Lucene search
K

4072 matches found

Huntr
Huntr
added 2023/03/22 6:12 p.m.32 views

Unhandled SWF Tags in MP4Box: Potential Vulnerability in GPAC

An unhandled series of SWF tags have been identified in the MP4Box software, which is part of the GPAC multimedia framework. These tags are not properly processed, leading to potential vulnerabilities such as denial of service, buffer overflows, or other malicious attacks. POC: ./MP4Box -dash 100...

4.3CVSS7.8AI score0.00318EPSS
Exploits0
Huntr
Huntr
added 2023/03/22 7:33 a.m.35 views

IDOR Vulnerability Allow the owner of one Organization can create, edit, delete apikeys that belong to other organization

1 first, we create two organizations: org1 and org2. The owner of them is user1 and user2 corresponding. 2 we login as user1 and create a new API keys 3 using the burpsuit to hack hijack the post. 4 The post and can be like:...

6.5CVSS6.3AI score0.00859EPSS
Exploits1
Huntr
Huntr
added 2023/03/22 6:44 a.m.7 views

IDOR Vulnerability Allow the owner of one Organization can edit, delete and resetpassword users that belong to other organization

1 first, we create two organizations: org1 and org2. The owner of them is user1 and user2 corresponding. 2 we login as user1 and reset itsself password. 3 using the burpsuit to hack hijack the post. 4 The post and can be like: PUT...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/03/22 6:20 a.m.7 views

IDOR Vulnerability Allow the owner of one Organization can disable users that belong to other oggainzation

1 first, we create two organizations: org1 and org2. The owner of them is user1 and user2 corresponding. 2 we login as user1 and click disable , then we use burpsuit to get the post. 3 The post can be like : POST /admin/api/users/2/enable/false HTTP/1.1 5 we replace user id 2 to 3. 6 check the...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/03/22 12:12 a.m.26 views

Heap Use-After-Free in GPAC MP4Box's ogg_stream_clear Function When Processing OGG Files

A heap use-after-free vulnerability has been discovered in GPAC MP4Box's oggstreamclear function when processing OGG files. The vulnerability occurs due to improper handling of memory allocations and deallocations while processing OGG files. This leads to the use of previously freed memory, causi...

4.4CVSS7.4AI score0.00509EPSS
Exploits1
Huntr
Huntr
added 2023/03/21 5:24 p.m.27 views

SIGSEGV at libr/bin/p/bin_coff.c:509 in patch_relocs()

Description radare2 5.8.2 misparses symbol information in COFF files, causing a segmentation fault in patchrelocs at libr/bin/p/bincoff.c:509 Proof of Concept input.bin 00000000: 6603 e846 4058 6458 4036 5858 5858 5868 f..F@XdX@6XXXXXh 00000010: 5858 7063 5858 5840 0038 00de 57ff ffff...

5CVSS7.2AI score0.00991EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/21 4:27 p.m.15 views

Stored XSS via name parameter of "Predefined Properties"

Description It's observed that the name parameter of the "Predefined Properties" functionality is vulnerable to stored XSS. Proof of Concept 1.Login to https://demo.pimcore.fun/admin/. 2.Now go to Settings - Predefined Properties - Add and Enter the payload: " inside the name input field. 3.Then...

4.9CVSS6.2AI score0.00497EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/21 1:20 p.m.14 views

IDOR Vulnerability Allow the owner of one Organization can update anyother organization

1 first, we create two organizations: org1 and org2. The owner of them is user1 and user2 corresponding. 2 we login as user1 and update the org1, then we use burpsuit to get the post. 3 The first post will check user and we forward it. 4 The second post will edit content of organization and can b...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/03/21 7:55 a.m.22 views

Password reset link not expired

Hi team, I hope you are well today. This is the step: Reset your password with this link https://meta.answer.dev/users/account-recovery I have recognized that links can use many times. Beside https://meta.answer.dev/users/account-activation?code=... active account have the same vulnerability. Ok...

6.8CVSS8.6AI score0.00607EPSS
Exploits1
Huntr
Huntr
added 2023/03/21 3:25 a.m.20 views

Unauthenticated Access to Users PII

Description A Unauthorized/Unauthenticated Attacker can access PII data of all the Users. Some of the PII leaked are: first name, last name, email, username, IP address, twofactorsecret, twofactorrecoverycodes Proof of Concept http://localhost/api/user It shows you details of all the users...

4CVSS6.4AI score0.00504EPSS
Exploits0
Huntr
Huntr
added 2023/03/20 9:36 p.m.21 views

Stored XSS in name parameter of "Customers Reports"

Description The name parameter of the "Static Routes" functionality is vulnerable to stored XSS. Proof of Concept 1.Login to https://demo.pimcore.fun/admin/. 2.Now go to Marketing - Customers Reports - Add and Enter the name of the new item a-zA-Z-. 3.Then capture the request on the burp suite an...

