Lucene search
K

4072 matches found

Huntr
Huntr
added 2023/02/21 7:2 a.m.32 views

segmentation fault in regexp.c:1788

Description SIGSEGV raised on regtilde function at regexp.c. As the function processes the tainted string inside the poc file, constant calls to the alloc function with ever-increasing size actually exhausts memory and the process terminates. At last negative size value is assigned. Version $ git...

4.4CVSS6.8AI score0.00485EPSS
Exploits1
Huntr
Huntr
added 2023/02/21 2:44 a.m.16 views

Bootstrap-switch 3.3.2 in use which is vulnerable to XSS

Description Bootstrap-switch 3.3.2 in use which is vulnerable to XSS Proof of Concept 1 Go to https://demo.limesurvey.org/tmp/assets/12fba870/js/bootstrap-switch.min.js and note that Bootstrap-switch is using 3.3.2 2 Check...

1.4AI score
Exploits0
Huntr
Huntr
added 2023/02/20 10:32 p.m.14 views

XSS on external links bypass filters

Description I recently found a bypass for external links that allows an attacker to inject javascript into external links Proof of Concept As an admin user Go to /front/link.form.php?id=1 Using a special character before the javascript:alert1 this bypasses the filters and the protocol still works...

6.7AI score
Exploits0References1
Huntr
Huntr
added 2023/02/20 7:34 p.m.16 views

Stored HTML Injection inside the >>> Request payment >>> Request Customer Data Checkout >>> Request shipping address

Team, I hope you are all doing well. . I wanted to bring to your attention a potential vulnerability on the website https://mainnet.demo.btcpayserver.org/stores/6YSiuoN6q1yF2ucWZvWojBuVJAJzXxFFUn9cw8iNPPMC/payment-requests/edit/ec575d56-6b8e-41bd-8b9a-bdcda9c5daad. . During my research, I...

4.9CVSS6AI score0.00549EPSS
Exploits1
Huntr
Huntr
added 2023/02/20 3:45 p.m.8 views

XSS in Library Description and Synopsis

Description The 'description' and 'synopsis' fields of libraries are vulnerable to stored XSS injection. If a user sets the synopsis or description of a library to ''"' they can set a stored XSS payload that fires whenever someone visits the /libraries page. Normally libraries are only editable b...

1AI score
Exploits0
Huntr
Huntr
added 2023/02/20 10:17 a.m.9 views

Stored XSS in "Import" Module

Description When loading a CSV or XLSX file to preview before importing Step 4, no sanitization of the first line label, allows authenticated attacker to inject malicious XSS payload into the to import file, and store it on the target webserver. If any admin reuse the malicious uploaded importing...

6.2AI score
Exploits0
Huntr
Huntr
added 2023/02/20 8:50 a.m.810 views

Jquery UI 1.13.1 in use which is vulnerable to CVE-2022-31160

Description Jquery UI 1.13.1 in use which is vulnerable to CVE-2022-31160 Proof of Concept 1 Go to https://demo.limesurvey.org/tmp/assets/15bf41ab/jquery-ui.min.js and note that jquery-ui 1.13.1 is in use. 2 Check...

6.4AI score0.01933EPSS
Exploits1
Huntr
Huntr
added 2023/02/20 8:21 a.m.15 views

Race Condition Vulnerability can Leads to Up Vote Stealing

Description I tested in the live production site https://meta.answer.dev/. There are up vote / down vote functions in answerdev. An attacker can increase or decrease votes by using race condition vulnerability. Proof of Concept 1. Go to an question and press up vote or down vote. 2. PoC will show...

2.6CVSS6.8AI score0.00405EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/20 2:52 a.m.435 views

Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203

Description Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203 Proof of Concept 1 Go to https://localhost/Cockpit/modules/App/assets/vendor/lodash.js?ver=2.3.9-1676855050 and note that lodash version is 4.17.15 2 Go to https://localhost/Cockpit/ 3 Open Web Devloper tools Ctrl+Shift+I usin...

