Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/11/02 7:22 a.m.15 views

Reflected XSS on multiple locations and parameters

Description The user input is not being sanitized properly on multiple locations and on different parameters leading to XSS. Proof of Concept https://demo.bumsys.org/reports/sales-report/?salesDate=" Payload "...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/11/01 5:47 p.m.15 views

Reflected Cross Site Scripting leading to session hijacking

Description Basic XSS: XSS Cross-Site Scripting vulnerabilities arise when untrusted data gets interpreted as code in a web context. XSS attacks effectively make the attacker logged in as the target user, with the nasty addition of tricking the user into giving some information such as their...

6.3AI score
Exploits0
Huntr
Huntr
added 2022/11/01 4:36 p.m.12 views

XSS Stored inside website title

📜 Description Cross-site scripting XSS is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. The persistent or stored XSS vulnerability is a more devastating variant of a...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2022/11/01 6:7 a.m.44 views

Cross Site Scripting (XSS) Reflected

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept 1. i open this page...

5.8CVSS5.9AI score0.01532EPSS
Exploits1References1
Huntr
Huntr
added 2022/11/01 1:35 a.m.15 views

Eve has a Comparison of Incompatible Types that Results in Invalid State

Description A conditional statement that always resolves to False. Proof of Concept // eve/methods/common.py if field in document and documentfield is not None and documentfield is not Always resolves to False : relatedlinks =...

1.7AI score
Exploits0References1
Huntr
Huntr
added 2022/10/30 11:52 p.m.11 views

XSS Stored inside Admin logs

Description If an attacker attempt to login with an XSS payload inside the username, the login attempt will be logged on the admin dashboard. Then, if an admin visits the login logs page, it will execute the XSS. Proof of Concept Login with XSS inside username Admin visits logs...

1.9AI score
Exploits0References1
Huntr
Huntr
added 2022/10/30 11:35 p.m.9 views

XSS stored in Category name

Description If a user inject an XSS payload inside a category name. All users that visit the index page will execute the corresponding XSS payload. Proof of Concept Add a malicious category XSS is executed...

2.5AI score
Exploits0References1
Huntr
Huntr
added 2022/10/30 10:40 p.m.15 views

SQL Injection inside category creation (checkIfCategoryExists)

Description A user with the permission to Add category can abuse this feature to execute his own SQL queries. Proof of Concept Static code analysis The vulnerable php code is : php public function checkIfCategoryExistsarray $categoryData: int $query = sprintf "SELECT name from %sfaqcategories WHE...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/10/30 8:18 a.m.20 views

heap-use-after-free in function did_set_spelllang at spell

Description heap-use-after-free in function didsetspelllang at spell.c:2256:19 vim version shell git log -1 commit 03d6e6f42b0deeb02d52c8a48c14abe431370c1c HEAD - master, tag: v9.0.0820, origin/master, origin/HEAD...

4.4CVSS1.2AI score0.00655EPSS
Exploits1
Huntr
Huntr
added 2022/10/30 4:35 a.m.13 views

Reflected XSS on ID parameter

Description Vulnerable code " Proof of Concept https://demo.bumsys.org/xhr/?icheck=false&module=accounts&page=editAccount&id=test"...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/10/28 7:16 a.m.20 views

Improper Input Validation on emails links

Description In GLPI, users can add their own email addresses to their accounts. However, there is a lack of validation which allows users to add new fields into the mailto: link. Email links support multiple parameters like : - cc - bcc - body - subject - multiple emails email1, email2, ... -...

1.7AI score
Exploits0References1
Huntr
Huntr
added 2022/10/27 7:8 p.m.12 views

XSS Stored - Content of tasks are not sanitize

Description If a user inject an XSS payload inside the content of a task. All users that visit the kanban will execute the corresponding XSS payload. Proof of Concept Create XSS in task content XSS is executed...

