Lucene search
K

4072 matches found

Huntr
Huntr
added 2023/02/10 12:46 p.m.21 views

SQL Injection in Custom Fields

Description SQL injection when updating custom fields in the admin panel. Malicious web admins can use POST /app/admin/custom-fields/edit-result.php with parameters fieldType=set&fieldSize='1' CHARACTER SET utf8; SELECT sleep3; to execute the inserted SQL command SELECT sleep3; and thus result th...

5.8CVSS8AI score0.0305EPSS
Exploits3
Huntr
Huntr
added 2023/02/10 10:15 a.m.22 views

Stored XSS in "DATA IMPORTS" module

Description Due to improper data sanitization and validation in "DATA IMPORTS" module allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Payload In this PoC, I can inject into "Address" and "City" fields when importing new user by using the...

5.8CVSS7AI score0.00385EPSS
Exploits0
Huntr
Huntr
added 2023/02/10 8:13 a.m.23 views

Stored XSS

Description answer has a feature to customize the "Site Name" during installation or in the settings page , due to a bad sanitization it allows to put arbitrary html code which allows to execute javascript code. Everytime a user enter in the website, the xss is triggered. Injected payload...

4.3CVSS5.9AI score0.00526EPSS
Exploits1
Huntr
Huntr
added 2023/02/09 11:29 p.m.28 views

RCE by Server Side Template Injection

Description Hi, During my testing, I discovered that it is possible to inject code into the system through the "first name" field. This vulnerability allows for server-side template injection, which can lead to arbitrary code execution. The impact of this vulnerability is potentially significant...

7.5CVSS9.7AI score0.01799EPSS
Exploits1
Huntr
Huntr
added 2023/02/09 6:3 p.m.31 views

File Upload lead to Stored XSS bypass csp

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. 1-Login to your application and create a Store called “Test” make all the...

4.9CVSS5.3AI score0.00476EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/09 3:12 p.m.22 views

Stored XSS in server settings when upload branding

Description An attacker can upload an arbitrary file with a content type starting with image/ Proof of Concept POST /server/theme HTTP/1.1 Host: localhost:14142 Content-Length: 1077 Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="89", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0...

4.9CVSS6AI score0.00556EPSS
Exploits1
Huntr
Huntr
added 2023/02/09 2:33 p.m.25 views

heap-buffer-overflow in function gf_m2ts_process_tdt_tot media_tools/mpegts.c

Version ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev40-g3602a5ded-master c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC...

4.4CVSS7.4AI score0.0043EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/09 2:23 p.m.22 views

Vulnerable to clickjacking

Description Vulnerable to clickjacking Proof of Concept 1 Create an iframe.html with below contents The iframe element 2 Open with firefox and note that the frame is loaded which is potential to clickjacking due to missing x-frame-options security headers...

5.8CVSS5.6AI score0.00373EPSS
Exploits1
Huntr
Huntr
added 2023/02/09 12:58 p.m.36 views

NULL Pointer Dereference in function utfc_ptr2len

Description NULL Pointer Dereference in function utfcptr2len at mbyte.c.c:2145 allows attackers to cause a denial of service application crash via a crafted input. vim version commit 0caaf1e46511f7a92e036f05e6aa9d5992540117 HEAD - master, tag: v9.0.1293, origin/master, origin/HEAD Author: Yegappa...

1.9CVSS6AI score0.00426EPSS
Exploits1
Huntr
Huntr
added 2023/02/09 10:22 a.m.24 views

Stored XSS on Tag

Description Evil users can attack other users or administrator users through this vulnerability, causing other users/administrator user accounts to be taken over Proof of Concept step 1. Create new tag Step 2: Enter XSS payload to Description tag Step 3: Go to http://127.0.0.1/questions Step 4:...

4.9CVSS5.2AI score0.0062EPSS
Exploits1
Huntr
Huntr
added 2023/02/09 12:41 a.m.25 views

Stored DOM-based Cross-site Scripting in Tags Functionality

Description A stored, DOM-based cross-site scripting vulnerability exists in answer version 1.0.4 within the question tagging functionality. Steps Step 1. Log in. Step 2. Proceed to create a new question. Populate the Title and Body input. Step 3. Click on the Add tag button, shown in the followi...

