Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/12/21 3:38 p.m.20 views

No rate limit on "resend email feature" while enable or disable 2FA from /prefs/mfa endpoint

Description When a user is setting up 2FA , a verification code will be sent to the registered email . There is no rate limit on email triggering that will result in an email flood / does attack or will also increase the expenses on your mail server as an attacker can send 1 million emails throug...

4CVSS0.1AI score0.00632EPSS
Exploits1
Huntr
Huntr
added 2022/12/21 8:30 a.m.23 views

Stored XSS in multiple menus

Description The demo website is affected of stored XSS at multiple menus. Proof of Concept 01 1. Access to the demo website http://demos4.softaculous.com/ 2. Login with admin user they provide, press on menu Uploader, in Uploader tab, try to upload whichever file then choose Media manager tab. 3...

4.9CVSS5.5AI score0.00518EPSS
Exploits1
Huntr
Huntr
added 2022/12/21 7:56 a.m.15 views

Stored XSS in Search

Description Stored XSS is a type of XSS that stores malicious code on the application. The demo website is affected of it. Proof of Concept 1. Access to the demo website https://demo.usememos.com/ 2. At "Any thoughts....", write XSS Payload and save it. In this scenario, I used payload: " 3. Now,...

4.9CVSS5.3AI score0.00539EPSS
Exploits1
Huntr
Huntr
added 2022/12/21 7:26 a.m.25 views

Privilege vulnerability at API Change Password

Description There is a vulnerability at API Change password. I use API PATCH /api/user/x to get user's information and change their password. With x is the user's id, which are numbers in ascending or descending order Proof of Concept 1. Access to the demo website https://demo.usememos.com/ 2. Us...

5.5CVSS8.1AI score0.00633EPSS
Exploits1
Huntr
Huntr
added 2022/12/21 6:39 a.m.17 views

Cookie without Secure attribute

Description At the moment, memossession has the value false at secure flag. Proof of Concept 1. Access to web demo https://demo.usememos.com/ 2. Use browser's dev tool to check the cookie, we can see there is a memossession having value false at Secure...

4CVSS0.1AI score0.00376EPSS
Exploits1
Huntr
Huntr
added 2022/12/21 1:27 a.m.22 views

A user can update information / password from other users

Description A user neither admin nor host can modify nickname, username and email from other users without permission, being a normal user. Steps to Reproduce 1. Login as user A here, called "ileana.maricel", HOST role. 2. In another browser login as user B called "ileana.mariceel", USER role. Co...

6.5CVSS0.00741EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/21 12:25 a.m.28 views

A user can edit private memos from other users

Description It is possible for a user to edit private memos from other users and also change their visibility, making them public. Also the user could change the visibility from Public to Private or viceversa. Steps to Reproduce 1. Log in as a user A here called "ile.maricel". 2. In another brows...

6.5CVSS0.5AI score0.00607EPSS
Exploits1References3
Huntr
Huntr
added 2022/12/20 3:46 p.m.14 views

Lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection

Description Lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/sshkeys 2 Add SSH key 3 Enter the name evil.com ...

5.8CVSS1.6AI score0.00485EPSS
Exploits1
Huntr
Huntr
added 2022/12/20 3:38 p.m.22 views

Hyperlink injection through access token name

Description Hyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation. Hyperlink injection in the email can lead to phishing via email directly to users. Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/tokens 2 Create a new access token...

5.8CVSS0.9AI score0.00481EPSS
Exploits1
Huntr
Huntr
added 2022/12/20 3:27 p.m.16 views

No notification triggered on sensitive actions like adding SSH key

Description Adding SSH key is a sensitive action . As the application triggers a notification on all sensitive actions like email change/password reset , SSH key is also an important security feature to be notified about Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/sshkeys 2 ...

7.5CVSS0.5AI score0.00967EPSS
Exploits1
Huntr
Huntr
added 2022/12/20 3:18 p.m.24 views

Session cookie without 'HttpOnly' Flag

Description All versions of daloRADIUS prior to the master branch transmit the session cookie i.e. PHPSESSID without setting the HttpOnly flag. Proof of Concept $ curl --head http:///login.php HTTP/1.1 200 OK Date: Tue, 20 Dec 2022 14:11:38 GMT Server: Apache Set-Cookie:...

5CVSS0.4AI score0.00629EPSS
Exploits1
Huntr
Huntr
added 2022/12/20 2:45 p.m.32 views

XSS by uploading svg files

Description Hi there, Your project has a function of uploading files.That is the section named "Resource".But it does not filter the content of the uploaded files. If we upload an svg file containing malicious data and a user accesses it, xss will be triggered. Video Please visit my video link...

