Lucene search
K

4072 matches found

Huntr
Huntr
added 2023/01/25 3:18 p.m.30 views

Privilege Escalation from customer to root

Privilege Escalation from Customer to Root First of all, sorry for the formatting of the report, but this platform is a mess. I can't attach any PoC files added chapters at the end of the report instead, can't attach any screenshots, nor provide a report as PDF. And btw markdown is only partly...

6.5CVSS9.3AI score0.01119EPSS
Exploits1
Huntr
Huntr
added 2023/01/25 8:39 a.m.31 views

File Upload Type Validation Error lead to Stored XSS

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. STEPSTOREPRODUCE 1. Login to your application and create a Store called...

4.9CVSS5.3AI score0.00476EPSS
Exploits1References2
Huntr
Huntr
added 2023/01/24 10:33 p.m.26 views

important E-Mail Input Field bypassed allowing Account Lockout and Takeover

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan [email protected] and I were able to Account Lockout Vulnerability by bypassing the Input of the E-Mail Address. The Process of...

6.5CVSS8.4AI score0.00714EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/24 9:7 p.m.13 views

Stored/Reflected XSS in identities leads chained store XSS in logs

Description The XSS playload injected in the identities to create a new account leads to stored and reflected XSS in identities page and also in the logs page. Steps to Reproduce 1. Go to admin/identities 2.Enter the payload in the username, first name and last name as these fields are not...

4.9CVSS5.2AI score0.00498EPSS
Exploits1
Huntr
Huntr
added 2023/01/24 5:13 p.m.21 views

Multiple stored XSS

Description Hello! Found multiple stored XSS. PoCs "About me" XSS Insert this code in "About me" http://host/users/settings/profile Website title XSS go to /admin/general, edit 'Site Name' adding the following payload alert"XSS ATTACK!" The script will be executed every time you reload the page...

4.9CVSS5.7AI score0.00393EPSS
Exploits1
Huntr
Huntr
added 2023/01/24 5:2 p.m.26 views

Account Takeover via reset password

Description Password recovery leads to Account Take Over due to reset code leakage. Proof of Concept Create an acount in https://meta.answer.dev/ and verify mail, then log out. Go to password recovery https://meta.answer.dev/users/account-recovery, insert your email and capture the server respons...

7.5CVSS9.2AI score0.06368EPSS
Exploits4
Huntr
Huntr
added 2023/01/24 2:25 p.m.21 views

FusionCMS (FusionGen) Takeover account - Predictable Key and Password Generation in Password Recovery Feature

Description It was discovered that the password recovery feature on the website is vulnerable to predictable key and password generation. An attacker is able to predict the key used in the password recovery process and the generated password itself by using a specific PHP command and the user's...

0.1AI score
Exploits0
Huntr
Huntr
added 2023/01/24 12:34 p.m.11 views

Anti-CSRF mechanism is not present

Description The application is vulnerable to a CSRF attack. Proof of Concept 1. Login as admin. 2. Open the following HTML file in the browser. This action is equivalent to clicking a link sent by an attacker. trap.html html history.pushState'', '', '/' 3. Click the button. 4. A new user is creat...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2023/01/24 3:6 a.m.16 views

Improper Restriction of Rendered UI Layers or Frames

Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept http://localhost:8000/admin/ Response headers http HTTP/1.1 200 OK Server: gunicorn Date: Tue, 24 Jan 202...

0.4AI score
Exploits0
Huntr
Huntr
added 2023/01/24 12:1 a.m.19 views

stored HTML-Injection in the FAQ-Proposal

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan [email protected] and I were able to identify another stored HTML-Injection Vulnerability in the FAQ-Proposal Form. The Process of the...

7.5CVSS9AI score0.01662EPSS
Exploits0References1
Huntr
Huntr
added 2023/01/23 11:32 p.m.14 views

stored HTML-Injection throuth the Question Form

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan [email protected] and I were able to identify another stored HTML-Injection Vulnerability in the Question Form. The Process of the...

