Lucene search
K

4072 matches found

Huntr
Huntr
•added 2023/01/12 1:56 a.m.•36 views

Heap-based Buffer Overflow in function ml_append_int

Description Heap-based Buffer Overflow in function mlappendint at memline.c:2951 vim version git log commit 043d7b2c84cda275354aa023b5769660ea70a168 HEAD - master, tag: v9.0.1182, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochbo02s.dat -c :qa!...

4.4CVSS7.7AI score0.00467EPSS
Exploits1
Huntr
Huntr
•added 2023/01/11 8:52 p.m.•26 views

No Protection Against Bruteforce Attacks on Login Page

Description Twake does not limit unsuccessfull login attempts allowing an attacker to brute force the password of an administrator or regular user. Proof of Concept Steps to reproduce Because Twake does not rate limit authentication attempts an attacker could either bruteforce both the login and...

7.5CVSS9.1AI score0.0062EPSS
Exploits1References1
Huntr
Huntr
•added 2023/01/11 2:10 p.m.•24 views

Dom XSS in Add Question

Description Evil users can attack other users or administrator users through this vulnerability, causing other users/administrator user accounts to be taken over Proof of Concept step1. Add a normal user and log in step2. Add a new question and insert xss payload in the body Step3. Login admin us...

6CVSS8.5AI score0.00871EPSS
Exploits1
Huntr
Huntr
•added 2023/01/11 1:30 p.m.•20 views

Function of modifying userinfo has storage xss vulnerability

Description This vulnerability allows a malicious user to submit malicious html code on the profile page, causing the identity token to be stolen as soon as another user/administrator accesses the profile page, resulting in the account being taken over by someone else Proof of Concept step1. Log ...

6CVSS8.6AI score0.00714EPSS
Exploits1References1
Huntr
Huntr
•added 2023/01/11 1:34 a.m.•28 views

Froxlor 2.0.6 Remote Command Execution via Arbitrary File Write and Server Side Template Injection

Description Froxlor 2.0.6 Stable is suffering from Remote Command Execution that was achieved by chaining two bugs, the first one is an arbitrary file write on the logging feature, which allows an authenticated attacker to point the log file to any writable path even if it was the web server...

6.5CVSS9.3AI score0.97653EPSS
Exploits8References1
Huntr
Huntr
•added 2023/01/10 11:35 a.m.•10 views

XSS via markdown syntax

Description Hi,Maintainer,thanks for reading.I am glad to report a secure problem to you. I found that your forum allows users to use markdown syntax to post articles and comments, but there is no corresponding protection means, which is unsafe. Any user can post dangerous content, like the...

2.1AI score
Exploits0
Huntr
Huntr
•added 2023/01/10 3:36 a.m.•6 views

Site-wide CSRF (Bypass Strict Cookie) leave to Website Takeover

I reported this vulnerability once a long time ago, but you still haven't fixed it. I report back to remind you need to fix it. Description At the api/hooks.unfurl, when sending a post request containing a param challenge, the server will return the value of that param, which inadvertently leave ...

7.2AI score
Exploits0
Huntr
Huntr
•added 2023/01/09 4:31 p.m.•19 views

Stored XSS

Description /collector page is vulnerable to stored XSS. PoC 1. Open the following file in the browser: html history.pushState'', '', '/' document.forms0.submit; 2. Login as user. 3. Go to http://localhost:9666/collector 4. Click XSS alertXSS...

4.9CVSS5.5AI score0.00822EPSS
Exploits1
Huntr
Huntr
•added 2023/01/08 6:15 p.m.•17 views

Stored XSS in Add new question

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. steps 1-log in as an admin user first. 2-go to :...

4.9CVSS4.8AI score0.00541EPSS
Exploits0
Huntr
Huntr
•added 2023/01/07 2:58 p.m.•24 views

Mootools-more 1.6.0 is use which is potential vulnerable to CVE-2021-20088

Description Mootools-more 1.6.0 is use which is potential vulnerable to CVE-2021-20088 Proof of Concept https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/mootools-more.md...