4.9CVSS5.6AI score0.00564EPSS
Exploits1
Huntr
Huntr
added 2022/12/20 1:8 p.m.27 views

Unsanitized input returned in response is conducive to XSS exploitation

Description During the initial installation process it was identified that the "Create user" form that collects user data, does not properly sanitize the data entry and then prints them on the screen with an error message without any apparent validation, thus allowing the insertion of HTML or...

5.8CVSS6.1AI score0.00577EPSS
Exploits1References3
Huntr
Huntr
added 2022/12/20 11:32 a.m.72 views

Cross-site scripting - Stored via upload `.svg` file in

Description When user upload a file with .svg extension and direct access this file, the server response with Content-type: image/svg+xml lead to processing SVG as HTML file Proof of Concept POST /api/resource HTTP/2 Host: demo.usememos.com Cookie:...

4.9CVSS5.6AI score0.00695EPSS
Exploits1References2
Huntr
Huntr
added 2022/12/20 8:15 a.m.33 views

Stored XSS via SVG File

Description usememos has a feature to upload file and display it. By uploading a crafted SVG files, the users can perform Stored XSS attack with the image direct link. Copy the following code and save as filename.svg. Proof of Concept filename.svg alertdocument.location; 1. Login as user 2. creat...

4.9CVSS5.5AI score0.00601EPSS
Exploits1
Huntr
Huntr
added 2022/12/19 9:43 p.m.23 views

Stored XSS while creating a new post

Description After login create a new post and type the following text with XSS payload XSS in create post then click post that will be executed. Proof of Concept XSS in create post tete...

4.9CVSS5.5AI score0.00652EPSS
Exploits1
Huntr
Huntr
added 2022/12/19 6:31 p.m.41 views

Account takeover via changing password

Description after login with normal user go to Settings then change password ,you will find the following request PATCH /api/user/104 HTTP/2 Host: demo.usememos.com Cookie:...

6.5CVSS0.4AI score0.00741EPSS
Exploits1
Huntr
Huntr
added 2022/12/19 4:57 p.m.14 views

Cron execution command field allows attackers with admin privilege to execute OS command as root

Description - Cron execution command value is written into cronfile without any security protection mechanism. - If an attacker gained admin access, he/she can run OS command as root. Proof of Concept 1/ Navigate to http://webserver/froxlor/adminsettings.php?page=overview&part=crond 2/ In the Cro...

1AI score
Exploits0
Huntr
Huntr
added 2022/12/19 4:3 p.m.17 views

Stored XSS in admin panel (users page)

Description Stored XSS in admin panel in users page via inject XSS payload in Name input field by any user to affect the admin panel Proof of Concept https://drive.google.com/file/d/1EsYq3R6GRAdEbpZxp2RwQwGr4G8fJGB7/view?usp=sharing...

4.9CVSS5.2AI score0.00487EPSS
Exploits0
Huntr
Huntr
added 2022/12/19 1:17 p.m.26 views

Attributes are not properly handled leading to XSS

Description Attribute names and the class attribute values are not properly handled leading to XSS where a user can control either: + A class value + An attribute name. While this may not seem like a important security issue this weakness is not documented. One would assume the behaviour would...

5.8CVSS5.9AI score0.00458EPSS
Exploits0References2
Huntr
Huntr
added 2022/12/19 12:26 p.m.9 views

SNMP location XSS vulnerability

Description By including some HTML in the "Location" field of the snmpd configuration of a managed device, an attacker can inject HTML into the LibreNMS "Devices" tab, which then gets rendered when the page is viewed. EDIT: I'm having difficulties developing a proper exploit for this beyond the...

6.7AI score
Exploits0References1
Huntr
Huntr
added 2022/12/18 9:35 p.m.7 views

Stored XSS in Week View Plugin

Description Stored cross-site scripting vulnerabilities arise when user input is stored and later embedded into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of an...

6.3AI score
Exploits0References1
Huntr
Huntr
added 2022/12/18 2:0 p.m.23 views

Stored XSS in FAQ comments

Description Stored XSS in FAQ comments by any visitor or anonymous user that alerted in admin panel in comments page also it stored in the FAQ page itself via injecting XSS payload in "Name " and "Message" input fields . Proof of Concept...

4.9CVSS5.2AI score0.00546EPSS
Exploits0
Huntr
Huntr
added 2022/12/18 3:29 a.m.15 views

Multiple Blind SQL Injection Vulnerabilities in Reports

Description SQL injection typically allows an attacker to extract the entire database from the vulnerable website, including user information, encrypted passwords, and business data. This can subsequently lead to mass compromise of user accounts, data being encrypted and held to ransom, or stolen...

7.8AI score
Exploits0References1
Huntr
Huntr
added 2022/12/17 2:35 p.m.32 views

Blind Stored XSS in admin panel (open question page)

Description Blind stored XSS via any unauthorized or anonymous visitor user without any privileges can inject XSS payload in "Add question" page in "Your Name" input field then it will be executed in admin panel in Open Question page Proof of Concept...

