entering //test.com, we can...

4.3CVSS6.5AI score0.00269EPSS
Exploits1References1
Huntr
Huntr
added 2023/04/19 4:34 a.m.8 views

Unable to indicate negative amount in captial

Description Unable to indicate negative amount in captial Proof of Concept 1 Login application 2 Go to Capital Add Capital Fill in amount -999,999,999.00 3 The website indicate an negative amount...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/04/19 1:30 a.m.15 views

Improper Authorization lead a user can accept his answer as the best answer

Description Login as user A and make a question https://meta.answer.dev/questions/D1C7/how-to-set-my-laptop-auto-start-at-particular-time Login as User B and answer this As normal, User A can vote the answer of User B is best answer But with this vuln, User B can call the api POST...

3.5CVSS6.9AI score0.00462EPSS
Exploits1
Huntr
Huntr
added 2023/04/18 8:43 p.m.16 views

Stored XSS

Description The Name field in Edit Profile page is vulnerable to Stored XSS. 1. Navigate to https://demo.azuracast.com/ and login 2. Navigate to my account page 3. Click edit profile 4. Change the user name to the below payload 5. Every page of the application will now display an alert pop up on...

4.3CVSS5.3AI score0.00504EPSS
Exploits1
Huntr
Huntr
added 2023/04/18 2:37 p.m.316 views

CKeditor 4.20.2 in use which is vulnerable to CVE-2023-28439

Description CKeditor 4.20.2 in use which is vulnerable to CVE-2023-28439 Proof of Concept 1 Go to https://demo.limesurvey.org/tmp/assets/a89a2fb4/ckeditor.js and note that version:"4.20.2" 2 Go to https://github.com/LimeSurvey/LimeSurvey/blob/master/assets/packages/ckeditor/ckeditor.js to verify...

6.8AI score0.00725EPSS
Exploits0References1
Huntr
Huntr
added 2023/04/18 8:29 a.m.19 views

(Almost) Arbitary File Read on Development Server

Description I previously disclosed an arbitrary file read due to Vite misconfiguration. This is a similar vulnerability with less impact. Proof of Concept Start any nuxt app in dev. Browse to: + http://localhost:3000/\nuxtvitenode\/module/C:/Windows/System32/calc.exe +...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/04/17 1:2 p.m.8 views

Improper Error Handling at Rating function

Description Please enter a description of the vulnerability. Navigating rating function http://127.0.0.1:8083/ratings/stored/-1 Change this number to arbitrary characters http://192.168.14.180:8083/ratings/stored/-2 Error occurs allows user to know the path of application file within system...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/04/17 10:55 a.m.17 views

IDOR make users can delete others' subscription

Proof of Concept 1 user1 create subscription1 2 user2 create subscription2 3 user2 delete subscription2 4 user2 use burpsuite hiajck the request 5 the request URL can be DELETE /inlong/manager/api/consume/delete/2 6 change the request :DELETE /inlong/manager/api/consume/delete/1 1 is the id of...

5CVSS7AI score0.01182EPSS
Exploits0
Huntr
Huntr
added 2023/04/17 9:16 a.m.15 views

IDOR make users can bind any cluster

Proof of Concept 1 admin create cluster1, cluster2, clusterTag1 and clusterTag2 2 admin add user1 as owner of cluster1,clusterTag1 3 user1 bind clusterTag1 to cluster1 4 user1 use burpsuite hiajck the request 5 the request content can be "clusterTag":"biaoqia4","bindClusters":1 6 change the reque...

5CVSS7AI score0.01182EPSS
Exploits0
Huntr
Huntr
added 2023/04/17 8:51 a.m.17 views

attackers can change the immutable name and type of cluster

Proof of Concept 1 admin creates a cluster 2 admin adds user1 as one owner 3 attack login as user1 4 user1 edit the the cluster 5 user1 finds that the name and type can not be changed. 6 user1 still edits the cluster and using the burpsuit to hijack the request 7 the request content can be like...

