Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/12/02 4:50 p.m.7 views

Weak Password Implimentation

Description: We can change the password with just 1 character when we use change password function. Proof of Concept When you change password, just press any character and then submit. You will see "Your password has been changed"...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2022/12/01 9:56 p.m.19 views

File Upload Filter Bypass

Description A sanitization filter bypass in plupload.php in MicroweberCMS v1.3.1 allows remote authenticated attackers to upload files outside the restricted location. The target $path for the image is being sanitized here: php $pathrestirct = userfilespath; if isset$REQUEST'path' and...

5.8CVSS0.3AI score0.38236EPSS
Exploits1
Huntr
Huntr
added 2022/11/30 6:30 a.m.33 views

Authenticated Remote Command Execution on GLPI 10.0.5 due to vulnerable marketplace plugin

Description It was found that GLPI at the current version 10.0.5 is vulnerable to a remote command execution when an attacker has super-user privileges. This is possible due to an attacker being able to download a plugin that contains files that was calling unserialize into $POST'entityrestrict'...

7.4AI score
Exploits0
Huntr
Huntr
added 2022/11/29 8:3 p.m.11 views

XSS on external links

Description This vulnerability allow for an administrator to create an evil external link. Proof of Concept As an admin user Go to /front/link.form.php?id=1 Create an external link and put has value for the link 'onmouseover="alertdocument.domain" Assign this link to budgets example As a regular...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/11/29 2:6 p.m.20 views

Limited LFI via Path Traversal

Description A path thraversal vulnerability in SuiteCRM 7.12.8 and earlier allows remote authenticated attackers to include a php file at an arbitrary path via unsanitized request parameters. Details In Suite CRM v7.12.8, SubpanelCreates.php and SubpanelEdit.php trust unsanitized user input to lo...

6.5CVSS8.6AI score0.28113EPSS
Exploits1
Huntr
Huntr
added 2022/11/28 5:42 a.m.19 views

XSS to LFI in Runcode Feature

Description By default runcode santized document prefix but if html encode to...

4.9CVSS4.6AI score0.00387EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/27 2:51 p.m.48 views

Open Redirect using Host header Injection

Description A web server commonly hosts several web applications on the same IP address, referring to each application via the virtual host. In an incoming HTTP request, web servers often dispatch the request to the target virtual host based on the value supplied in the Host header. Without prope...

5.8CVSS6.1AI score0.00599EPSS
Exploits1References2
Huntr
Huntr
added 2022/11/26 9:19 p.m.69 views

Integer overflow in realloc call

Description Integer overflow in realloc and memcpy calls in coreanalgraphlabel. In the process of concatenating source lines based on DWARF data, the resulting size 32bit signed int can overflow. The sizes of the realloc and memcpy calls differ, and potentially can lead to writes in an unintended...

4.4CVSS1.1AI score0.00326EPSS
Exploits0
Huntr
Huntr
added 2022/11/26 2:30 p.m.20 views

Reflect Cross Site Scripting

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept Go to your web phpmyfaq and visit below URL. Exploit URL:...

5.8CVSS6.1AI score0.04381EPSS
Exploits2
Huntr
Huntr
added 2022/11/25 2:42 p.m.10 views

Authenticated SQL Injection in OpenSIS Classic v9.0 and earlier

Description SQL injection in OpenSIS Classic v9.0 and earlier allows remote authenticated attackers to execute SQL code via the id parameter in MassScheduleModal.php leading to full database information disclosure. Version At the time of reporting, the most up-to-date version of the master branch...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/11/24 11:35 a.m.12 views

No rate limiting on the reset password page will lead to a DOS attack and inbox flooding for any user

Description I can use this attack to take advantage of the reset password confirmation mechanism and send a large number of emails to anyone simply because I know his email address, as well as perform a DoS attack by draining the resources of the SMTP service and the web server. Proof of Concept ...

7.3AI score
Exploits0
Huntr
Huntr
added 2022/11/24 6:38 a.m.19 views

Missing CSRF protection

Description Any user can Add Questions on FAQ section -- https://roy.demo.phpmyfaq.de/index.php?action=ask&categoryid=0 This section is vulnerable to CSRF. The aggressor can abuse this without prior knowledge of others'. The successful CSRF will send new questions from the victim's browser Captur...