2.5AI score
Exploits0References1
Huntr
Huntr
added 2022/10/27 5:2 p.m.23 views

SQL Injection - SQL as a service (No-auth)

Description The GLPI's plugin named glpi-archimapcontains an ajax route named getconfig.php which allows a user to retrieve the plugin configuration. However, this route is accessible by everyone because there is no authentication check. Moreover, the attacker can inject his own SQL queries and g...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2022/10/27 5:0 p.m.23 views

Dev mode Path traversal

Description Vite is misconfigured within nuxt to permit any file to be retrieved from the file system. Root Cause Vite configuration has strict set to false. Exploitation Requirements: + Server must be running in developer mode Vulnerability can be exploited using paths like the following...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2022/10/27 12:28 p.m.25 views

Link Preload XSS

Description Link preloads do not effectively confirm if the requested link is external. Parser differentials can be used to bypass existing external URL check. Root Cause payload.client.ts contains the following code on link prefetch: ts nuxtApp.hooks.hook'link:prefetch', url = if...

5.8CVSS6.2AI score0.00443EPSS
Exploits0
Huntr
Huntr
added 2022/10/27 11:23 a.m.66 views

Stored XSS - XSS in RSS link

Description An Administrator can import a malicious RSS feed that contains Cross Site Scripting XSS payloads inside RSS links. The administrator can then make the RSS feed available to all users of the software. Victims who wish to visit an RSS content will execute the Javascript code in a new ta...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2022/10/27 3:38 a.m.21 views

DOM XSS on lab.flipper.net via the "channel" or "version" parameters

Description Hi ! The Web Platform for the Flipper is vulnerable to DOM XSS via the channel and version parameters. This occurs because when the user clicks on Choose firmware the values are passed directly to innerHTML without parsing. Proof of Concept 1. 1 The user access the following URL :...

1AI score
Exploits0
Huntr
Huntr
added 2022/10/27 2:7 a.m.29 views

No Rate Limit On migrate-email Endpoint Leads to Brute-force Attack

The migrate-email endpoint is requiring Email, Username, and Password parameter. This endpoint contain authentication functionality that doesn't have any protection from brute-force attack, which allows an attacker to try every possible password combination without any restriction. CWE-307:...

7.5CVSS0.8AI score0.01051EPSS
Exploits1References1
Huntr
Huntr
added 2022/10/27 1:33 a.m.27 views

User Enumeration

Description The migrate-email endpoint is requiring Email, Username, and Password parameter. The Username parameter value will be queried to userManager.Users and will returning data to user variable, if user variable contain null value, the application will return bad request with "Invalid...

5CVSS2.2AI score0.009EPSS
Exploits1References1
Huntr
Huntr
added 2022/10/26 8:39 p.m.6 views

Stored XSS - Entity name not sanitize in Ticket creation page

Description An Administrator can set a Cross-Site Scripting XSS payload inside an entity name. This XSS will be executed on the Ticket Creation page Menu - Assistance - Create Ticket. Proof of Concept 1. Set an XSS in Entity name 2. Go to the "Create Ticket" page 3. XSS is excuted...

1.2AI score
Exploits0References1
Huntr
Huntr
added 2022/10/26 7:2 p.m.30 views

Dev Server XSS

Description The developer server unsafely renders the stack trace within errors. This can be manipulated by sending a specially crafted request. Root Cause The error-dev.vuetemplate, within @nuxt\ui-templates uses the v-html directive to render the stacktrace section of the error. vue This would...

5.8CVSS1.3AI score0.00509EPSS
Exploits1
Huntr
Huntr
added 2022/10/26 2:30 p.m.19 views

Stored Cross Site Scripting (Network Maps Editor functionality)

Description Hello Team, Hope you are doing well. I have found a stored cross-site scripting vulnerability in the network maps edit functionality. What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry...

5.2AI score
Exploits0
Huntr
Huntr
added 2022/10/26 2:1 p.m.7 views

Path Traversal – Reading Certain File Extensions

BigBlueButton 2.5.6 is vulnerable to a path traversal vulnerability, that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions txt, swf, svg, png. PoC: 1- Submit a request to...

7AI score
Exploits0
Huntr
Huntr
added 2022/10/26 1:41 p.m.11 views

Reflected Cross Site Scripting in Search Functionality of Module Library

Description Hello Team, Hope you are doing well. I have found a reflected cross site scripting vulnerability in search functionality present in the module library section. What is reflected cross site scripting? Reflected cross-site scripting or XSS arises when an application receives data in an...