7.5CVSS9AI score0.00886EPSS
Exploits0References1
Huntr
Huntr
added 2023/01/23 11:16 p.m.25 views

stored XSS through Question sending

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Ahmed Hassan [email protected] and I were able to identify another stored XSS Cross-Site-Scripting Injection Vulnerability. The Process of the...

4.9CVSS5.6AI score0.00533EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/23 9:56 p.m.24 views

Stored XSS - allows stealing Admin and Users Cookies

Dear Ladies and Gentlemen, First of all thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Ahmed Hassan [email protected] and I were able to identify a stored XSS Cross-Site-Scripting Vulnerability. The Process of the Vulnerability: Login ...

4.9CVSS5.3AI score0.00558EPSS
Exploits0References1
Huntr
Huntr
added 2023/01/23 1:11 p.m.31 views

Divide By Zero in function adjust_skipcol

Description Divide By Zero in function adjustskipcol at move.c:1978 vim version git log commit 7193323b7796c05573f3aa89d422e848feb3a8dc HEAD - master, tag: v9.0.1223, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocdbz01s.dat -c :qa! Floating point exception GDB gdb...

4.4CVSS7.6AI score0.0049EPSS
Exploits1
Huntr
Huntr
added 2023/01/22 8:32 p.m.12 views

No permission user can increase his role to administrator

Description No permission user can increase his role to administrator Proof of Concept Hey,i am new on this platform : Steps: - login your administrator account, go to people, and create a user with zero permission you can create permission group with zero permission - then login your restricted...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/01/22 3:44 p.m.42 views

heap-buffer-overflow in function utfc_ptr2len

Description Heap-based Buffer Overflow in function utfcptr2len at mbyte.c:2145 Vim Version git log commit ebfec1c531f32d424bb2aca6e7391ef3bfcbfe20 HEAD - master, tag: v9.0.1234, origin/master, origin/HEAD Both POCs also apply to v9.0.1262: git log commit f2e30d0c448b9754d0d4daa901b51fbbf4c30747...

4.4CVSS7AI score0.00598EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/22 2:49 p.m.33 views

Heap Use After Free in function ins_compl_get_exp

Description Heap Use After Free in function inscomplgetexp at insexpand.c:3846 vim version git log commit 7193323b7796c05573f3aa89d422e848feb3a8dc HEAD - master, tag: v9.0.1223, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochuaf01s.dat -c :qa!...

4.4CVSS7.1AI score0.00559EPSS
Exploits1
Huntr
Huntr
added 2023/01/22 6:1 a.m.26 views

IDOR vulnerability allowing to update another user's annotations

Description IDOR vulnerability was discovered in wallabag. Proof of Concept 1. Login as a victim. 2. Create an entry and an annotation. In this case the annotation's ID is 3. 3. Login as an attacker. 4. Send the following request. request http PUT /annotations/3 HTTP/1.1 Host: localhost:8000...

4CVSS5.1AI score0.00444EPSS
Exploits1
Huntr
Huntr
added 2023/01/22 12:31 a.m.23 views

Stored HTML Injection

Dear Ladies and Gentlemen, First of all thank you for your time and effort reading my Report. While doing the Penetration Test i was able to identify a stored XSS in the Username. When an admin or another Users try to set up a new account and set his name to alert‘1’ the Javascript will run and...

4.9CVSS5.2AI score0.00558EPSS
Exploits0References1
Huntr
Huntr
added 2023/01/22 12:16 a.m.18 views

No Password Policy at all during Registration and and Password Change allows Account Takeover Exploitation

Dear Ladies and Gentlemen, First of all thank you for your time and effort reading my Report. While doing the Penetration Test i was able to weak Password Policy while Registration and Passwort changing allowing an attacker to easily exploit an account Takeover Vulnerability. This is due no...

6.5CVSS8.4AI score0.00707EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/21 11:14 p.m.27 views

Arbitrary txt files deletion (authenticated)

Description The file sources/export.queries.php can be exploited by any authenticated user to remove arbitrary txt files. If the system administrator configured the base path for the teampass-seckey.txt to be /var/teampass, as shown in the official example, it is possible to remove it causing a...