7.5CVSS9AI score0.01449EPSS
Exploits2References1
Huntr
Huntr
•added 2023/01/06 1:17 p.m.•27 views

session fixation

Description A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application. Proof of Concept...

1.8AI score
Exploits0References1
Huntr
Huntr
•added 2023/01/06 1:16 a.m.•68 views

Stored XSS Via SVG File Upload

XSS Via SVG File Upload When uploading an image file to a bug report, you're able to upload .svg files which aren't properly sanitized before they are rendered, so any embedded Javascript will execute. Steps To Reproduce 1. Create a bug report 2. Upload a SVG attachment with a Javascript payload...

6.1AI score
Exploits0
Huntr
Huntr
•added 2023/01/05 1:42 p.m.•13 views

Insecure Temporary File

Description transformers package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Functions that create...

1CVSS6.8AI score0.00282EPSS
Exploits1
Huntr
Huntr
•added 2023/01/05 9:52 a.m.•20 views

Cookie Session Not Expiring Even After Deleting the users

Description The session is not expiring in another browser if we delete the user. Proof of Concept 1. Create two users with an admin role for the POC 2. Login in two different browsers Firefox user A and Chrome user B respectively 3. Go the settings-users and delete user B from user A Firefox...

4CVSS6.3AI score0.00655EPSS
Exploits1
Huntr
Huntr
•added 2023/01/05 9:8 a.m.•18 views

Improper String/Integer Input Validation Leads to the Crashing of Site

Description If you give the string input in the Start/End time field, then the application will stop working. Proof of Concept 1. Go to "Settings-General-Reconnection" 2. Change activated to "on" 3. On every input fields place any string for example put: "test" 4. Click on save and refresh 5. The...

5CVSS7.3AI score0.00816EPSS
Exploits1
Huntr
Huntr
•added 2023/01/05 8:9 a.m.•26 views

Stored XSS by link markdown

Description The site allows link markdown but does not validate, resulting in XSS. Proof of Concept Create new memo with payload Click me! Hold Ctrl and click to Click me!, a alert with content is domain name appear...

4.9CVSS5.5AI score0.00645EPSS
Exploits1
Huntr
Huntr
•added 2023/01/05 7:51 a.m.•22 views

Stored XSS via markdown link

Description Markdown editor doesn't sanitize user's input, leads to stored XSS Proof of Concept a Reproduce 1.Login to https://demo.usememos.com/ 2.Create new memo with content a 3.Ctrl+left click this link, javascript code has been executed...

4.9CVSS5.7AI score0.00498EPSS
Exploits1
Huntr
Huntr
•added 2023/01/04 1:28 p.m.•18 views

IDOR allowing to see other users' entries

Description The exporting entry functionality is vulnerable to an IDOR attack. Proof of Concept 1. Create a new entry as an existing user. Let's say the entry's id is 1. 1. Create a new user and login as them. 1. Go to http://localhost:8000/export/1.txt...

4CVSS5.1AI score0.00637EPSS
Exploits1
Huntr
Huntr
•added 2023/01/04 7:55 a.m.•14 views

CSRF leading to delete account

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete user accounts via /account/delete. Proof of Concept 1. Create a new user. 2. Login as the new user. 3. Open the following HTML file in the browser. html history.pushState'...

3AI score0.00304EPSS
Exploits1
Huntr
Huntr
•added 2023/01/04 5:10 a.m.•40 views

Lack of Input Sanitazion lead to RCE

Description This vulnerability occur because there is no sanitation on user controlled input during the update configuration process. The input later , written to another .php file and this could lead to RCE. Proof of Concept 1. Go to Config then go to Mail Settings 2. Change the From Email Addre...

6.5CVSS8.4AI score0.32278EPSS
Exploits2References1
Huntr
Huntr
•added 2023/01/03 2:5 p.m.•40 views

Heap-based Buffer Overflow in function msg_puts_printf

Description Heap-based Buffer Overflow in function msgputsprintf at message.c:3058 vim version git log commit ea720aea851e645f4c8ec3b20afb27c7ca38184c HEAD - master, tag: v9.0.1137, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochbo01s.dat -c :qa!...