1.7CVSS6.6AI score0.05213EPSS
Exploits2References1
Huntr
Huntr
added 2023/02/19 8:39 p.m.18 views

SQL Injection at /front/report.dynamic.php

Description A SQL Injection vulnerability allow to guest user with reports view like "Technician" to extract all data from database and some cases write a webshell on the server. This vulnerability occurs because an insecure concatenation is taking place on this function:...

7.6AI score
Exploits0References1
Huntr
Huntr
added 2023/02/19 8:38 p.m.24 views

division zero

Description division by zero in fuction scrolldown at move.c:1739 version git log commit ea62cee85e9e77ec86edd9843926dadb69978753 HEAD - master, tag: v9.0.1327, origin/master, origin/HEAD Author: Bram Moolenaar Date: Sun Feb 19 18:36:41 2023 +0000 patch 9.0.1327: cursor in wrong position below li...

4.4CVSS7.6AI score0.00455EPSS
Exploits1
Huntr
Huntr
added 2023/02/19 6:27 p.m.23 views

Lack of brute force protection

Issue Description • A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until an attacker discover the one correct combination that works. Steps to Reproduce: '1. First capture login request with BurpSuite,...

7AI score0.00591EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/19 1:5 p.m.39 views

Authentication Bypass for users with MD5 password hash

Setup - OS: Ubuntu 22.04.2 LTS - Froxlor: 2.0.12 - PHP: 8.1.2 Description Froxlor still supports logins for passwords that are stored as MD5 hash in the database. The hash comparison is done with "==" instead of "===" which causes a type confusion vulnerability in PHP. For some MD5 hashes it is...

7.5CVSS9AI score0.01073EPSS
Exploits1References4
Huntr
Huntr
added 2023/02/19 10:33 a.m.21 views

Insufficient Session Expiration

Description Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. When handling sessions, web developers can rely either on server tokens or generate session identifiers within the application. Each session should...

7.5CVSS8.9AI score0.00438EPSS
Exploits0References1
Huntr
Huntr
added 2023/02/18 4:28 a.m.14 views

XSS in /admin/domains when filtering a specific tag

Description Reflected XSS happens when filtering a specific tag in the Domains page and changing the "domfilter" URL query parameter to the malicious string. Proof of Concept 1 - Login as a domain admin 2 - Go to the Domains page 3 - Click on one of the existing tags 4 - Change the domfilter quer...

4.3CVSS5.1AI score0.00494EPSS
Exploits1
Huntr
Huntr
added 2023/02/17 6:31 p.m.20 views

Broken Access Control

Vulnerability Broken Access Control Issue Description: • Access control is the way how a web application grants access to content and functions to some users and not others. • These checks are performed after authentication and govern what ‘authorized’ users are allowed to do. • Jeffrey discovere...

5CVSS7.5AI score0.01035EPSS
Exploits1
Huntr
Huntr
added 2023/02/17 1:51 a.m.27 views

Reflected XSS in send2friend.php

Description There is a reflected XSS in send2friend because the 'artlang' parameter is not sanitized. Proof of Concept visit http://phpmyfaq.local/?action=send2friend&artlang=aaaa"%3E%3Cscript%3Ealert1;%3C/script%3E Fix sanitize the '$faqLanguage' variable in...

5.8CVSS5.8AI score0.01644EPSS
Exploits1
Huntr
Huntr
added 2023/02/16 8:42 p.m.8 views

stored xss

Description stored xss bug SUMMURY here i uses demo installation https://demo.limesurvey.org/ in firefox browser Proof of Concept login into any user account who has permission to view the survey and visit url...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/02/16 8:14 p.m.7 views

reflected xss

Description reflected xss SUMMURY here i uses demo instalation https://demo.limesurvey.org/ in firefox browser Proof of Concept login into user account and visit...

0.7AI score
Exploits0
Huntr
Huntr
added 2023/02/16 7:27 p.m.20 views

Stored XSS From Visitor to Acc Takeover

Description Using X-Forwarded-For Header Visitor can manipulate ip to trigger xss Proof of Concept 1.Visit any url and Add Header X-Forward-For: 127.0.0.1" 2.If admin check in dashboard xss will trigger Check This image...