5.5CVSS6.8AI score0.00823EPSS
Exploits1
Huntr
Huntr
added 2023/01/21 11:9 p.m.27 views

HTML-Injection

Dear Ladies and Gentlemen, First of all thank you for your time and effort reading my Report. While doing the Penetration Test i was able to identify an reflected HTML-Injection. The Process of the Vulnerability: 1. Login 2. Go to https://roy.demo.phpmyfaq.de/admin/?action=tags 3. Type any kind o...

5.5CVSS5.6AI score0.00624EPSS
Exploits1References3
Huntr
Huntr
added 2023/01/21 2:0 p.m.21 views

CSRF leading to remove Administrators users

Description remove function is vulnerable to CSRF lead to remove any Administrators users GET /admin/permissions/remove/?domid=2&daid=15 Proof of Concept 1/ visit /admin/domains/1/ 2/ delete button to remove permission is vulnerable to CSRF...

4.3CVSS6.3AI score0.00342EPSS
Exploits1
Huntr
Huntr
added 2023/01/20 7:36 p.m.18 views

Stored/Reflected XSS when add new domain

Description there is an XSS vulnerability that malicious script is injected directly in list of domain Proof of Concept 1//go to admin/domains/ 2/ click add to add a new domain 3/ in name section add this payload " and you can see payload executed POC...

4.9CVSS5.1AI score0.00613EPSS
Exploits1
Huntr
Huntr
added 2023/01/20 9:45 a.m.12 views

Cookie without “Secure “ and “ HttpOnly ” flag attribute

Description HttpOnly and Secure attribute is not set for session cookies in the application. Proof of Concept https://drive.google.com/file/d/1ZAanmAbOn-jSf6ZMS5JIQKUzJ78fUrea/view?usp=sharing...

0.6AI score
Exploits0References2
Huntr
Huntr
added 2023/01/20 9:11 a.m.26 views

Email enumeration via sending a magic sign in link functionality

Description The sending a magic sign in link functionality is vulnerable to an email enumeration attack. Proof of Concept If you enter registered email, you will get Login Link Sent! message. If you enter non-registered email, you will get Unknown email address. message...

5CVSS5.6AI score0.0056EPSS
Exploits1
Huntr
Huntr
added 2023/01/20 4:5 a.m.19 views

Stored HTML Injection

Team, I hope you are all doing well. . I wanted to bring to your attention a potential vulnerability on the website https://mainnet.demo.btcpayserver.org/account/apikeys. . During my research, I discovered that the api key label field is vulnerable to a stored HTML injection attack. Proof of...

6.5CVSS8.6AI score0.07896EPSS
Exploits4
Huntr
Huntr
added 2023/01/19 8:12 a.m.38 views

File Upload Type Validation Error

Description The application does not properly validate the file type or extension during the upload process, allowing any authenticated user to bypass it . StepsTOReproduce - Navigate to this URL:https://demo.bumsys.org/settings/shop-list/ - Click on action button to edit the Profile - Click on...

6.5CVSS8.6AI score0.05748EPSS
Exploits5References1
Huntr
Huntr
added 2023/01/19 5:26 a.m.28 views

SSL certificate verification disabled

Description When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived...

4CVSS7AI score0.00526EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/18 7:26 p.m.40 views

heap-buffer-overflow in same_leader and utfc_ptr2len

Description Heap-based Buffer Overflow in function sameleader at textformat.c:558 Heap-based Buffer Overflow in function utfcptr2len at mbyte.c:2138 Vim Version git log commit f97a295ccaa9803367f3714cdefce4e2283c771d HEAD - master, tag: v9.0.1221, origin/master, origin/HEAD Able to replicate the...

