Lucene search
K

4072 matches found

Huntr
Huntr
added 2023/04/04 2:50 p.m.15 views

Broken Access Control in Vote/Friend Function

Description Unauthorized conduct by modifying, closing/re open a poll created by someone else. Delete friend of other account via id Proof of Concept Step 1: Use account 1 to create a poll\ \ account 2 not have perrmison edit/close/open on poll \ Step 2: Intercept request when account 1 edit,...

6.7AI score
Exploits0References1
Huntr
Huntr
added 2023/04/04 1:29 p.m.12 views

Stored XSS in Edit user member profile

Description When making changes to update information, there is a country parameter to insert the xss payload Step 1 : Update user Personal information Proof of Concept // PoC request: // payload: "alertString.fromCharCode88,83 POST /pbboard/index.php?page=usercp&control=1&info=1&start=1 HTTP/1.1...

6AI score
Exploits0
Huntr
Huntr
added 2023/04/03 12:35 p.m.19 views

Users who joined later can see the data of deleted users

Proof of Concept 1 admin create a user, named as user1 2 user1 login and create Inlong Group 3 admin delete user1 4 admin create aonther user, whose name is also user1 5 user1 login and can see the Inlong Group created by old user1...

4CVSS6.9AI score0.0111EPSS
Exploits0
Huntr
Huntr
added 2023/04/02 9:39 p.m.18 views

Reflected XSS on Sidekiq through multiples endpoints via GET parameter "period"

Description Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim's browser. Proof of Concept There must have been a metrics during the default value of the period parameter. You simply have to set the payloa...

6.8CVSS8.5AI score0.02742EPSS
Exploits1
Huntr
Huntr
added 2023/04/02 2:20 p.m.13 views

Unrestricted File Upload with Dangerous Type to XSS

Description In upload logo website not validate extension and content of file when upload logo. It can upload a svg contain XSS payload\ Allowed file extensions: not have svg Proof of Concept POST /projectsend/options.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x6...

6.2AI score
Exploits0
Huntr
Huntr
added 2023/04/02 10:56 a.m.20 views

Bypass check length at Add Folder feature lead to XSS in module=evvtgendoc

Description I found Stored XSS on https://demo.corebos.com/index.php?action=index&module=evvtgendoc after I was Add Folder Proof of Concept Step 1: Go to Documents function https://demo.corebos.com/index.php?action=index&module=Documents , click Add Folder. Step 2: Intercept request by Burpsuite...

4.9CVSS6.2AI score0.00471EPSS
Exploits1
Huntr
Huntr
added 2023/04/02 7:0 a.m.15 views

IDOR make one user can stop, start , delete, edit others' source

Proof of Concept 1 user1 create a source with id =1 2 user2 create a source with id =2 3 user1 delete the source with post DELETE /inlong/manager/api/source/delete/1?sourceType= HTTP/1.1 4 user1 repalce the 1 as 2, and find that he can sucess delete user2' source...

6.4CVSS6.9AI score0.01355EPSS
Exploits0
Huntr
Huntr
added 2023/04/02 5:36 a.m.22 views

IDOR make users can withdraw other's application

Proof of Concept 1 user1 submit a application with id = 8, user2 submit a application with id = 9 2 user1 withdraw the application , using burpsuite get the post, which can be like :POST /inlong/manager/api/workflow/cancel/8 HTTP/1.1 3 change 8 as 9 and we can find that user2's application is...

5CVSS6.9AI score0.01247EPSS
Exploits0
Huntr
Huntr
added 2023/04/02 5:19 a.m.17 views

Multiple Stored XSS via mail parameter

Description In PhpMyFaq, while submitting a question, the mail parameter is accepting unsanitized user input which leads to Stored XSS vulnerability, executing on Admin Panel /admin/?action=question. Proof of Concept 1. Go to https://roy.demo.phpmyfaq.de/index.php?action=ask&categoryid=0 1. Fill ...

4.3CVSS6.4AI score0.0046EPSS
Exploits1References1
Huntr
Huntr
added 2023/04/02 3:24 a.m.16 views

Insufficient Session Expiration

Description User session are still vaild when users is deleted or password is changed Proof of Concept 1 user1 login in browser1 2 admin delete user1 in browser2 3 user1 can still do anyting...