6.2AI score
Exploits0
Huntr
Huntr
added 2022/10/26 12:38 p.m.297 views

Unauthenticated, Stored XSS to RCE via SNMP Trap

Description LibreNMS offers the ability to handle SNMP traps as documented here. One of the SNMP trap handlers called HPFault creates an event with the message "Fault - Unhandled ..." when receiving a trap with an unknown type. The type of this event is set to the received, unknown type, which is...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/10/26 9:14 a.m.22 views

Html Injection Stored in edit customers

Description HTML Injection is a vulnerability in which the attacker can inject malicious html content in the webpage. Proof of Concept 1. Open tab Edit Customers, click Edit customer 2. Inject this payload at field Name: TEST TEST TEST. And then click Save 3. Go to the profile page of this...

4.9CVSS0.9AI score0.00754EPSS
Exploits0
Huntr
Huntr
added 2022/10/25 6:20 p.m.30 views

Path Traversal - Download remote files by exploiting the backup functionality (Authenticated)

Description The vulnerability found in the backup system allows an Administrator of the CMS to download any files on the remote file system not only backup files by exploiting a "Path Traversal". The vulnerability does not require any user interaction and is very simple to exploit. Proof of Conce...

7AI score
Exploits0
Huntr
Huntr
added 2022/10/20 6:31 p.m.10 views

Stored Cross-Site Scripting (XSS)

Description There is insufficient input validation in the pop-up notifications. Proof of Concept Steps to reproduce: 1. Log in to an admin account 2. Click on Services - Services Templates 3. Create a new Service Template with the Name alertdocument.location 4. The XSS is triggered when the...

6.3AI score
Exploits0
Huntr
Huntr
added 2022/10/20 10:37 a.m.21 views

Stored Cross-site scripting

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept Visit: http:///phpmyfaq/admin/?action=meta Click button Add template meta data Inject payload in field Page type: "alert"XSS"...

4.9CVSS0.1AI score0.00528EPSS
Exploits1
Huntr
Huntr
added 2022/10/20 10:27 a.m.21 views

Weak Password Requirement

Description We can change password with just 1 character when we use change password function. Proof of Concept When you change password, just press an charactor and then submit. Your password has been changed...

7.5CVSS1.3AI score0.01139EPSS
Exploits1
Huntr
Huntr
added 2022/10/20 8:50 a.m.23 views

Reflect Cross Site Scripting when search

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept 1. Go to your web phpmyfaq and visit http:///phpmyfaq/index.php?search= 2. inject payload to param search: 1af"+onclick='alert...

5.8CVSS0.05743EPSS
Exploits3
Huntr
Huntr
added 2022/10/19 1:46 p.m.18 views

Stored XSS

Description webcalendar has a feature to add event and display the location of it. This feature lead to stored xss everytime a user open the calendar or the event detail page. Proof of Concept 1. 1- login as user 2. 2- create an event 3. 3- insert the payload on "location" field 4. 4- Save 5. 5- ...

4.9CVSS5.6AI score0.00526EPSS
Exploits1
Huntr
Huntr
added 2022/10/19 1:38 a.m.10 views

Use After Free in function qf_get_curlist

Description Use After Free in function qfgetcurlist at quickfix.c:1932 . vim version git log commit bf72e0c67f26ea7c8fd941fdd1533c24c7b6cb43 grafted, HEAD - master, tag: v9.0.0792, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/fuzz/test/poc14huaf.dat...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/10/18 3:20 p.m.12 views

Blind SSRF When Inserting a Presentation

Description BigBlueButton was found that it allows for URLs provided by the clients to be directly invoked, without checking the validity of the URL. An attacker will be able to request to services on the local host, and even utilize a FILE URL although an exception happens due to an incorrect ca...

7AI score
Exploits0
Huntr
Huntr
added 2022/10/18 3:11 a.m.28 views

Floating point exception in function num_divide at eval

Floating point exception in function numdivide at eval.c:70...