4.9CVSS5.6AI score0.00493EPSS
Exploits1
Huntr
Huntr
added 2023/02/16 6:53 p.m.12 views

Stored Cross-Site Scripting in survey administrator name

Description The administrator name field in Survey settings has a Stored Cross-Site scripting vulnerability as it does not sanitize the user input administrator name. A user can enter the javascript payload "alertdocument.cookie in the Administrator name field and the XSS executes in the...

5.4AI score
Exploits0
Huntr
Huntr
added 2023/02/16 5:57 p.m.11 views

Folder in webmail mailbox is vulnerable to Cross-Site Scripting (Reflective)

Issue Description • Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause...

0.2AI score
Exploits0
Huntr
Huntr
added 2023/02/16 4:45 p.m.20 views

Cross-site Scripting (XSS) - Stored

Description 1. https://11.x-dev.pimcore.fun/admin/ 2. Go to Settings - Thumbnails - Video Thumbnails 3. Click the button Add Media Segment 4. Write : " and then click ok...

4.9CVSS5.6AI score0.00401EPSS
Exploits1
Huntr
Huntr
added 2023/02/16 1:37 a.m.56 views

Stored XSS in the adminlog functionality.

Description There is a stored XSS in the 'adminlog' functionality. E.g. the page http://phpmyfaq.local/admin/?action=adminlog shows failed login attempts. If a user with the username 'alert1;' tries to log in, it gets logged and displayed on the adminlog unsanitized. Proof of Concept 1. visit...

4.9CVSS5.1AI score0.00537EPSS
Exploits1
Huntr
Huntr
added 2023/02/15 11:7 p.m.16 views

HTML injection leads to Open Redirect

Description Hello, I have located an html injection in the symbol field: Steps : 1 - log in as administrator 2 - Go to Options 3 - Go to Currencies 4 - Insert the html code in the symbol field and by inserting the following payload i was able to redirect the user to a malicious site. CLICK ME Pro...

7.5CVSS9.2AI score0.00335EPSS
Exploits0
Huntr
Huntr
added 2023/02/15 12:4 p.m.23 views

heap-buffer-overflow in function adts_dmx_process filters/reframe_adts.c

Version MP4Box - GPAC version 2.3-DEV-rev44-gbe9f8d395-master c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration:...

4.4CVSS7.4AI score0.00453EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/15 8:25 a.m.20 views

Unauthorized Rest Api owned by Joomla(officially accepted)

Description Joomla has provided the Rest API since version 4.0. These apis need to provide authentication information when accessing, but if public is added to the request parameters when accessing the api. Then any unauthenticated user can directly access Proof of Concept Api can directly obtain...

7.3AI score
Exploits0References1
Huntr
Huntr
added 2023/02/15 12:10 a.m.20 views

User with only "edit" can delete post and somethimes can add post

Description If you create a user with edit-only user rights, they should not be able to perform delete or add actions. This is really an admin error, because users with edit permissions can delete posts, and in the case of FAQs, they can also add posts. Proof of Concept 1.Create new user with edi...

4CVSS5AI score0.00699EPSS
Exploits1
Huntr
Huntr
added 2023/02/14 9:58 p.m.25 views

Captcha Bypass allows sending unlimited Comments

Hello, I identified a CAPTCHA Bypass after trying many Posts in the Comments Section. Lets see : --------- sent successfully! let's see the comments Comments are available The Question Form is also vulnerable for Captcha Bypass please check it also too. Thank you...

7.5CVSS8.9AI score0.00875EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/14 7:53 p.m.18 views

XSS Stored in the email address

Description Hello, I have located an xss stored by performing the following step: 1 - Go to tools 2 - GDPR Data Extractor 3 - Insert the payload into the email address 4 - click in send emails Proof of Concept...