4.9CVSS6.8AI score0.00497EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/20 6:21 p.m.18 views

Stored XSS in name parameter of "Static Routes"

Description During testing, I observed that the name parameter of the "Static Routes" functionality is vulnerable to stored XSS. Proof of Concept 1.Login to https://demo.pimcore.fun/admin/. 2.Now go to Settings - Static Routes - Add and Enter the payload: " inside the name input field. 3.Then cli...

4.9CVSS6.2AI score0.00497EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/20 4:16 p.m.16 views

Multiple Stored XSS in name parameter of "Pricing Rules", "Predefined Properties", "Customers Reports" & "Static Routes"

Description The name parameter of the "Pricing Rules", "Predefined Properties", "Customers Reports" & "Static Routes" functionality is vulnerable to Stored XSS. Proof of Concept 1.Login to https://demo.pimcore.fun/admin/. 2.Now go to Online Shop - Pricing Rules - Add and Enter the name of the new...

4.9CVSS5.5AI score0.00508EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/20 9:36 a.m.9 views

REFLECTED XSS "Cross-site Scripting (XSS) "

Description Summary: I have found Reflected XSS at https://www.vim.org/login.php?referrer= Go To : https://www.vim.org/login.php?referrer=%22%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E payload xss : " Proof of Concept // PoC.js var payload =...

6.4AI score
Exploits0
Huntr
Huntr
added 2023/03/19 11:18 a.m.20 views

Cross site scripting on setting module

Description pimcore is vulnerable to XSS in translate module. Proof of Concept Step to Reproduce. 1. Go to https://11.x-dev.pimcore.fun/admin/ and login. 2. In the left menu bar, go to Settings - Document Types and click on Add button to add a new record. 3. Now click on translate. Add XSS payloa...

4.9CVSS5.2AI score0.0042EPSS
Exploits1
Huntr
Huntr
added 2023/03/18 7:36 p.m.7 views

heap-buffer-overflow in vim_strrchr

Description heap based buffer overflow in vimstrrchr at strings.c:682 Vim Version git log commit ea83c194625e51c28a2796eba9ba87b0b9ab23e0 HEAD - master, tag: v9.0.1414, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S POCvimstrrchr -c :qa!...

7.4AI score
Exploits0References1
Huntr
Huntr
added 2023/03/18 3:27 p.m.26 views

Stored XSS in Properties Parameter

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.9CVSS4.9AI score0.00563EPSS
Exploits1
Huntr
Huntr
added 2023/03/17 7:34 p.m.28 views

Stored XSS in Admin Panel

Description The admin panel admin.php does not properly sanitize the text in the "Site Name" field, allowing a user with admin access to inject arbitrary HTML. This is in a similar vein to CVE-2022-4733 but still exists as of version 7.0.1-dev. Proof of Concept 1. Log in as a user with admin...

4.3CVSS6.8AI score0.90401EPSS
Exploits2
Huntr
Huntr
added 2023/03/17 2:32 p.m.16 views

strong Password Policy Bypass through removing a specific Parameter and setting the Passwort to 1

Hello, i was able to detect another password security issue. While changing the password the attacker can use the proxy and submit for example password as 1. Altough there is a passwort policy restriction but i managed to bypass that. Let me show you : The Password is now 2 lets change it to HACK...

7.5CVSS9AI score0.00619EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/16 8:16 a.m.21 views

Store XSS in create tag

Description Feature create tag permit attacker injection html tag and execute it. Proof of Concept 1. Add question 2. Create tag with payload in description: 3. Post your question 4. Go to link http:///tags//timeline and click created. Payload executed. POC...

4.9CVSS6.1AI score0.00518EPSS
Exploits1
Huntr
Huntr
added 2023/03/16 8:0 a.m.20 views

Broken Access Control on "http://localhost/api/user" endpoint

Description Able to create an Admin account from normal User account. Steps 1.Navigate to https://localhost/. 2.Then click on login and then register, fill the form and click Register. 3.Now login with a newly created user account with intercepting the traffics in burp. 4.Turn on the burp interce...

6.5CVSS8.4AI score0.00706EPSS
Exploits2References1
Huntr
Huntr
added 2023/03/15 10:18 p.m.23 views

2FA Bypass by Brute Force

Description Currently there are no restrictions on attempts to enter the correct 2FA code. In contrast to the first step of the authentication username + password the fields of lastloginfail and loginfailcount in the database aren't updated. An attacker can bypass the 2FA by simple brute force of...

7.5CVSS7.2AI score0.01119EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/15 3:37 p.m.28 views

Session Fixation Vulnerability

Description It was noticed that the easyappointments application is vulnerable to Session Fixation vulnerability. The application does not generate a new easession cookie after the user authenticate successfully into the application. A malicious user is able to create a new session cookie value a...