4.9CVSS5.2AI score0.00487EPSS
Exploits0
Huntr
Huntr
added 2022/12/15 11:57 p.m.26 views

Blind Stored XSS in administration panel

Description Blind stored XSS : any visitor user without any privilege can create "Proposal for a new FAQ" at the following URL https://roy.demo.phpmyfaq.de/index.php?action=add&cat=0 and add XSS payload in "Your question" input field allows any anonymous visitor can steal admin cookies also...

5.8CVSS5.9AI score0.00562EPSS
Exploits0
Huntr
Huntr
added 2022/12/15 8:38 p.m.20 views

Stored XSS in Roles

Description Stored cross-site scripting vulnerabilities arise when user input is stored and later embedded into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of an...

4.3CVSS5.4AI score0.00473EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/14 9:22 p.m.120 views

Bypass All Captchas in the application

Description Bypass Captcha while adding a new Proposal for a new FAQ or Add question ,And send unlimited request without submit captcha code. Proof of Concept https://drive.google.com/file/d/140CMe4FLFLBmIUUbI8706bZ4zs4d7N/view?usp=sharing...

7.5CVSS9AI score0.00928EPSS
Exploits0
Huntr
Huntr
added 2022/12/14 5:1 a.m.24 views

XSS in Integration URL

Description XSS vulnerability in integration URL that could execute javascript when clicking on the URL Proof of Concept 1. navigate to the panel dashboard 2. add or edit integration and insert the URL of integration with this payload javascript:alert1 POC:...

4.9CVSS6.4AI score0.40916EPSS
Exploits1
Huntr
Huntr
added 2022/12/13 8:48 p.m.19 views

Cross site scripting vulnerability in pimcore

Description Cross site scripting vulnerability in pimcore/pimcore "title field " in data objects Proof of Concept 1. Login with dev account https://11.x-dev.pimcore.fun/admin/?dc=1670962076&perspective= 2. Go to setting -- data objects -- classes -- events 3. Click media under genaral settings 4...

4.9CVSS5.3AI score0.00459EPSS
Exploits1
Huntr
Huntr
added 2022/12/13 10:19 a.m.24 views

Reflect XSS Which can help in any CSRF Vulnerability

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept Below HTML code for trigger XSS with POST method XSS POC By AggressiveUser history.pushState'', '', '/' Below BurpSuite POC YO...

5.8CVSS5.6AI score0.00513EPSS
Exploits0
Huntr
Huntr
added 2022/12/12 11:41 p.m.20 views

Stored XSS on User Management, Category, Add New FAQ, Add News and Configuration

Description Improper validation on user input in Add Category module, Add New FAQ module, Add News and edit Configuration in phpMyFAQ v3.1.9 allow user to execute malicious javascript payload which lead to vulnerability Stored XSS Proof of Concept - Login to demo instance...

4.9CVSS5.4AI score0.00401EPSS
Exploits0References1
Huntr
Huntr
added 2022/12/12 6:48 p.m.23 views

Multiple XSS Vulnerabilities in Queue Condition

Description Cross-Site Scripting XSS vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code...

4.9CVSS5.9AI score0.01015EPSS
Exploits1
Huntr
Huntr
added 2022/12/12 12:13 p.m.11 views

Authenticated Reflected XSS on ajax/common.tabs.php

Description There is a reflected XSS vulnerability on ajax/common.tabs.php due to the KnowBase tab not escaping the start parameter properly probably because it's not reflected inside quotes. There was some work into getting the exploit working, due to JQuery's $ not being defined and causing a...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2022/12/12 10:58 a.m.31 views

Cross-site Scripting (XSS) - Stored

✍️ DESCRIPTION The activatetemplate parameter at line 16 of the templates.php file will be rendered at line 31 of file the dashboard.php page, without using the htmloutput function. 💥 STEP TO REPRODUCE - Login to your admin account, then visit the URL...

4.3CVSS5.7AI score0.00682EPSS
Exploits1
Huntr
Huntr
added 2022/12/12 5:31 a.m.10 views

XSS in Workflow Comment

Description XSS Vulnerability in Workflow Comment that user can insert javascript payload in comment Proof of Concept 1. navigate to dashboard and workflow settings 2. open the commend in side-bar and insert like this payload test POC:...

7AI score
Exploits0
Huntr
Huntr
added 2022/12/12 5:24 a.m.17 views

Html Injection in Activity

Description Html injection in Activity and just only need html payload in workflow and fire in Activity list Proof of Concept 1. navigate to dashboard and workflow settings 2. insert new workflow with this payload test 3. open the activity list POC:...