4.9CVSS0.3AI score0.00479EPSS
Exploits1
Huntr
Huntr
added 2022/11/24 5:34 a.m.26 views

AddressSanitizer: heap-buffer-overflow in alloc.c 246:11

Description ================================================================= ==19339==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000001015 at pc 0x0000004872d8 bp 0x7ffdef721150 sp 0x7ffdef720910 WRITE of size 2 at 0x606000001015 thread T0 Detaching after fork from child proce...

4.4CVSS7.9AI score0.00423EPSS
Exploits1
Huntr
Huntr
added 2022/11/23 10:3 p.m.11 views

Unrestricted Upload of file with dangerous type lead to destroying the company's reputation.

Description In upload function i found the function accept a lot of file type and this is very dangerous because may be malicious user upload html file contain any information like go to another site or write message destroying the company's reputation like this site has been hacked by hacker Pro...

6.8AI score
Exploits0
Huntr
Huntr
added 2022/11/23 9:20 p.m.10 views

An unrestricted upload file lead to a stored XSS via SVG file.

Description During the test, I discovered that the upload function accepted svg files without any sanitization, allowing me to inject javascript code into the svg file and store it, as well as execute the javascript code via the svg file. Proof of Concept // PoC.js...

7.5AI score
Exploits0
Huntr
Huntr
added 2022/11/23 4:51 p.m.17 views

Cross-site scripting

Description memos allow users to upload file and make it public to others. But if the file is html with below content, xss attack can happen. Proof of Concept // PoC.js alert"warning";...

4.9CVSS1.9AI score0.00704EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/23 11:55 a.m.11 views

Stored XSS in kiwiTCMS

Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform a Stored XSS. The problem is that the upload function permit...

5.6AI score
Exploits0
Huntr
Huntr
added 2022/11/22 4:9 p.m.8 views

DOM-based Cross-site Scripting (DXSS) Vulnerability

Description Two CalendarXP products have DXSS vulnerability in common parts of HTML files. CalendarXP FlatCalendarXP through 10.0.1 has DXSS vulnerability in iflateng.htm and nflateng.htm, and CalendarXP PopCalendarXP through 10.0.1 has DXSS vulnerability in ipopeng.htm and npopeng.htm. Proof of...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/11/21 8:28 a.m.8 views

heap-buffer-overflow in gf_isom_box_write_header

Description heap-buffer-overflow in gfisomboxwriteheader at isomedia/boxfuncs.c:408. version info git log commit 68064e10172675e0853d6f429fb2055112835602 grafted, HEAD - master, origin/master, origin/HEAD Author: jeanlf Date: Fri Nov 18 10:36:10 2022 +0100 fixed build without http2 support ./MP4B...

7AI score
Exploits0
Huntr
Huntr
added 2022/11/21 5:39 a.m.24 views

Unauthorized access to settings update, logs , history, delete etc of repositories

Hey, Attack Scenario: Admin setups new user with User privileges and gives access to repos "/" root directory, after a time due to some reason he revoke the privileges of the directory access but user privileged attacker can still edit settings , check logs and view history without having...

7.5CVSS1.2AI score0.00789EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/20 3:54 p.m.47 views

Stored XSS - XSS in RSS link href attribute

📜 Description Cross-site scripting XSS is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. The persistent or stored XSS vulnerability is a more devastating variant of a...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2022/11/19 5:29 a.m.10 views

Stored cross site scripting

Hi Team, I have found a stored cross-site scripting vulnerability in the Create event section. Description What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry points for stored XSS are: message forums...

5.2AI score
Exploits0
Huntr
Huntr
added 2022/11/18 7:41 p.m.26 views

3 Types of SQLi in `s` param - (Time/Boolean/Error Based)

Description I have found 3 types of SQLi on the s parameter Proof of Concept Time-Based Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time in seconds before...

7.5CVSS9.2AI score0.03954EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/18 11:14 a.m.34 views

TLS Cookie without `secure` flag at https://roy.demo.phpmyfaq.de

Description The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function. This issue was found in multiple locations under the reported path. Issue background If the secure flag is set...

5CVSS0.00422EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/17 11:51 a.m.9 views

Cross-site Scripting (XSS) - Stored at discussion title

Description Attacker can inject XSS payload in title when he starts or renames a discussion. The payload will be triggered right after a normal user open that discussion. Proof of Concept 1. Login to your account on https://forum.locker.io 2. Create New Discussions 3. On the Discussions Title,...