6.8CVSS8.5AI score0.00668EPSS
Exploits1
Huntr
Huntr
added 2023/03/13 3:58 p.m.15 views

Autenticated Stored Cross-Site Scripting (XSS)

Description Login to the admin account. Use the following URL http://192.168.0.211/admin.php?action=files or navigate to pages - manage files. Upload the XSS payload with “.html” extension. Intercept the request with Burp Suite. Modify the Content-Type to application/x-php and forward the request...

6.1AI score
Exploits0
Huntr
Huntr
added 2023/03/13 3:35 p.m.16 views

Authentication Remote Code Execution

Description Found authenticated Remote Code Execution RCE on pluck 4.7.15 While reading the source code found blacklisted extension are mentioned in the file data/inc/files.php at line 44 and 45. File upload function validating the file extension is match any one of the following extension .php,...

7.8AI score
Exploits0References1
Huntr
Huntr
added 2023/03/13 7:29 a.m.24 views

XSS in Predefined Asset Metadata module in Settings

Description While testing the pimcore application, I found that it is vulnerable to XSS vulnerability in Predefined Asset Metadata module in Settings, specifically at Name field. Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ then login. 2.Go to Settings - Predefined Asset Metadata...

4.9CVSS5.1AI score0.00439EPSS
Exploits1
Huntr
Huntr
added 2023/03/13 7:16 a.m.27 views

Reflected XSS in Predefined Properties module in Settings

Description During testing the pimcore application, I found that it is vulnerable to XSS vulnerability in Predefined Properties module in Settings, specifically at Name field. Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ then login. 2.Go to Settings - Predefined Properties and add...

4.9CVSS5.1AI score0.00439EPSS
Exploits1
Huntr
Huntr
added 2023/03/13 1:52 a.m.14 views

Cross Site Scripting (XSS) in Assets

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.3CVSS5.9AI score0.00556EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/13 12:58 a.m.25 views

Access Control Vulnerability in Prescription Controller

Description An Access Control Vulnerability allows a low level user in the web application to view, create, and edit prescriptions for all users. Proof of Concept Step 1. Login to the openemr web application as a low level user Ex: Receptionist in openemr demo \ Step 2. Travel to a page that will...

5.5CVSS6.7AI score0.00489EPSS
Exploits1
Huntr
Huntr
added 2023/03/12 1:15 p.m.23 views

XSS @ records

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Code 1: $recordLang = Filter::filterInputINPUTPOST, 'lang', FILTERUNSAFERAW; $tags =...

4.3CVSS5.4AI score0.00473EPSS
Exploits1
Huntr
Huntr
added 2023/03/12 6:36 a.m.8 views

CSV Injection in CSV files generated by the backend

1 login in https://demo.limesurvey.org/index.php 2 the demo admin create a user with name "=1+cmd|'/C calc'!A0". 4 other users login and download all the users' data as csv. 5 other users open the csv file with execl in windows, notice that choose ";" as separator as. 6 we can see that the...

6.5AI score
Exploits0
Huntr
Huntr
added 2023/03/11 8:23 p.m.23 views

Instropection query is enabled on demo.pimcore.fun

Description Introspection is enabled on the demo.pimcore.fun. demo site has graphql feature for users but via that graphql endpoint attacker can run the instropection queries. which makes the vulnerable. Proof of Concept Just visit the link...

6.4CVSS6.9AI score0.00783EPSS
Exploits1
Huntr
Huntr
added 2023/03/11 10:31 a.m.27 views

XSS in Document Types module in Settings

Description pimcore is vulnerable to XSS at Name field in Document Types module in Settings. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left menu bar, go to Settings - Document Types and click on Add button to add a new record. 3.Edit the New Docume...

4.9CVSS5.2AI score0.00403EPSS
Exploits1
Huntr
Huntr
added 2023/03/10 8:50 p.m.28 views

EXIF Geolocation Data Not Stripped From brand logo

When the user uploads his logo, the uploaded image’s EXIF Geo-location Data does not get stripped. As a result, anyone can get sensitive information like user's Device ID, Geo Location, System Information, System version, ETC. Step to reproduce: 1. Upload logo with EXIF DATA, or download from her...

4.3CVSS6.2AI score0.00586EPSS
Exploits1
Huntr
Huntr
added 2023/03/10 6:30 p.m.23 views

cross site scripting

Pimcore is vulnerable to Cross site scripting vulnerability in classes module...

4.9CVSS5.3AI score0.00457EPSS
Exploits1
Huntr
Huntr
added 2023/03/10 5:12 p.m.24 views

HTML Injection on Settings/Template

Description Found HTML Injection on Template module on Settings. Proof of Concept 1. Login as Administrator and go to Settings. 2. On under Website Settings, go to Template. 3. Specifically, to this URL - https://demo.microweber.org/demo/admin/view:content/action:settings?group=template 4. Then...