6.4CVSS7.1AI score0.01162EPSS
Exploits0
Huntr
Huntr
added 2023/04/02 3:9 a.m.20 views

Weak Password Implimentation

Description: We can change the password with just 1 character when we use change password function. Proof of Concept When you change password, just press any character and then submit. You will see "Your password has been changed"...

7.5CVSS7.1AI score0.01233EPSS
Exploits0
Huntr
Huntr
added 2023/03/31 5:0 p.m.17 views

CSRF leading to delete Client API in API clients management

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete API key via client/delete/id Proof of Concept history.pushState'', '', '/'; document.forms0.submit;...

4.3CVSS7.1AI score0.00276EPSS
Exploits1
Huntr
Huntr
added 2023/03/30 11:23 p.m.29 views

Reflected XSS in /library/custom_template/share_template.php

Description There exist a reflected XSS in /library/customtemplate/sharetemplate.php in the 'listid' parameter. Proof of Concept http://openemr.local/library/customtemplate/sharetemplate.php?listid=1;alert1;function%20xif1a=a:a:1 fix properly sanitize the listid parameter...

5.8CVSS6.3AI score0.96731EPSS
Exploits1
Huntr
Huntr
added 2023/03/30 11:18 p.m.22 views

Reflected XSS in interface/forms/eye_mag/js/eye_base.php

Description There exist a reflected XSS in /interface/forms/eyemag/js/eyebase.php in the 'providerID' parameter. Proof of Concept http://openemr.local/interface/forms/eyemag/js/eyebase.php?providerID=%3Cimg%20src=x%20onerror=alert1;%3E fix properly sanitize the providerID parameter...

5.8CVSS6.3AI score0.01472EPSS
Exploits1
Huntr
Huntr
added 2023/03/30 12:44 p.m.19 views

XSS in Translations

Description XSS Vulnerability found in Translationslanguage. Proof Of Concept: POC.png Steps To Reproduce : 1. Go to https://11.x-dev.pimcore.fun/admin/ and login. 2. In the left menu bar, go to Settings Admin Translation and click on Add button to add a new record. 3. Now click on translate. Add...

4.3CVSS6.3AI score0.00576EPSS
Exploits1
Huntr
Huntr
added 2023/03/30 11:19 a.m.20 views

Stored cross site scripting vulnerability in operator any getter in pimcore grid configuration

Description Stored cross site scripting vulnerability in operator any getter in pimcore grid configuration. Proof of Concept 1. Login to the demo account https://11.x-dev.pimcore.fun/admin/login 2. On left side menu go to document -- perspective -- cdp...

4.9CVSS5.3AI score0.00523EPSS
Exploits1
Huntr
Huntr
added 2023/03/30 11:18 a.m.22 views

Bypass Stored XSS in Catalog

Login in URL : https://demo.pimcore.fun/admin 2. Go to File - Perspectives - Catalog 3. Click in tab Properties - footer - Open 4. click any Find & Order - Edit 5. in tab Basic, inject payload to : Prameters, Anchor in tab Advanced, inject payload to: Class For more understanding please check...

4.9CVSS5.6AI score0.00479EPSS
Exploits1
Huntr
Huntr
added 2023/03/30 9:36 a.m.21 views

Stored cross site scripting vulnerability in Save grid option in pimcore dashboard

Description Stored cross site scripting vulnerability in Save grid option in pimcore dashboard. Proof of Concept 1. Login to the demo account https://11.x-dev.pimcore.fun/admin/login 2. On left side menu go to document -- perspective -- cdp https://11.x-dev.pimcore.fun/admin/?perspective=CDP 3. i...

4.9CVSS5.2AI score0.00479EPSS
Exploits1
Huntr
Huntr
added 2023/03/29 5:45 p.m.14 views

AWS credentials exposure

Description app.diagrams.net allow the insertion of PlantUML objects. This feature is using an old and misconfigured version of PlantUML 1.2022.6, therefore, it is possible to exploit dangerous functions such as %getenv to read environment variables in the machine where PlantUML is running. I was...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/03/29 4:49 p.m.21 views

Stored XSS on Multiple Edit Page

Description A stored XSS with alert on Editing page. \ I clone repo from master branch and build with docker. Footer show: Version: 1.3.4 Proof of Concept Request image Request raw: POST /api/saveedit HTTP/1.1 Host: 192.168.125.131 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:109.0...