6AI score
Exploits0
Huntr
Huntr
added 2022/11/15 12:49 p.m.26 views

Stack-Based Buffer Overflow in gf_sg_proto_field_is_sftime_offset

Description Stack-Based Buffer Overflow in gfsgprotofieldissftimeoffset at vrmlproto.c:1295. version git log commit 05eaac875354682942b70c790bcd62cb5f4cc825 grafted, HEAD - master, origin/master, origin/HEAD Author: Jean Le Feuvre Date: Mon Nov 14 18:07:45 2022 +0100 fixed msvc warnings ./MP4Box...

4.4CVSS7.7AI score0.00391EPSS
Exploits1
Huntr
Huntr
added 2022/11/15 10:54 a.m.18 views

Path Traversal that leads to Remote Code Execution via PHP file upload

📜 Description A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2022/11/15 3:51 a.m.20 views

Missing Authentication for Critical Function

Description Generally, when users try to change the password, they are asked to verify the request by entering the old password. For the same reason, verification should be there on changing email. when user changes the email address then the website sends verification mail to the new mail id...

3.5CVSS5.1AI score0.00484EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/14 1:31 p.m.44 views

XSS in RSS Description Link

Description An Administrator can import a malicious RSS feed that contains Cross Site Scripting XSS payloads inside RSS links. Victims who wish to visit an RSS content and click on the link will execute the Javascript. Proof of Concept 1. Create a malicious RSS feeds The XSS payload is inside ite...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/11/14 12:0 p.m.14 views

Agent can get inbox credentials through api

Description user with agent privileges can get access to sensitive inbox details through api Proof of Concept 1. Create normal user with agent privileges 2. get api key for this user 3. use endpoint https://www.chatwoot.com/developers/api/tag/Inboxes/operation/listAllInboxes 4. if inbox is...

Exploits0
Huntr
Huntr
added 2022/11/10 5:53 p.m.24 views

xss in live edit

Description when you make website and login as admin if u add user as admin he maybe evil admin n live edit https://demoxss.microweber.net/?editmode=y i start edit as html i see i can write script but didnt pass when u open site as end user then i just try add html tag with events but the sam...

5.8CVSS5.7AI score0.00488EPSS
Exploits0
Huntr
Huntr
added 2022/11/10 10:32 a.m.15 views

HTML injection possible via LLDP

Description An unmanaged/foreign neighbouring device that is advertising its presence with LLDP can inject malicious HTML code into LibreNMS by setting its System Name TLV to whatever snippet is to be injected. This is assuming that a device that is managed by LibreNMS has LLDP and the...

6.2AI score
Exploits0
Huntr
Huntr
added 2022/11/09 4:46 p.m.19 views

Unintended API key generation

Description The API keys sections are vulnerable to CSRF. The aggressor can generate the key on the admin's account without prior knowledge of admin credentials. The successful CSRF will generate new keys on the admin's account. Proof of Concept history.pushState'', '', '/' document.forms0.submit...

1.3AI score
Exploits0References2
Huntr
Huntr
added 2022/11/08 5:26 p.m.23 views

Post parameter namespaceMD5 is vulnerable to reflected XSS

Description The POST parameter namespaceMD5 is vulnerable to reflected XSS. Proof of Concept javascript // POST request to /module with parameters and payload namespaceMD5=3389dae361af79b04c9c8e7057f60cc6test''"alertalert&module=settings%2Fgroup%2Flanguageimport&id=mwadminimportlanguagemodalconte...

5.8CVSS2.3AI score0.00616EPSS
Exploits1
Huntr
Huntr
added 2022/11/07 3:22 p.m.11 views

froxlor/froxlor <= 0.10.38.2 - Authenticated Unrestricted File Upload to RCE

Description Unsafe file uploads occur when the web server fails to sufficiently validate the file’s size, type, name, contents, or what restrictions are placed on the file once it has been successfully uploaded. The application fails to validate files that are uploaded, allowing an attacker to...

8.1AI score
Exploits0References2
Huntr
Huntr
added 2022/11/07 9:25 a.m.171 views

There is an RCE vulnerability

Description - There is an RCE vulnerability in qmpaas/leadshop https://github.com/qmpaas/leadshop v1.4.15. An attacker can access the file leadshop.php and call any existing function through GET to control the target host. The vulnerability is in the leadshop/web/leadshop.php27-61 file public...