4.4CVSS7.7AI score0.00555EPSS
Exploits1References2
Huntr
Huntr
added 2023/01/18 6:25 p.m.26 views

Improper authorization

Description In phpIPAM 1.5.1, an unauthenticated user could download the list of high-usage IP subnets that contains sensitive information such as a subnet description, IP ranges, and usage rates via findfullsubnets.php endpoint. The bug lies in the fact that findfullsubnets.php does not verify i...

5CVSS1AI score0.37304EPSS
Exploits1
Huntr
Huntr
added 2023/01/18 12:48 p.m.14 views

CSRF leading to delete a user

Description The deleting a user functionality is vulnerable to a CSRF attack. The cause is same with the deleting a domain functionality. Proof of Concept 1. Login as admin. 1. Create a user to be deleted. E.g. the user ID is 2. 1. Open the following file in the browser. html history.pushState'',...

4.3CVSS5AI score0.00386EPSS
Exploits1
Huntr
Huntr
added 2023/01/18 8:9 a.m.12 views

An attacker can view private posts

Description The bookmark saving functionality performs improper authorization check. To exploit this, an attacker is required to know the target post ID. This is done via share link or by less possibly brute-forcing. Proof of Concept 1. victim Create a new post whose visibility is Followers Only...

5CVSS5.4AI score0.00546EPSS
Exploits1
Huntr
Huntr
added 2023/01/18 4:26 a.m.31 views

Email enumeration via reset password functionality

Description User enumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system. The malicious actor is looking for differences in the server's response based on the validity of submitted credentials. The differences can be inside the...

5CVSS5.4AI score0.00639EPSS
Exploits1
Huntr
Huntr
added 2023/01/17 9:1 a.m.25 views

Reflected XSS - Accounting Module - Maintenance - Delete Accounting Records

Description A reflected cross-site scripting XSS vulnerability exists within acct-maintenance-delete.php, which allows a malicious user to execute arbitrary JavaScript code. The vulnerable parameters are username, startdate, and enddate. Proof of Concept 1. Navigate to /acct-maintenance-delete.ph...

5.8CVSS5.6AI score0.00468EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/17 8:4 a.m.17 views

SQL Injection in search function

Description In the search function \ \ \ \ With options recentplayed, user input is taken directly into the query without being included in the prepare statement \ \ \ Proof of Concept POST /ampache-5.5.6allphp7.4/public/search.php?type=song HTTP/1.1 Host: localhost:8888 User-Agent: Mozilla/5.0...

6.5CVSS8.4AI score0.00746EPSS
Exploits1
Huntr
Huntr
added 2023/01/17 5:58 a.m.24 views

File Upload Type Validation Error

Description The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature p.e. GIF89 and sending any invalid content-type. This could allow an authenticated attacker to...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2023/01/16 8:3 p.m.25 views

Reflected XSS - Accounting Module - Maintenance - Cleanup Stale Sessions

Description A reflected cross-site scripting XSS vulnerability exists within acct-maintenance-cleanup.php, which allows a malicious user to execute arbitrary JavaScript code. Proof of Concept 1. Navigate to /acct-maintenance-cleanup.php and enter the following payload alert1within the username...

5.8CVSS5.6AI score0.00468EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/16 1:14 p.m.19 views

Reflected XSS on msg Parameter

Description Hello Team, Hope you're doing well, There is no sanitization for the user input in msg parameter on the print.php file. Proof of Concept for some reason, I don't know why I can't prove the vulnerability on demo.bumsys.org but here is the PoC payload is:...

0.9AI score
Exploits0
Huntr
Huntr
added 2023/01/16 12:11 p.m.22 views

heap-use-after-free in gf_odf_vvc_cfg_read_bs

Description heap-use-after-free in gfodfvvccfgreadbs at odf/descriptors.c:1403 Version Author: Lim Wei Cheng ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev23-g5a733aec7-master c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io same POC can also trigger heap-use-after-fre...