4.9CVSS5.5AI score0.00403EPSS
Exploits1
Huntr
Huntr
added 2023/02/14 7:33 p.m.19 views

stored HTML-Injection in the Comments Part

i was able to detect a stored HTML Injection by answering available questions. Lets see : ------------ AHMED HASSAN STORED HTML INJECTION 1 will now answer a question Comment sent lets see the stored HTML Injection As you can see the stored HTML Injection is working. Thanks for watching...

4.9CVSS5.8AI score0.00476EPSS
Exploits1References2
Huntr
Huntr
added 2023/02/14 6:6 p.m.29 views

Privilege escalation from user with "add user" to super admin

Description Before I created this submission, I read this report: https://huntr.dev/bounties/258cd498-7275-4b12-ac73-79c9ba3e58e4/. I was afraid that my submission would be a duplicate of that. After reading it carefully, I decided to make a report because my report is not exploiting the backup...

6.5CVSS8.3AI score0.00876EPSS
Exploits1
Huntr
Huntr
added 2023/02/14 2:28 p.m.16 views

stored XSS in the Category Field Name

Hello, After all XSS Mitigations, I detected a XSS Bypass Possibility in the Naming of the category. Let's see : ----------------- A stored XSS through this Payload Thank you for watching :...

4.9CVSS5.2AI score0.00476EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/14 2:9 p.m.21 views

stored XSS after XSS Filter Bypass through exporting an HTML-Document

Hello, After mitigation of all submitted XSS Vulnerabilities i was able to detect another XSS and bypass the XSS Filters in the FAQ Site while generating an HTML Export. Lets see : ------------------- This is th XSS Paylaod with XSS Ahmed 2 Only XSS Ahmed 2 will work ! Now lets export in in HTML5...

4.9CVSS5.2AI score0.00472EPSS
Exploits1References2
Huntr
Huntr
added 2023/02/14 12:42 p.m.32 views

Stored XSS in Email Blacklist Function

Description Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XS...

4.9CVSS4.9AI score0.0051EPSS
Exploits1
Huntr
Huntr
added 2023/02/14 4:41 a.m.30 views

heap-use-after-free in function bt_quickfix

Description heap-use-after-free in function btquickfix at buffer.c:5770 Vim Version git log commit 32ff96ef018eb1a5bea0953648b4892a6ee71658 HEAD - master, tag: v9.0.1307, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S btquickfixpoc -c :qa!...

4.4CVSS7AI score0.00528EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/13 8:17 p.m.37 views

No Protection Against Bruteforce Attacks on Login Page in

Description Modoboa does not restrict or limit unsuccessful login attempts allowing an attacker to brute force the password of a known user Proof of Concept Steps to Reproduce: Capture login request with BurpSuite Send to Intruder Replay the login request with a different password value utilizing...

5CVSS7.5AI score0.00653EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/13 5:15 p.m.20 views

The XSS playload injected in "Display Name" parameter in creating Contacts are vulnerable to Cross-Site Scripting (Stored/Persistent)

Description The XSS playload injected in "Display Name" parameter in creating Contacts are vulnerable to Cross-Site Scripting Stored/Persistent. Steps to Reproduce: 1. First is go to the user dashboard then contacts: https://demo.modoboa.org/contacts// 2. Then Add new contact, enter the payload...

5.3AI score
Exploits0
Huntr
Huntr
added 2023/02/13 12:50 p.m.8 views

HTML Injection

Description HTML Injection vulnerability was discovered in Accounting module that allow authenticated user to inject malicious HTML code inside "accountnumber" parameter. Proof of Concept Video...

7.5AI score
Exploits0
Huntr
Huntr
added 2023/02/13 4:47 a.m.22 views

Broken access control - Someone still can comment in unactive FAQ NEWS

Description when a NEWS FAQ turns on the comments feature and disables post like this settings. Screenshot https://imgur.com/a/9UY4QRf if you create a FAQ news with those settings and view the post, you will notice that the comment section is disabled Screenshot https://imgur.com/a/rY6zJt9 Proof ...