5CVSS6.9AI score0.01304EPSS
Exploits0
Huntr
Huntr
added 2023/04/17 8:43 a.m.16 views

attack can change the immutable name and type of nodes

1 admin create a node 2 add user1 as one owner 3 login as user1 4 user1 edit the the node 5 user1 finds that the name and type can not be changed. 6 user1 still edit the node and using the burpsuit to hijack the request 7 the request content can be like...

5CVSS6.8AI score0.01247EPSS
Exploits0
Huntr
Huntr
added 2023/04/15 2:1 p.m.19 views

ReDoS vulnerability in `strip` function

Description The reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. Proof of Concept import as emoji from "https://deno.land/x/[email protected]/mod.ts"; const input = '\x00' + '\t'.repeat154773 + '\t\x00'; const start = performance.now;...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2023/04/15 5:57 a.m.15 views

Account Owner Email Adrress Leakage Lead To Improper Access Control

Description hi team, when i try to create users for on https://public.tenant.kiwitcms.org/admin/auth/user//change/ i see that the users are not properly authenticated. i can create users with the same firstname,lastname, and email. normally, when we create the same users it should error with the...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/04/13 3:38 p.m.22 views

Stored XSS

Description Stored XSS attack is possible. Proof of Concept Step 1: Go to the login URL https://demo.easyappointments.org/index.php/user/login and login as an admin. Step 2: Click on Users tab and then click on Add button to create a new user with the following credentials. Credentials: First Nam...

4.3CVSS5.3AI score0.00503EPSS
Exploits1
Huntr
Huntr
added 2023/04/12 8:29 a.m.15 views

Insufficient Filtering Leads to Stored Cross Site Scripting at FAQ

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.9CVSS5.8AI score0.00552EPSS
Exploits0References1
Huntr
Huntr
added 2023/04/12 7:23 a.m.15 views

Able to change admin email and password without current password validation.

Description Able to change admin email and password without current password validation. Change the User%5Buid%5D for the User UID of the current admin user. for the example: uid of the current admin is 1. Then change the other info like User%5Bemail%5D,User%5Bpassword%5D and passwordrepeat for...

7AI score
Exploits0
Huntr
Huntr
added 2023/04/11 10:59 p.m.21 views

Path Traversal at Slack Image Endpoint

Summary Lightdash version \ Required. 1. Install the Lightdash server & database. \ 2. Connect Lightdash to a dbt project and add some metrics. 3. Create and share insights with your team. 4. Craft...

7.2AI score
Exploits0
Huntr
Huntr
added 2023/04/11 8:49 p.m.59 views

Email Address Manipulation Vulnerability

Description During testing of phpmyfaq, it was discovered that the application does not properly validate email addresses when updating user profiles. This vulnerability allows an attacker to manipulate their email address and change it to another email address that is already registered in the...

7.5CVSS8.9AI score0.00533EPSS
Exploits0
Huntr
Huntr
added 2023/04/10 4:20 p.m.29 views

An outdated dependency leads to to remote command execution vulnerability

Description A few days ago, the vm2 module of nodejs found a sandbox escape vulnerability, which was officially fixed in v3.9.15 However, a fixed vm2 version is hard-coded in the package.jsonv 3.9.11 of the jsreport-core component of jsreport, which makes it impossible to install the latest vm2...

7.5CVSS7AI score0.63186EPSS
Exploits2References1
Huntr
Huntr
added 2023/04/10 1:11 p.m.31 views

Github token with wide access to Nuxt related repositories leaked in the wild

Description If you visit https://nuxt.com, you will find hardcoded Github token in the source code of the page - ghpYXegsf40mjoFZMPSdntLbrGIBRZYKf0i2FoK. This token has access to multiple repositories under nuxt , nuxtlabs and nuxt-themes Github organisations. https://github.com/nuxt Admin...