4.3CVSS5.8AI score0.00484EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/10 4:59 p.m.10 views

XSS Stored in Caption Image

Description Hello team, I found an xss stored in the caption field as demonstrated in the gif below. Proof of Concept...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/03/10 8:42 a.m.29 views

stored XSS Protection bypass by changing the User Profile Name

Hello, I was able to bypass the XSS Vulnerability i reported before by using this Payload. Lets try first a normal XSS Payload which will not work for example - alert'1' - NOT WOKRING : lets try the bypass payload 1'" XSS Payload fired and its stored - let me show you stored XSS : - it is a store...

4.9CVSS5.2AI score0.00476EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/10 8:17 a.m.25 views

weak Password Policy while creating a new User with the Admin Account

Hello, I was able to detect weak Password Policy while allowing an administrator to create a new account. Lets create an account, set the Password to 1 and login with it. As you can see its number 1. When i click set it will not accept We need to specify that the user will change his password aft...

7.5CVSS9AI score0.00724EPSS
Exploits1References2
Huntr
Huntr
added 2023/03/09 2:36 p.m.11 views

Cross Site Scripting (XSS) in UrlSlug

Description Please enter a description of the vulnerability. Cross Site Scripting XSS in UrlSlug of pimcore/pimcore Its Different than https://huntr.dev/bounties/75bc7d07-46a7-4ed9-a405-af4fc47fb422/ Proof of Concept 1. Login in stable account URL : https://11.x-dev.pimcore.fun/admin/ 2. Go to...

6.2AI score
Exploits0References2
Huntr
Huntr
added 2023/03/09 10:28 a.m.10 views

XSS Stored in perspective name

Description Hello team, I found an xss stored when adding a perspective name as shown in the gif below Proof of Concept...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/03/09 8:52 a.m.25 views

File Upload Bypass Leads to Remote Code Execution (RCE)

Description There is no extension checks during file upload. Attacker may upload file to execute malicious code in the server. Proof of Concept Step 1: Create a file with the content below and save it as evil.php " Step 2: Login to the Cockpit web server Step 3: Go to assets Step 4: Upload Assets...

6.5CVSS8.7AI score0.00987EPSS
Exploits1
Huntr
Huntr
added 2023/03/08 9:15 p.m.17 views

XSS @ group

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Code: if $groupAction == 'addsave' && $user-perm-hasPermission$user-getUserId, 'addgroup' $user =...

5.8CVSS5.2AI score0.00601EPSS
Exploits1
Huntr
Huntr
added 2023/03/08 8:37 p.m.30 views

XSS @ Stop Words

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Code 1: $ajaxAction = Filter::filterInputINPUTGET, 'ajaxaction', FILTERUNSAFERAW; $instanceId =...

5.8CVSS6.2AI score0.00447EPSS
Exploits0
Huntr
Huntr
added 2023/03/08 8:19 p.m.22 views

Stored XSS @ updatecategory

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Code That has a Vulnerability: // Updates an existing category if $action === 'updatecategory' &&...

4.9CVSS5.5AI score0.00475EPSS
Exploits1
Huntr
Huntr
added 2023/03/08 4:55 p.m.18 views

XSS in Schedule tab of Documents

Description pimcore is vulnerable to XSS at Time field in Schedule tab of Document. Payload " Proof of Concept 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In Documents, go to home - click on Schedule icon to go to this tab. 3.In the Schedule tab, input the payload " into the Time field a...

4.3CVSS5.1AI score0.00402EPSS
Exploits1
Huntr
Huntr
added 2023/03/08 4:18 p.m.10 views

Path Traversal in code

Description The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. Proof of Concept Code that has the...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/03/08 4:3 p.m.21 views

Stored HTML Injection via Company Name

Description easyappointments present an html injection vulnerability on the company name field on "/index.php/backend/settings" page. Steps: 1. login as admin 2. go to /index.php/backend/settings Page 3. insert the payload in Company Name field 4. go back to the home page and see the result. Proo...

4.7CVSS5.2AI score0.00431EPSS
Exploits1
Huntr
Huntr
added 2023/03/08 10:34 a.m.15 views

Multiple XSS @ answer/question/tag

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Posting the Question: func req QuestionAdd Check errFields validator.FormErrorField, err error...

4.9CVSS5.5AI score0.00536EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/08 5:7 a.m.16 views

Several CSRFs in Reset Area and Delete Entry Action

Description I find wallabag suffering several Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete the victim user's annotations, entries and tags by the GET request to /reset/annotations, /reset/entries, /reset/tags, /reset/archived, as well as /delete/Entry ID, in which...

3.5CVSS6.8AI score0.00234EPSS
Exploits1
Total number of security vulnerabilities4072