5.5CVSS5.5AI score0.00492EPSS
Exploits1
Huntr
Huntr
added 2023/02/12 8:21 p.m.28 views

XSS in hyperlink when create FAQ News

Description Stored Cross-Site Scripting XSS through hyperlinks refers to a type of security vulnerability that occurs when an attacker injects malicious code into a hyperlink, which is then stored in the application's database or web server. When a user clicks on the infected hyperlink, the...

4.9CVSS5.3AI score0.00532EPSS
Exploits1
Huntr
Huntr
added 2023/02/12 8:3 p.m.25 views

XSS in Comment Faq news username parameter

Description Stored Cross-Site Scripting XSS is a type of security vulnerability that occurs when an attacker injects malicious code into a website that is then stored on the server and served to unsuspecting users. This type of XSS is particularly dangerous because it can persist and continue to...

4.9CVSS5.3AI score0.00536EPSS
Exploits1
Huntr
Huntr
added 2023/02/12 7:20 p.m.16 views

Stored XSS on Configuration Version

Description In a form version that appears to have no validation, it means that the website or application is not properly checking user inputs for malicious code before storing it in the database. This lack of validation allows an attacker to inject their own malicious script, which can then be...

4.9CVSS5.5AI score0.00615EPSS
Exploits1
Huntr
Huntr
added 2023/02/12 6:32 p.m.31 views

Stored XSS edit Config Link

Description Stored Cross-Site Scripting XSS through hyperlinks refers to a type of security vulnerability that occurs when an attacker injects malicious code into a hyperlink, which is then stored in the application's database or web server. When a user clicks on the infected hyperlink, the...

4.9CVSS5.1AI score0.00532EPSS
Exploits1
Huntr
Huntr
added 2023/02/12 5:50 p.m.23 views

Stored xss real name

Description In the admin account, there is a feature to add a user. In this feature, a vulnerability was found in the "Your Name" form. Proof of Concept 1.go to https://roy.demo.phpmyfaq.de/admin/?action=user 2.add user with realname alert'123' 3.go to...

4.3CVSS5.3AI score0.00532EPSS
Exploits1
Huntr
Huntr
added 2023/02/12 1:7 p.m.76 views

Account Takeover and Persistence due to the Oauth Misconfiguration

Team, May you all be well on your side of the screen. : . While Doing some research on thehttps://cal.com/, I was able to find a Pre-Account Takeover vulnerability. Proof of concept: . I have created a video demonstration of the vulnerability and uploaded it to my Google Drive. . The link for the...

6.5CVSS8.4AI score0.08958EPSS
Exploits5References1
Huntr
Huntr
added 2023/02/12 5:3 a.m.23 views

Two Stored XSS in Instructions and User Widget

Stored XSS 1 Description 1 The santinizer founction noxsshtml$html can be bypassed since it missed to ban the tag of in $bannedelements = 'script', 'iframe', 'embed';. By this missing, the logged admin can maliciously inject xss payloads like in the backend database using the point POST...

4.3CVSS5.4AI score0.00473EPSS
Exploits1
Huntr
Huntr
added 2023/02/12 2:27 a.m.26 views

buffer over-read in function mhas_dmx_process filters/reframe_mhas.c

Version ➜ gcc git:master ✗ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev40-g3602a5ded-master c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

4.4CVSS7.4AI score0.00404EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/12 2:15 a.m.26 views

off-by-one error in function gf_text_get_utf8_line filters/load_text.c

Version MP4Box - GPAC version 2.3-DEV-rev40-g3602a5ded-master c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration:...

1.9CVSS5.7AI score0.00399EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/11 9:47 a.m.55 views

No Rate Limit On Reset Password

Description A rate limiting algorithm is used to check if the user session or IP address has to be limited based on the information in the session cache. In case a client made too many requests within a given time frame, HTTP servers can respond with status code 429: Too Many Requests. wikipedia ...

5CVSS6.6AI score0.00681EPSS
Exploits0
Total number of security vulnerabilities4072