4.9CVSS6.3AI score0.00346EPSS
Exploits1
Huntr
Huntr
added 2023/03/29 8:32 a.m.15 views

Improper Restriction of Rendered UI Layers or Frames

Description The osTicket uses an incorrect method to validate the src attribute of the iframe tag. Although it appears that osTicket restricts domains through a whitelist, attackers can easily bypass this restriction. Proof of Concept This iframe is going to render www.youtube.com.attacker's serv...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2023/03/29 8:24 a.m.15 views

XML External Entity (XXE) injection in sympy

Description Sympy is an open source platform that a computer algebra system written in pure Python . Sympy is vulnerable to an XML External Entity XXE injection in the applyxsl functionality of Sympy due to the usage of etree.XML. Proof of Concept // PoC.py from sympy.utilities.mathml import...

7.2AI score
Exploits0
Huntr
Huntr
added 2023/03/29 5:58 a.m.84 views

Information leakage in EXIF data of images

Description EXIF stands for Exchangeable Image File Format and the EXIF data contains information such as the camera model and make, shutter speed, aperture, focal length, ISO number, date, time and much more. It can also store GPS coordinates of the location where an image was shot. Proof of...

4.3CVSS6.3AI score0.00597EPSS
Exploits1
Huntr
Huntr
added 2023/03/29 1:55 a.m.25 views

Multiple XSS on update funtions with module select options and search form

Description XSS vulnerability occurs in forms have select and search Proof of Concept POST /bumsys/xhr/?module=peoples&page=updateCustomer HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:109.0 Gecko/20100101 Firefox/111.0 Accept: / Accept-Language:...

4.9CVSS7AI score0.0037EPSS
Exploits1
Huntr
Huntr
added 2023/03/28 7:14 p.m.18 views

Input validation and money transfer vulnerability with negative number

Description I transfer money from account1 to account2. According to the scenario, account 1 will be deducted, and account 2 will add money. But account1 was add, account was sub. If I use a negative number and its value exceeds the account balance, the money will still be added to the transfer...

6.8AI score
Exploits0References1
Huntr
Huntr
added 2023/03/28 4:0 p.m.24 views

Multiple XSS in Create/Update Funtion Version 1.4.3 and 1.5.0-dev.2

Description Stored XSS on create/update service, categories, settings. I was test on 1.4.3 demo site and 1.5.0-dev2 Proof of Concept Install\ I install from develope branch. When finish install footer display version v1.5.0-dev.2\ The time I run and commit below on image is the latest\ \ webUI\ ...

4.9CVSS5.3AI score0.00475EPSS
Exploits1
Huntr
Huntr
added 2023/03/28 3:4 p.m.21 views

Reflected XSS in LimeSurvey

Description There is a XSS in Lime Survey. The $GET'keyword' is not sanitized : echo $GET'keyword'; Proof of Concept We can read cookie contents :...

6AI score
Exploits0
Huntr
Huntr
added 2023/03/27 11:20 a.m.36 views

Local File Read Bypass in mlflow/mlflow

Description This is a bypass to the following submission which was assigned CVE-2023-1177. Proof of Concept Start the server or UI it works on both identically mlflow ui --host 127.0.0.1:5000 1. Create a Model named "AJAX-API". curl -i -s -k -X $'POST' -H $'Host: 127.0.0.1:5000' -H $'User-Agent:...

7.5CVSS6.9AI score0.69468EPSS
Exploits3References1
Huntr
Huntr
added 2023/03/27 7:16 a.m.13 views

IDORs with unpredictable IDs are valid vulnerabilities

1 create two workspace: workspace1 and workspace2, and their admin is admin1 and admin2 2 login as user1 and create project1. 4 Using burpsuit to hijack the reqeust, repalce workspace1's workspaceid as workspace2's workspaceid 5 we can find that project1 has a new proejct, even admin2 is not the...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/03/27 6:15 a.m.12 views

XSS in Conditions tab of Pricing Rules

Description While testing the pimcore application, I found that it is vulnerable to XSS vulnerability in Conditions tab of Pricing Rules, specifically at From and To fields of Date Range section. Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ then login. 2.On the left menu bar, go t...