5.8CVSS6.6AI score0.0058EPSS
Exploits1
Huntr
Huntr
added 2022/12/12 5:21 a.m.23 views

Unauthenticated Remote Command Execution on corebos due to exposed install files.

Description While analysing corebos source-code, I found a file that looked interesting: - install/MigrationDbBackup.php This file contains the following snippet of code: php ?php /+ The contents of this file are subject to the vtiger CRM Public License Version 1.0 "License"; You may not use this...

7.5CVSS1.9AI score0.01267EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/09 10:48 a.m.10 views

Filepath of page components of deploying system leaks in source code

Description When building your Nuxt application, the source file path of all page components is written in the entry.js file and is thus human readable to everyone. This could lead to unwanted side effects, as in revealing the structure of the system which was used to build the application or...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/12/08 3:56 a.m.28 views

Cross Site Scripting (XSS) Reflected

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept https://github.com/phpipam/phpipam/blob/master/app/subnets/mail-notify-subnet.php look in line 94-9...

5.8CVSS5.9AI score0.00448EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/07 2:40 p.m.24 views

Sensitive system information disclosure

Description An unauthenticated user can gather information on the remote system just by visiting the following endpoints: + /library/exten-radiusserverinfo.php which reveals pieces of information such as system uptime, CPU load, etc. + /library/exten-serverinfo.php which reveals if mysql and/or...

5CVSS6.3AI score0.00701EPSS
Exploits1
Huntr
Huntr
added 2022/12/07 7:12 a.m.18 views

XSS in Markdown Events

Description XSS Vulnerability in the Events and Markdown features Proof of Concept 1. Login to the dashboard 2. Insert or Edit Events in the Description and Link 3. Payload like that Link Link POC: https://drive.google.com/file/d/1WiNd8lgEjmSpUe4b0LCoKyFw47nsw45s/view?usp=sharing...

4.9CVSS5.7AI score0.00481EPSS
Exploits1
Huntr
Huntr
added 2022/12/07 6:59 a.m.20 views

Html Injection in Groups

Description Insert XSS payload in groups fieldsName, Description Proof of Concept 1. login to the dashboard 2. navigate to groups 3. insert Name and Description aaaaatest POC: https://drive.google.com/file/d/1ZsxN-zKoyuiosrgfG8a9Z1sFe9mde-8/view?usp=sharing...

4.9CVSS5.3AI score0.00494EPSS
Exploits1
Huntr
Huntr
added 2022/12/06 7:21 p.m.21 views

Reflected XSS in Organizations Search

Description Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScrip...

4.9CVSS5.5AI score0.01015EPSS
Exploits2References1
Huntr
Huntr
added 2022/12/06 6:10 p.m.14 views

Reflected XSS in Advanced Ticket Search

Description Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScrip...

4.9CVSS5.8AI score0.01059EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/05 6:41 a.m.26 views

Lack of CSRF Token in Logout

Description we haven't csrf token in logout basically this is not really issue but in rdiffweb we have logically redirect user to last source like logout method. in this case attacker can chain two requestlogout,login that lead to dos Proof of Concept 1. send get logout request and get sessionid...

4.3CVSS5.7AI score0.00313EPSS
Exploits0
Huntr
Huntr
added 2022/12/05 12:53 a.m.20 views

Insufficient Upload Filtering

Description The upload filter in Ampache 5.5.5 is insufficient and does not prevent authenticated users from uploading files with malicious extensions, which can lead to remote code execution RCE depending on the local server configuration. This vulnerability assumes several things which has been...

6.5CVSS6.5AI score0.00758EPSS
Exploits1
Huntr
Huntr
added 2022/12/04 2:43 p.m.37 views

XSS Stored in Email

Description It was discovered that it is possible to inject a malicious payload into the email address field, resulting in a stored XSS vulnerability. Proof of Concept 1. Access to emails parameters /scp/emails.php 2. create an account with the following email address Payload...

4.9CVSS5.3AI score0.00514EPSS
Exploits1References1
Huntr
Huntr
added 2022/12/04 10:36 a.m.23 views

Path traversal vulnerability found

Description please check this link https://demos4.softaculous.com/FlatPressfgbu50zqaa/fp-content/ Proof of Concept https://prnt.sc/0UGovVLWcKo7...

7.5CVSS9AI score0.03637EPSS
Exploits1
Huntr
Huntr
added 2022/12/03 5:12 a.m.13 views

No Protection against Bruteforce attacks on Login page

Description Webpage manager does not limit unsuccessful login attempts allowing Brute Forcing. Proof of Concept 1. Register the account. 2. Logout the account and try to login with the different password. 3. Take the request into Burp suite intruder, set the payload list to 30for testing. 4. The...

1.2AI score
Exploits0References1
Total number of security vulnerabilities4072