4.9CVSS4.8AI score0.0062EPSS
Exploits1
Huntr
Huntr
added 2023/02/08 6:19 p.m.116 views

Stored XSS Bypass While add a new Comment

Description Stored XSS bypass in add comments function if you try to inject XSS payload like that won't work ,So I found a bypass that able to bypass cloudflare with the following payload or and click enter to add newline and click "add comment" func cc CommentController AddCommentctx gin.Context...

4.9CVSS5.2AI score0.00553EPSS
Exploits1
Huntr
Huntr
added 2023/02/08 1:52 p.m.20 views

Stored XSS in Site Name

Description Stored Cross-site Scripting XSS vulnerability in Site name of answerdev/answer Proof of Concept 1. Log in then 2. Admin --- Setting --- General 3. Enter below payload at Site Name For More Understanding please check POC:...

4.3CVSS5.1AI score0.00526EPSS
Exploits1
Huntr
Huntr
added 2023/02/08 1:25 p.m.16 views

Complex xss to bypass protection

Description 1.First we login as a normal user, and then comment under a question, the content of the comment is 2.Then we login as an administrator user. And find the comment we just submitted, the administrator can click the edit button.Then the administrator Click "Save edits" without any...

4.9CVSS5.6AI score0.0044EPSS
Exploits1
Huntr
Huntr
added 2023/02/08 12:21 p.m.16 views

Privilege Escalation in the Cockpit CMS

Description Hi, during my analyses I realized that it is possible to perform a privilege escalation by intercepting the request and changing the roles from "user" to "admin" becoming the application's administrator. Proof of Concept poc:...

6.5CVSS8.6AI score0.00344EPSS
Exploits1
Huntr
Huntr
added 2023/02/07 4:51 p.m.7 views

XSS in user supplied title

Issue The useHead function does not sanitize tags inserted in each property, including the title property. Context The useHead repository is a wrapper around vueuse/head which wraps unjs/unhead which wraps harlan-zw/zhead. The possibility of XSS is not described as being a vulnerability in the ro...

6.1AI score
Exploits0
Huntr
Huntr
added 2023/02/06 11:7 p.m.13 views

Default account creation on all installation methods

Description The credentials of the administrator user console installation are set by default. Additionally in both the console installation and the gui installation a janedoe account is created with default credentials...

7.5CVSS8.9AI score0.00743EPSS
Exploits1
Huntr
Huntr
added 2023/02/06 10:20 a.m.10 views

CSS injection using component islands and useHead

Description After a component island render, the resulting head is regex'd for tags. This regex is not very robust and can be tricked, allowing for CSS injection. Proof of Concept app.vue vue Nuxt 3 Playground const title = ref nuxt.config.ts ts export default defineNuxtConfig experimental:...

6.4AI score
Exploits0References1
Huntr
Huntr
added 2023/02/06 7:24 a.m.21 views

Stored XSS

Description A Cross-Site Scripting XSS vulnerability exists in Dolibarr before 16.0.4 via the ticket creation flow. Exploitation requires that an admin change the value of the box using "onbeforeinput" event. In the worst case, the victim who inadvertently triggers the attack is a highly privileg...

6AI score0.00893EPSS
Exploits1References2
Huntr
Huntr
added 2023/02/06 5:29 a.m.30 views

Out of Range Pointer offset in mb_charlen of mbyte.c

Description Out of Range Pointer offset in mbcharlen of mbyte.c Vim Version git log commit 78012f55faf7444e554c0a97a589d99fa215bea9 HEAD - master, tag: v9.0.1275, origin/master, origin/HEAD POC ./vim -u NONE -X -Z -e -s -S poc01.dat -c ':qa!' Segmentation Fault GDB gdb ./vim gdb run -u NONE -X -Z...

1.7CVSS5.8AI score0.00409EPSS
Exploits1References2
Huntr
Huntr
added 2023/02/04 6:42 p.m.23 views

Html Injection in Contributors

Description Html injection in Contributors and just only need html payload in Display Name and fire in Contributors list Proof of Concept 1. Login to squidex 2. Create an app with random name. 2. Go to Edit Profile then Edit users display name with html payload = Sanket722 3. Go to...