6AI score0.00356EPSS
Exploits1
Huntr
Huntr
added 2023/03/27 3:58 a.m.36 views

arbitrary file read

Description An authenticated attacker can abuse import-server-files with a path traversal to download an arbitrary file from the server Collaborator: @ub3rsick Proof of Concept 1. 1- to trigger the request for SSRF: go to files - assets - select a folder - right click - add asset - import from...

4CVSS6.3AI score0.00666EPSS
Exploits1
Huntr
Huntr
added 2023/03/27 2:30 a.m.31 views

heap-buffer-overflow in vim_regsub_both

Description heap based buffer overflow in in vimregsubboth at regexp.c:2473 Vim Version git log commit 1a08a3e2a584889f19b84a27672134649b73da58 HEAD - master, tag: v9.0.1429, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S POCvimregsubboth -c :qa!...

4.4CVSS7.4AI score0.006EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/26 4:31 p.m.21 views

XSS in Classification Store of Data Objects module in Settings

Description pimcore is vulnerable to XSS at Name field in Classification Store of Data Objects module in Settings. The vulnerability exists in all 3 tabs: Group Collections, Group, Key Definitions. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left men...

4.9CVSS5.2AI score0.00378EPSS
Exploits1
Huntr
Huntr
added 2023/03/26 1:56 p.m.37 views

XSS in Upload file PDF in pimcore/pimcore

Description pimcore is vulnerable to XSS at Filedata field in Document Upload Payload Payload File: https://drive.google.com/file/d/1tDcOcuzyJrFnT7RH-VmVq6XwXC1yh-AF/view?usp=sharing URL URL: https://11.x-dev.pimcore.fun/admin/asset/add-asset?parentId=379&dir=&allowOverwrite=0 Proof of Concept St...

6.4AI score0.00342EPSS
Exploits1
Huntr
Huntr
added 2023/03/26 8:2 a.m.11 views

Stored HTML injection to XSS

Team, I hope you are all doing well. . I wanted to bring to your attention a potential vulnerability on the website https://wearenotloosers.kimai.cloud. . During my research, I discovered that the user name fields are vulnerable to a stored HTML injection attack. . Which is reflecting while...

7.1AI score
Exploits0
Huntr
Huntr
added 2023/03/26 6:18 a.m.14 views

XSS in Quantity Value of Data Objects module in Settings

Description pimcore is vulnerable to XSS at Abbreviation and Longname fields in Quantity Value of Data Objects module in Settings. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left menu bar, go to Settings - Data Objects - Quantity Value. 3.In the...

4.9CVSS5.7AI score0.00403EPSS
Exploits1
Huntr
Huntr
added 2023/03/26 5:52 a.m.16 views

XSS in Classes of Data Objects module in Settings

Description pimcore is vulnerable to XSS at fromDate and toDate fields in Classes of Data Objects module in Settings. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left menu bar, go to Settings - Data Objects - Classes and click on any class. 3.In the...

4.9CVSS5.7AI score0.00403EPSS
Exploits1
Huntr
Huntr
added 2023/03/24 8:20 p.m.26 views

Html Injection to Open redirect

Description Step to reproduce. 1. https://demo.easyappointments.org/index.php/backend/index open this and click on create meet. 2. On first name add Open redirect payload save it. click me...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/03/24 7:29 p.m.20 views

Cross site scripting on contact module

Step to reproduce 1. Open into https://demo.corebos.com and navigate to settings Users. 2. Add XSS payload into Entity Name. 3. Now navigate to contact Create contact Add contact and click on more information click add opportunity. 4. On Assign to drop menu select XSS payload and save. XSS Payloa...

4.9CVSS6.1AI score0.00506EPSS
Exploits1
Huntr
Huntr
added 2023/03/24 5:5 p.m.20 views

Improper Access Control which allows one provider to view and edit others provider appointment's details

Description Login using one provider's credential. After login successfully, notice there is POST request to /index.php/backendapi/ajaxgetcalendarappointments which allows the provider to view their own appointments information. However, by changing the recordid parameter to any number start from...