4.4CVSS7.7AI score0.00518EPSS
Exploits1
Huntr
Huntr
•added 2023/01/03 1:48 p.m.•37 views

Out-of-bounds Write in function do_string_sub

Out-of-bounds Write in function dostringsub at eval.c:7338 vim version git log commit ea720aea851e645f4c8ec3b20afb27c7ca38184c HEAD - master, tag: v9.0.1137, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochow01s.dat -c :qa!...

4.4CVSS7.6AI score0.00469EPSS
Exploits1
Huntr
Huntr
•added 2023/01/03 12:8 p.m.•25 views

Out-of-bounds Read in function build_stl_str_hl

Out-of-bounds Read in function buildstlstrhl at buffer.c:4350 vim version git log commit ea720aea851e645f4c8ec3b20afb27c7ca38184c HEAD - master, tag: v9.0.1137, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochor01s.dat -c :qa!...

4.4CVSS7.6AI score0.00471EPSS
Exploits1
Huntr
Huntr
•added 2023/01/03 8:43 a.m.•118 views

XSS via upload pdf file

Description Hi there, It's my pleasure to submit a report to you again to maintain the safety of the project.Most users can upload files in the module named 'Resources' .We can upload pdf files.But uploading malicious pdf files will cause xss vulnerability which will cause great harm to users of...

4.9CVSS5.7AI score0.00519EPSS
Exploits1
Huntr
Huntr
•added 2023/01/03 6:46 a.m.•23 views

Unrestricted Logging Filename Lead to RCE

Description This vulnerability occur because there is no filename restriction for saving logging file. In this case attacker can set the filename to existing php file and append php code on it by manipulating the logged input. Proof of Concept 1. Log in using operator account, in this case i try ...

5.8CVSS6.9AI score0.01017EPSS
Exploits2References1
Huntr
Huntr
•added 2023/01/03 6:6 a.m.•12 views

Cookie without Secure attribute

Description The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. Proof of Concept http HTTP/1.1 200 OK Content-Type: application/json Content-Length: 107 Vary: Accept-Encoding Set-Cookie:...

5CVSS5.4AI score0.00436EPSS
Exploits1
Huntr
Huntr
•added 2023/01/02 10:19 p.m.•22 views

ANSI Escape Sequence Injection

Description Injection of escape sequences opens up the possibility for concealing / modifying viewed data, and code execution as some esc seqs feed data back to stdin. Proof of Concept poc So far, the places I managed to find a successful injection are: - when running id from the file name - func...

4.4CVSS8AI score0.00365EPSS
Exploits1
Huntr
Huntr
•added 2023/01/02 5:16 p.m.•14 views

Stored XSS using two files

Description I uploaded two files first = js , second = html the first was js files with malicious script and get it's url and i added it to the second one as source for the script tag Proof of Concept // test.js alert"xss"; and assume its url = https://demo.usememos.com/o/r/9/test.js // test.html...

7AI score0.00438EPSS
Exploits1
Huntr
Huntr
•added 2023/01/02 4:34 p.m.•23 views

Stored XSS via `.pages` File in

Description When user upload a file with .pages extension and direct access this file, the server response with Content-type: application/octet-stream lead to processing .pages as HTML file. I only discovered this file extension doing more research on XSS Proof of Concept POST...

4.9CVSS5.7AI score0.006EPSS
Exploits1References2
Huntr
Huntr
•added 2023/01/02 12:45 p.m.•30 views

JwtSigKey hardcoded causes the k8s cluster to take over

Description The jwt authentication function of kubepi = v1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Further use the administrator to...

7.5CVSS9.1AI score0.69667EPSS
Exploits1
Huntr
Huntr
•added 2023/01/01 4:20 p.m.•26 views

Improper Restriction of Rendered UI Layers or Frames

Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept...

5.8CVSS6.1AI score0.00456EPSS
Exploits0References1
Huntr
Huntr
•added 2023/01/01 3:2 p.m.•155 views

Pre-auth RCE

Description An unauthenticated attacker can execute arbitrary python code by abusing js2py functionality. Also, due to the lack of CSRF protection, a victim can be tricked to execute arbitrary python code. Proof of Concept Run the command below and touch /tmp/pwnd gets executed. bash curl -i -s -...