4CVSS7.2AI score0.00521EPSS
Exploits1
Huntr
Huntr
added 2023/02/04 6:14 p.m.21 views

GET based CSRF on delete user functionality

Description The /account/delete functionality is vulnerable to CSRF. In this way, an attacker can trick the victim to delete his own account just clicking on the link. Steps to reproduce - Login with a user - Now go here: https://app.wallabag.it/account/delete - The account is now deleted without...

4.3CVSS6.2AI score0.00301EPSS
Exploits1
Huntr
Huntr
added 2023/02/04 8:49 a.m.20 views

Remote Code Execution in "Import Settings" feature

Description Due to Improper data validation in "Import Settings" feature, an authenticated attacker can send crafted settings with malicious payload inside "system.croncmdline" value. Step to reproduce Requirement: PHP code must be executed on attacker machine - Step 1: Attacker run web server an...

6.5CVSS8.5AI score0.03928EPSS
Exploits1
Huntr
Huntr
added 2023/02/03 8:6 a.m.19 views

IDOR Vulnerability Allows add tag entry user other

Description IDOR Vulnerability Allows add tag entry user other, allows adding tags to any user, since there is no user authentication. And not limiting the input causes the entry interface to break Proof of Concept Step 1. User A manages entry id 6 Step 2. User B manages entry id 7 Step 3. Login...

5CVSS5.4AI score0.00498EPSS
Exploits1References1
Huntr
Huntr
added 2023/02/03 7:34 a.m.14 views

Phar Deserialization of Untrusted Data

Description snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitra...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2023/02/02 10:18 p.m.72 views

XSS via postMessage to deface any website and account takeover

Description Hey Chatwoot team, while looking for vulnerabilities I found a critical XSS which allow us to XSS/Deface any website which uses the chat, this can be automated to attack thousands of websites Vulnerable Code Inside this function...

5.8CVSS6.2AI score0.00366EPSS
Exploits0
Huntr
Huntr
added 2023/02/02 6:24 p.m.18 views

Stored Cross Site Scripting in the username

Description Stored XSS occurs when an attacker injects malicious code into a website, which is then stored on the server. In this case, the malicious code is being stored as the user's username. When someone accesses the shared page, the website retrieves the user's username from the server and...

4.9CVSS5.3AI score0.00443EPSS
Exploits1
Huntr
Huntr
added 2023/02/02 9:45 a.m.12 views

DynamicPHPCode Filtering Bypass leads to Remote Code Execution

Description The "Websites" module in Dolibarr CRM version 6.0.3 and below has "checkPHPCode" function check to ensure that the page not contains any malicious function. However, this funtion only check by using match word searching, that allows malicious authenticated user can bypass by using...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/02/02 3:11 a.m.22 views

Restrictive composer.json makes Dompdf vulnerable to URI validation failure on SVG parsing

Description The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This might lead to arbitrary object unserialize on PHP tags, in src/Image/Cache.php: if $type === "svg" $parser = xmlparsercreate"utf-8"; xmlparsersetoption$parser,...

6.4AI score
Exploits0References2
Huntr
Huntr
added 2023/02/02 2:20 a.m.19 views

xss bypass the sanitize

Description hi,@maintainer.The filter you use to clean xss is unsafe.Please choose an xss filter with a large number of users and a high evaluation Proof of Concept 1.Login to the forum as any user. 2.Send dangerous messages to admin users. 3.The value of the Message is below click me 4.Admin use...

0.9AI score
Exploits0
Huntr
Huntr
added 2023/02/02 1:6 a.m.20 views

Heap Buffer Overflow in function gf_isom_box_size at src/isomedia/box_funcs.c:1997

Description Heap Buffer Overflow in function gfisomboxsize at src/isomedia/boxfuncs.c:1997 gpac version git log commit bbca869177585aaca8eb66d8541079e6f364798e HEAD - master, origin/master, origin/HEAD Author: jeanlf Date: Wed Jan 18 11:40:30 2023 +0100 fixed potentially missing last packets in...