4.4CVSS7.4AI score0.00403EPSS
Exploits1References1
Huntr
Huntr
added 2023/01/15 4:48 p.m.15 views

CSRF, Reflected XSS and Stored XSS in add instance function

Description The add instance function allows to creation of an instance from user input but does not have any sanitizing mechanism which results in a Reflected XSS bug. This feature can be made by any user in the system, including guest users. After creating the instance will be saved on the...

1.2AI score
Exploits0
Huntr
Huntr
added 2023/01/15 2:9 p.m.34 views

SQL injection in API authorization check

Description TeamPass /authorize API endpoint is vulnerable to SQL injection in the login field. It is possible to forge an arbitrary Blowfish hash and use it in the query to bypass the password verification check. Using the same query it is possible to define an arbitrary apikey value too: "login...

5CVSS8.2AI score0.08354EPSS
Exploits6
Huntr
Huntr
added 2023/01/14 2:52 p.m.14 views

HTML Injection in add expense via transaction tab

Steps to reproduce After login into demo account, Go to the transaction page and there your can add or create an expense If your on the write path, while creating or adding an expense there will be description field In the Description field, enter the following payload Y00 and click save Now, you...

0.7AI score
Exploits0
Huntr
Huntr
added 2023/01/14 1:45 p.m.21 views

CSRF leading to delete a domain

Description GET /admin/domains/id/delete/ page is vulnerable to a CSRF attack. Proof of Concept 1. Login as admin. 2. Create a domain to be deleted. E.g. the domain ID is 4. 3. Open the following file in the browser. html history.pushState'', '', '/' document.forms0.submit;...

4.3CVSS6.2AI score0.00348EPSS
Exploits1
Huntr
Huntr
added 2023/01/13 6:5 a.m.20 views

A User Can Unblock Themself

Description PUT /api/v1/users/id API doesn't properly check the authorizaion. Proof of Concept 1. admin Enable user registration functionality. 2. user Register new user and login as them. 3. user Create OAuth client. 4. admin Block the new user on admin panel. 5. user Send the following request:...

4CVSS6.4AI score0.00625EPSS
Exploits1
Huntr
Huntr
added 2023/01/12 6:34 p.m.13 views

Path Traversal - Archiving Files to Zip

Description The Tiny File Manager pack files feature is vulnerable to path traversal, which allows an attacker to access files that reside outside the web document root directory. The vulnerability occurs as the "file" parameter is not sanitized properly, thus allowing a malicious user to input...

7.2AI score
Exploits0References1
Huntr
Huntr
added 2023/01/12 3:39 p.m.26 views

Race Conditional exists in the collection

Description Ordinary users can use this vulnerability to attack other users' question collection, which can break through a single user's operation of only collecting or canceling the collection, resulting in too many or negative collections Proof of Concept step1 . Open burp, click collection, a...

3.6CVSS6.6AI score0.0069EPSS
Exploits1
Huntr
Huntr
added 2023/01/12 2:55 p.m.15 views

Stored XSS in Your Answer

Description Evil users can attack other users or administrator users through this vulnerability, causing other users/administrator user accounts to be taken over Proof of Concept step1. Insert xss payload in the hyperlink of the question answer javaScript:alertlocalStorage.getItem'alui' step2. An...

6CVSS8.5AI score0.00871EPSS
Exploits1
Huntr
Huntr
added 2023/01/12 8:42 a.m.59 views

SVG Sanitization Bypass - XSS

Description In imgproxy application, we bypassed the svg sanitization function. In this way, attacker can craft malicious svg file and run javascript on the application. Proof of Concept Here is the content of the malicious svg file. After that you can call this svg file like below...

4.9CVSS5.6AI score0.01585EPSS
Exploits1
Huntr
Huntr
added 2023/01/12 3:2 a.m.33 views

Image upload function has storage xss vulnerability

Description Malicious users can upload files containing malicious html code through this vulnerability, resulting in the theft of identity tokens of other users/administrators accessing related pages and the account being taken over Proof of Concept step1. Log in to a common user account step2...

6CVSS8.8AI score0.00745EPSS
Exploits1
Total number of security vulnerabilities4072