7.5CVSS0.3AI score0.00936EPSS
Exploits1
Huntr
Huntr
added 2022/11/07 1:26 a.m.7 views

XSS in dp.la

Description dpla-frontend which is a frontend application of dp.la is vulnerable to XSS. Proof of Concept...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/11/04 10:33 p.m.20 views

Username and email enumeration via Forgot password feature

📜 Description User enumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system. The malicious actor is looking for differences in the server's response based on the validity of submitted credentials. The differences can be inside the...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2022/11/04 10:0 p.m.12 views

CSRF on SSL certificates deletion

📜 Description Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform using form submissions. It allows an attacker to partly circumvent the same origin policy, which is designed to...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/11/04 10:30 a.m.31 views

Html Injection Reflected in Login Page

Description HTML Injection is a vulnerability in which the attacker can inject malicious html content in the login webpage. Proof of Concept Navigate to: https://demo.froxlor.org/index.php?showmessage=4&customermail=%22%3Cmarquee%3E%3Ch3%3EHTML/INJECTION/HERE%[email protected]...

5.8CVSS1AI score0.01265EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/04 12:46 a.m.31 views

Authenticated SQL injection via filename & update-instance parameters

There is a SQL injection vulnerability inside saveMeta function in AttachmentAbstract.php. When a file is being uploaded via admin/index.php?action=ajax&ajax=att&ajaxaction=upload endpoint, the filename parameter isn't being sanitized and its later on interpolated into a raw SQL query inside...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/11/04 12:45 a.m.27 views

XSS and CSP bypass in app.diagrams.net

Description The application reflects an input from the url without sanitizing it. With a csp bypass from apis.google.com its possible to execute javascript code. Proof of Concept...

5.8CVSS0.4AI score0.00624EPSS
Exploits1
Huntr
Huntr
added 2022/11/03 9:48 p.m.20 views

Unauthenticated stored XSS via username & name parameters

There is a stored XSS vulnerability due to improper sanitization of usernames. Vulnerable code User.php line 532: php public function isValidLoginstring $login: bool $login = string$login; if strlen$login loginMinLength || !pregmatch$this-validUsername, $login $this-errors =...

6.1AI score
Exploits0
Huntr
Huntr
added 2022/11/03 8:16 p.m.20 views

XSS Stored inside help links onevent attribute

📜 Description Cross-site scripting XSS is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. The persistent or stored XSS vulnerability is a more devastating variant of a...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2022/11/03 8:0 p.m.16 views

XSS Stored inside Standard Interface Help Link href attribute

📜 Description Cross-site scripting XSS is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. The persistent or stored XSS vulnerability is a more devastating variant of a...

Exploits0References1
Huntr
Huntr
added 2022/11/03 7:50 p.m.12 views

Application-Wide Stored Cross Site Scripting affecting all Users

Description Hi Team, I have found a stored cross-site scripting vulnerability in the reporting dashboard module. What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry points for stored XSS are: message...

5.5AI score
Exploits0
Huntr
Huntr
added 2022/11/03 8:8 a.m.17 views

SQL Injection inside instance name leads to Remote Code Execution

📜 Description SQL injection SQLi is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2022/11/02 6:12 p.m.13 views

SQL Injection via lang parameter/RCE when PostgreSQL is used

Description There is a SQL injection vulnerability in the lang parameter of phpmyfaq/ajaxservice.php?action=savefaq endpoint. Vulnerable code starts at ajaxservice.php line 369, specifically the isnull$faqId && !isnull$categories'rubrik' part: php if !isnull$author && !isnull$email &&...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2022/11/02 4:43 p.m.19 views

Stored XSS and HTML injection from markdown

Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform both a Stored XSS and an HTML injection. Thanks to this attack i...

4.9CVSS5.8AI score0.00454EPSS
Exploits1
Huntr
Huntr
added 2022/11/02 9:16 a.m.15 views

Unrestricted File Upload

BigBlueButton 2.5.6 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures. PoC: 1- Submit the request to insertDocument, specifying the extension:...

7.2AI score
Exploits0
Total number of security vulnerabilities4072