4.4CVSS7.5AI score0.00358EPSS
Exploits1
Huntr
Huntr
added 2023/02/01 5:37 a.m.7 views

Xss in compose mail functionaility

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept - Step1: login as normal user. - step2: click on webmail and click on compose. - step3: now enter "...

Exploits0
Huntr
Huntr
added 2023/01/31 2:58 p.m.20 views

Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug

Description Cross Site Scripting XSS in Model\DataObject\Data\UrlSlug of pimcore/pimcore Proof of Concept 1. Login in stable account URL : https://demo.pimcore.fun/admin 2. Go to System Data --- UrlSlug 3. Enter Payload in UrlSlug with starting with "/" slash. For more understanding please check...

4.9CVSS5.3AI score0.03015EPSS
Exploits1
Huntr
Huntr
added 2023/01/31 2:55 p.m.12 views

xss bypass the filter

Description hi,@maintainer.The filter you use to clean xss is unsafe.Please choose an xss filter with a large number of users and a high evaluation Video link You can watch my video through this link first. link https://drive.google.com/file/d/1mh9hiDxmybLQGPw-z36qBdsEcEOoPw8/view?usp=sharelink...

0.2AI score
Exploits0
Huntr
Huntr
added 2023/01/31 1:51 p.m.17 views

XSS in HTML-Tags

Description Cross site scripting vulnerability in pimcore/pimcore in HTML-Tags of "SEO & Settings" Proof of Concept 1. Login in stable account URL : https://demo.pimcore.fun/admin/?dc=1675166039&perspective= 2. Go to Home --- SEO & Settings 3. Enter Payload in HTML-Tags For More Understanding...

Exploits0
Huntr
Huntr
added 2023/01/30 2:58 p.m.17 views

Reflected XSS

Description Reflected Cross-Site Scripting XSS vulnerability in LibreNMS 22.12.0 - Fri Dec 30 2022 10:11:51 GMT+0100 allows attackers to execute arbitrary external javascript code in the browser affected from /ports/group parameter. 1. Login 2. Navigate PoC link Proof of Concept...

4.9CVSS6.3AI score0.66884EPSS
Exploits1
Huntr
Huntr
added 2023/01/30 1:39 p.m.9 views

XSS caused by sending information between users

Description The forum allows users to send information. Although the script tag cannot be used, the img tag can also cause xss.And the program can bypass the filtering of the "cookie" string by means of entity encoding. Video link You can watch my video through this link first. link...

0.2AI score
Exploits0
Huntr
Huntr
added 2023/01/30 9:58 a.m.16 views

Session Fixation in https://demo.froxlor.org/

Description The session ID not rotating even after relogin POC 1. Change the PHPSESSID=newsessionchanged and then login 2. Use the same session into new browser and as you can see logged into the account 3. you can try logout and login again the PHPSESSID doesn't change. Video POC:...

5.5CVSS7AI score0.00431EPSS
Exploits1References2
Huntr
Huntr
added 2023/01/30 9:22 a.m.24 views

CSRF in all endpoints of /lib/ajax.php by Changing the request method to GET

Description I have found a CSRF in all the request in /lib/ajax.php by changing the request to GET and the page is also get errors. So user cannot use any function on the page Proof of Concept 1. Go to https://demo.froxlor.org/ and login as any user. ie. admin 2. Now open...

6.8CVSS8.4AI score0.00324EPSS
Exploits1
Huntr
Huntr
added 2023/01/30 1:17 a.m.87 views

Open Redirect on "returnUrl=" parameter

Description Hello Team while testing the "returnUrl=" parameter on login page it was not vulnerable, but I found another way to get Open Redirect with that parameter Proof of Concept Here is the Video POC of this vulnerability...

5.8CVSS6.2AI score0.00607EPSS
Exploits1
Huntr
Huntr
added 2023/01/29 2:39 a.m.38 views

Incorrect Calculation of Buffer Size in function yank_copy_line

Description Incorrect Calculation of Buffer Size in function yankcopyline at register.c:1468 vim version git log commit 657aea7fc47fb919ce76fad64ba0ec55a1af80f1 HEAD - master, tag: v9.0.1249, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocnsp01s.dat -c :qa!...