7.5CVSS9.6AI score0.96988EPSS
Exploits13
Huntr
Huntr
•added 2023/01/01 12:3 p.m.•20 views

Stored XSS via blog author parameter on admin.php?p=config

Description The blog author parameter is unsanitized on the page admin.php?p=config. In this way is possible to inject arbitrary javascript code Proof of Concept - Login as regular user - Go to http://localhost/flatpress/admin.php?p=config - Set as blog author "alertdocument.domain - Refresh page...

4.9CVSS5.9AI score0.00479EPSS
Exploits1
Huntr
Huntr
•added 2023/01/01 10:8 a.m.•20 views

Stored XSS through post comment body

Description The body of the comment is vulnerable to Stored XSS Proof of Concept - Create a post - Comment on it, and insert alertdocument.domain in the body...

4.9CVSS5.5AI score0.00479EPSS
Exploits1
Huntr
Huntr
•added 2023/01/01 9:57 a.m.•8 views

Send any message to any to any private channel

Description A user can add any message to a private channel that is not in that channel. This error is because the web application did not check if the sender userid is in that private channel. Proof of Concept Login to website in brower 1 with user A. Login to website in brower 2 with user B. Us...

6.9AI score
Exploits0
Huntr
Huntr
•added 2022/12/31 7:6 a.m.•41 views

Get based CSRF on Reset OP Cache functionality

Description The functionality to reset the OPCache is vulnerable to CSRF. In fact, it would be a good practice to implement a CSRF token in URL if the GET functionality is meant to trigger an action, instead of only retrieving data. Alternatively, it can be turned in a POST request, which I can s...

4.3CVSS0.2AI score0.00346EPSS
Exploits1References1
Huntr
Huntr
•added 2022/12/30 9:18 p.m.•29 views

Reseller role allowed to access to admin functionalities

Description The reseller user can access to some admin functionality just directly accessing to it by URL, even though the menu shouldn't allow it. Proof of Concept - Go to https://v2.demo.froxlor.org - Login as reseller1 - Point to: https://v2.demo.froxlor.org/adminopcacheinfo.php?page=showinfo...

4CVSS0.6AI score0.00641EPSS
Exploits1References1
Huntr
Huntr
•added 2022/12/30 8:19 p.m.•32 views

Authenticated HTMLi via theme parameter on /lib/ajax.php

Description The theme parameter is vulnerable to HTMLi on /lib/ajax.php endpoint Proof of Concept - go to https://v2.demo.froxlor.org - Login with a user - Go to https://v2.demo.froxlor.org/lib/ajax.php?action=newsfeed&theme=%3C/br%3E%3Ch1%3EHTMLi%20by%20leorac%3C/h1%3E%3Cbr%3E - You'll see the...

4.9CVSS0.7AI score0.00479EPSS
Exploits1
Huntr
Huntr
•added 2022/12/30 5:11 p.m.•22 views

Reflected Cross Site Scripting

Description User can be input malicious js in param action in url http://localhost//stats.php?action=injecthere&userid=1 and send link to other user can be steal cookie of other user. Param action not input validation from user on line 71 in file...

5.8CVSS6.2AI score0.00639EPSS
Exploits1
Huntr
Huntr
•added 2022/12/30 12:5 p.m.•12 views

HTTP Query String Injection

Description The application does not properly sanitize query string parameters in the cloudflare-kv-http,github and http drivers. In the case of the github and http drivers there is no immediate vulnerability, however a slight risk is presented. When a user controls a key within the...

0.7AI score
Exploits0References2
Huntr
Huntr
•added 2022/12/30 9:18 a.m.•33 views

Bypass Stored XSS while creating a new post

Description After login to portal create a new post and type the following text with XSS payload bypass of this fix Proof of Concept Login to portal. create a post with xss paylaod save it POC: https://drive.google.com/file/d/1WkQpGyQGKBS-9To5mludqkkL7VOp9Au/view?usp=sharelink Bypass Payload //X/...