5.5CVSS5.6AI score0.00447EPSS
Exploits1
Huntr
Huntr
added 2023/03/24 8:58 a.m.22 views

Dom-based XSS in Website Settings module in Settings

Description pimcore is vulnerable to Dom-based XSS at Name field in Website Settings module in Settings. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left menu bar, go to Settings - Website Settings and input any text into Key field and choose a Type,...

4.9CVSS5.2AI score0.00419EPSS
Exploits1
Huntr
Huntr
added 2023/03/24 4:23 a.m.28 views

XSS to RCE found in Trilium

Vulnerability Type Remote Code Execution RCE Authentication Required? No Affected Location - Search Notes Search Ancestor Output - Jump to Note Search Note Output - New Tab Search Notes Output Issue Summary The application contains a vulnerability where HTML characters within the title name of...

6.2AI score
Exploits0References1
Huntr
Huntr
added 2023/03/23 9:49 p.m.29 views

Null pointer dereference in get_register at register.c:311

--- Description Null pointer dereference in getregister at register.c:311. ycurrent variable is 0 because of name variable. Version $ git log commit 3ea62381c527395ae701715335776f427d22eb7b HEAD - master, tag: v9.0.1425, origin/master, origin/HEAD Author: Amaan Qureshi Date: Thu Mar 23 15:45:46...

1.9CVSS6.9AI score0.00473EPSS
Exploits1
Huntr
Huntr
added 2023/03/23 10:39 a.m.13 views

ProjectID is disclosed and can be used for IDOR attack

I find that we click "Settings" button, we can see all the project, even the login user does not belong to the project. Using burpsuit to hijack the reqeust, we can obtain project ids. We can use projectid to perform IDOR attack. 1 create two projects: project1 and project2, and their admin is...

2.8CVSS6.8AI score0.0067EPSS
Exploits1
Huntr
Huntr
added 2023/03/23 7:44 a.m.28 views

sql injection

Description multiple sql injections due to unsanitized concatenating strings into where clause Collaborator: @ub3rsick Proof of Concept - assets controller 1- to trigger the request for sqli: go to files - assets - select a folder - right click - download as zip 2- replay the request to...

6.5CVSS8.7AI score0.0091EPSS
Exploits1
Huntr
Huntr
added 2023/03/23 7:22 a.m.22 views

Zero-Click Remote Code Execution

Vulnerability Type Remote Code Execution Affected URL http://127.0.0.1/?anyparameter= Affected Parameter Arbitrary GET parameter Authentication Required? No Issue Summary Multiple vulnerabilities discovered in Appium-Desktop that can be chained together to achieve Zero Click Remote Code Execution...

7.5CVSS7.3AI score0.22014EPSS
Exploits2
Huntr
Huntr
added 2023/03/23 12:5 a.m.6 views

Stored XSS in front/dashboard_helpdesk.php

Description Under the super-admin view, when adding a card to a dashboard, some more parameters are sent when the POST request is made. Those parameters later constitute an HTML div section in the response body. It is possible to modify the request, inject one of those parameters value which will...

6.1AI score
Exploits0References1
Huntr
Huntr
added 2023/03/22 9:21 p.m.19 views

Embeding untrusted input inside CSV files leads to Formula Injection/CSV Injection

Description The pimcore application is vulnerable to Formula Injection/CSV Injection via the Firstname, Lastname, Street, Zip & City input fields. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via a crafted excel file. Proof of Concepta 1.Go to...

4.4CVSS7.6AI score0.01679EPSS
Exploits4References2
Huntr
Huntr
added 2023/03/22 6:58 p.m.23 views

Cross site scripting on the login page

Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. URL...

5.8CVSS6AI score0.0109EPSS
Exploits1
Huntr
Huntr
added 2023/03/22 6:47 p.m.30 views

Annotation tool: token forgery using jwt secret to claim super admin role

Although the annotator tool's source code is not directly provided in the repository a docker image is provided. From there it is easy to get access to the source code by either extracting the docker tar image, which can be exported from docker itself, or connecting to the container with an...

7.5CVSS8.8AI score0.00843EPSS
Exploits1
Total number of security vulnerabilities4072