7.5CVSS9.2AI score0.0074EPSS
Exploits0
Huntr
Huntr
added 2023/04/10 10:21 a.m.20 views

Stored Cross Site Scripting at FAQ Answer

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.9CVSS5.8AI score0.00541EPSS
Exploits1References1
Huntr
Huntr
added 2023/04/09 9:9 p.m.14 views

SQL injection in SegmentAssignmentController.php

Description An administrator user can use the inheritableSegments feature to execute his own blind SQL queries. Proof of Concept The vulnerable php code is in src/Controller/Admin/SegmentAssignmentController.php, on method inheritableSegments: The parameter type is not escaped and is added on the...

5.8CVSS7.9AI score0.00935EPSS
Exploits1
Huntr
Huntr
added 2023/04/06 3:26 p.m.24 views

Stored XSS via Markdown Comment

Description Register one account on blog, if account was actived, it can be comment. \ We can commment with markdown.\ When another user clicks on the comment there may be an XSS alert. I git clone project and build with docker. Latest commit is: 07a1ded08eb4e0c6979f6aeebc35f3864ba250a7\ \ Proof ...

4.9CVSS6.2AI score0.00409EPSS
Exploits1References2
Huntr
Huntr
added 2023/04/06 8:31 a.m.20 views

Cross site scripting vulnerability in throsten /phpmyfaq

Description Cross site scripting vulnerability in throsten /phpmyfaq in tag field at admin dashboard. Proof of Concept 1 . Login to the demo admin account. https://roy.demo.phpmyfaq.de/admin/ 2 . Go to admin dashboard -- Contents -- Add new FaQ --Faq meta data 3 . Add payload in tag field payload...

4.3CVSS6.6AI score0.00473EPSS
Exploits1
Huntr
Huntr
added 2023/04/05 5:45 p.m.20 views

Broken Access Control On Item via ID

Description By editing the ID on the request or HTML I can see some information of any item via ID Proof of Concept 1. Create two account with perrmission on two folder and set permission for each user. \ 2. Create item with each user \ 3. View detail a item and change itemid on request view...

4CVSS6.5AI score0.00381EPSS
Exploits1
Huntr
Huntr
added 2023/04/05 4:13 p.m.17 views

Stored XSS on function item with folder

Description Create two account and allow same folder. \ one account create a new item in folder. in description parameter select code view and paste payload XSS.\ Save and click on item will show a alert XSS. Other account login and view folder click on item and see a alert XSS Proof of Concept g...

4.9CVSS5.7AI score0.00363EPSS
Exploits1
Huntr
Huntr
added 2023/04/05 1:47 p.m.22 views

Stored cross site scripting vulnerability in thorsten/phpmyfaq

Description Stored cross site scripting vulnerability in "name" field in add question module. This allows attacker to stolen user cookies. Proof of Concept 1 . Login to the demo account https://roy.demo.phpmyfaq.de/ 2 . Login as demo user 3 . Click add question 4 . Add payload in "Your Name"...

4.9CVSS5.2AI score0.00559EPSS
Exploits0
Huntr
Huntr
added 2023/04/05 10:55 a.m.19 views

Attached files under salaries module can be harvested by unauthenticated users

Description File attachment under salaries module can be downloaded and viewed by anyone without authentication by just knowing the full path /assets/FileUploads/2022/staff2/ and the predictable filename contains date YYYY-MM-DD and a random 6 digit number which can be easily enumerated by...

5CVSS6.4AI score0.00613EPSS
Exploits0
Huntr
Huntr
added 2023/04/05 8:7 a.m.19 views

Browser back attack vulnerability

Description rosariosis has a vulnerability that allows user to return to a page containing personally identifiable information PII and sensitive information even after logging out of the application by using the browser's back button. This issue poses a significant risk to the confidentiality of...

4CVSS6.1AI score0.00538EPSS
Exploits0
Total number of security vulnerabilities4072