6CVSS8.6AI score0.00991EPSS
Exploits1
Huntr
Huntr
•added 2022/12/29 8:8 p.m.•25 views

Admin is able to ARCHIVE OWN Account leads to Deactivate ADMIN Account

Description As fer the Flow Admin can't ARCHIVE OWN account . i was able to ARCHIVE ADMIN OWN Account by intercept the request and change ID Value to Admin. which leads to ARCHIVED the ADMIN Account , :/ Please Restored it Might Be possible to DELETE Admin Account too , after ARCHIVE Account it's...

4.7CVSS0.00679EPSS
Exploits1
Huntr
Huntr
•added 2022/12/29 6:43 p.m.•13 views

privilege escalation : Low access user can view Admin PRIVATE POST by using PIN functionality

Description Due to the privilege escalation issue Low access user can view Admin PRIVATE POST by abusing PIN functionality. PIN functionality is used to pin any post in TOP , by using the Low user Attacker can View the other & high privilege user PRIVATE POST , as per the flow its not PINNING any...

6.5CVSS7.1AI score0.00701EPSS
Exploits1
Huntr
Huntr
•added 2022/12/29 5:57 p.m.•20 views

Bypassing filters to trigger XSS while creating memos

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. Payload: " Proof of Concept 1 Go to https://demo.usememos.com/ and login...

6CVSS0.2AI score0.00991EPSS
Exploits1
Huntr
Huntr
•added 2022/12/29 1:43 p.m.•12 views

RCE in Wordnet Browser

Description A user who visits a malicious link with wordnet browser open will execute code on system Proof of Concept Visit http://localhost:8000/lookupgASVKwAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjBB0b3VjaCAvdG1wL1BXTkVElIWUUpQu The base64 is created from import pickle import sys import base64...

0.3AI score
Exploits0
Huntr
Huntr
•added 2022/12/29 1:5 p.m.•28 views

Local File Read through Improper Filename Validation

Description This vulnerability occur because there is no filename validation on logoimagelogin and logoimageheader on import and export function. Attacker can use path traversal payload to leak local file such as /etc/passwd or froxlor config file. Proof of Concept 1. Go to import function on...

1.7CVSS5.4AI score0.00729EPSS
Exploits2References1
Huntr
Huntr
•added 2022/12/29 9:18 a.m.•33 views

CSRF allows attacker trigger admin add HOST user lead to takeover memos application

Description This vuln allow attacker trigger admin submitting a malicious request to create new user with any role. Proof of Concept 1. Attacker create malicious script with csrf payload and upload it to attacker server httpx://attacker.server/csrf.html 2. Attacker send this link to memos admin 3...

6.8CVSS0.9AI score0.00308EPSS
Exploits1References1
Huntr
Huntr
•added 2022/12/28 9:57 p.m.•19 views

Add any thoughts via CSRF

Description An attacker can add any user thoughts via a CSRF attack When you send a link to the victim and click on it, any thoughts will be added Proof of Concept 1- When the attacker adds any thoughts, it then intercepts the request 2- Take this request to generate a CSRF PoC history.pushState'...

4.3CVSS0.3AI score0.00259EPSS
Exploits1
Huntr
Huntr
•added 2022/12/28 6:35 p.m.•21 views

Cross-Site Request Forgery (CSRF) in Add Users

Description Hello Team, Create a member functionality is vulnerable for CSRF Attack , by exploiting CSRF vulnerability , attacker can add new Members history.pushState'', '', '/' POC video: https://drive.google.com/file/d/1dN2ug8qjwbz1CGbfuBldwamIFE4BNyH/view?usp=sharing Fix: I just want to sugge...

4.3CVSS0.6AI score0.00256EPSS
Exploits1
Huntr
Huntr
•added 2022/12/28 2:44 p.m.•34 views

CSRF to change user language preferences

Description Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user Proof of Concept 1 Go to...

4.3CVSS6.8AI score0.00642EPSS
Exploits1
Total number of security vulnerabilities4072