4.4CVSS6.9AI score0.00438EPSS
Exploits1
Huntr
Huntr
added 2023/01/28 12:12 a.m.31 views

weak Password Policy Directory Protection

Hello, The strong Password Policy is everywhere in place. BUT The Directory Protection Part allows to bypass this strong Password Policy and setting a Password like 1. This is very easy to bruteforce. Lets see : ------ Password is set to 1 and it will get accepted. As you can see the Password got...

5CVSS7.4AI score0.00455EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/27 11:56 p.m.35 views

Language Dropdown Menu Manipulation

Hello It is possible to manipulate the Language Dropdown Menu and change it to anything the attacker wants. Process of the Vulnerability: 1. Login 2. Go Miscellaneous - Email & file templates 3. Add Template - Change & Save and intercept the Request 4. Change the Language to anything you want ---...

3.3CVSS5.4AI score0.00562EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/27 11:44 p.m.35 views

SQL Database Error could lead to SQL Injection with internal Path Disclosure

Hello, Through manipulating Parameter i get an SQL Error which can lead to SQL Injection. Plus that there is an internal Path Disclosure. Best regards Ahmed Hassan...

5CVSS6AI score0.00667EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/27 11:39 p.m.25 views

Dropdown Menu Manipulation leads to stored HTML Injection

Hello In the Cronjob we can change the Interval Time the Dropdown Menu "minutes" to a stored HTML Injection. The Vulnerabilities are 2: 1. First thing the Dropdown Menu should be fixed and nobody can alter or change anything which we will do 2. Second we can implement a stored HTML Injection with...

4.3CVSS5.8AI score0.00439EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/27 2:12 p.m.20 views

Unauthenticated CSRF to XSS on login page

Description The user-email parameter is vulnerable to XSS on the login page. In this way it is possible to make execute Javascript code on an unauthenticated user. To exploid the vulnerability, since the it is a POST request, it's necessary an HTML poc in order to trigger a CSRF on the login form...

Exploits0
Huntr
Huntr
added 2023/01/26 11:56 p.m.21 views

CSRF attack used to change user's email, thus blocking its access to the application.

Description The application lacks protection against Cross-Site Request Forgery CSRF because it fails to verify the implementation of the CSRF Token. For example, if a victim visits the following site crafted by the attacker while logged in at the target application, the browser will issue the...

4.3CVSS6.4AI score0.00412EPSS
Exploits1
Huntr
Huntr
added 2023/01/26 6:43 p.m.20 views

Admin TakeOver

Description The endpoint /api/v2/token/ allows an unauthorized user to perform brute-forcing and the app doesn't block the request which not having any SESSION COOKIE or even CSRF token Request POST /api/v2/token/ HTTP/1.1 Host: demo.modoboa.org User-Agent: Mozilla/5.0 X11; Linux x8664; rv:109.0...

7.5CVSS8.9AI score0.15088EPSS
Exploits4References1
Huntr
Huntr
added 2023/01/26 4:9 p.m.35 views

stored Blind XSS in Admin Panel through FAQ-Proposal leads to Admin Full Account Takeover

Hello. Vulnerability: Blind XSS in Admin Panel while generating Report 1. Without beeing logged in the Application 2. Go to FAQ-Proposal - put an XSS Payload like alert'1' in the question Field 4. Send the Proposal ------ 4. Admin will login 5. The Proposal will pop up in the Category you specifi...

4.3CVSS5AI score0.00601EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/25 11:45 p.m.23 views

Name Field and all other required Fields Bypass while doing FAQ Proposals

Dear Ladies and Gentlemen, I was able to identify in the Process of sending a FAQ Proposal a Username and all other required Fields Bypass Vulnerability. The Attacker can bypass all the required fields by sending a space at any required field like name, text, answer or question which is a require...

4CVSS5AI score0.0061EPSS
Exploits1References2
Total number of security vulnerabilities4072