1.9CVSS1.7AI score0.00463EPSS
Exploits1
Huntr
Huntr
added 2022/10/17 6:49 a.m.27 views

Use After Free in function bt_quickfix

Description Use After Free in function at buffer.c:5715 . vim version git log commit 3f0092c141824356b55b11cd3985baaf4df65334 grafted, HEAD - master, tag: v9.0.0777, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S poc13huaf.dat -c :qa!...

4.4CVSS8.6AI score0.00373EPSS
Exploits0
Huntr
Huntr
added 2022/10/15 10:17 a.m.17 views

Account Takeover

Description A malicious actor can setup a website on vercel.app with the vercel.app domain, after that, they can change the subdomain to something containing modrinth, This will allow a open redirect on https://api.modrinth.com/v2/auth/init?url=ATTACKERURL, allowing stealing the github token whic...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/10/14 3:32 p.m.27 views

heap-buffer-overflow in function inc at misc2.c

Description heap-buffer-overflow in function inc at misc2.c:356:6 vim version shell git log commit ba43e76fcd5b2da57dbaa4d9a555793fe8ac344e HEAD - master, tag: v9.0.0747, origin/master, origin/HEAD Proof of Concept shell ./src/vim -u NONE -X -Z -e -s -S ./poc -c ':qa!'...

7.5CVSS8.6AI score0.01002EPSS
Exploits1
Huntr
Huntr
added 2022/10/14 11:46 a.m.10 views

Denial of Service in proxy by redirecting to own host

Description It is possible to partially interrupt the proxy in the backend by redirecting to the same URL again. Proof of Concept On a server or API mocking website implement a rule that will redirect all requests to the following URL: https://diagrams.net/proxy?url=https://attacker.com...

0.4AI score0.01137EPSS
Exploits1References1
Huntr
Huntr
added 2022/10/13 12:19 p.m.25 views

Server Side Request Forgery Via DNS Rebinding

Description Appsmith below v1.8.1 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery SSRF via DNS Rebinding technique to hit AWS internal metadata endpoint and for retrieving data. Proof of Concept...

4CVSS6.8AI score0.01435EPSS
Exploits1References2
Huntr
Huntr
added 2022/10/12 7:39 p.m.21 views

Moderators can perform Time based SQL injection attack.

The API endpoint /api/chat/users/setenabled POST is vulnerable to a Time based blind SQL injection attack via body parameter ‘userId’. It allows a Moderator to read, modify or delete the entries in the sqlite database. Moderator can leak the streamkey to access admin dashboard. Proof of concept...

7.5CVSS0.3AI score0.00903EPSS
Exploits0
Huntr
Huntr
added 2022/10/12 8:37 a.m.32 views

heap-buffer-overflow in function skipwhite

Description heap-buffer-overflow in function skipwhite at charset.c:1706:12 vim version shell git log commit 56564964e6d0956c29687e8a10cb94fe42f5c097 HEAD - master, tag: v9.0.0719, origin/master, origin/HEAD Proof of Concept shell /home/mist/fuzz/vim/vim/src/vim -u NONE -X -Z -e -s -S poc1 -c :qa...

4.4CVSS7.9AI score0.00496EPSS
Exploits1
Huntr
Huntr
added 2022/10/09 4:48 p.m.9 views

POST Based Reflected Cross Site Scripting in installation page

Description The installation page in Elgg ≤ v4.3.3 is vulnerable to Cross-Site Scripting attack via 'dataroot' parameter. Steps to Reproduce 1. Freshly install the Elgg in your web-server and proceed to "Database Installation Page". 2. Enter the following payload in "Data Directory" field and fil...

5.9AI score
Exploits0References1
Huntr
Huntr
added 2022/10/09 2:42 p.m.9 views

Multiple SQL Injections

Description User input is inserted directly into a SQL query in multiple places when duplicating contacts/leads. Proof of Concept For a PoC, we are going to use Leads, although the other vulnerabilities will probably work analagously. Since the input is not directly displayed to the user, we will...

7.6AI score
Exploits0
Huntr
Huntr
added 2022/10/09 2:34 p.m.15 views

Reflected Cross-Site Scripting due to Improper Sanitization

Description User Input that is reflected in a JavaScript Context is not properly sanitized. The User Input is reflected inside of a single-quoted string and single-quotes are encoded. However, there is an issue with the entity removing HTML tags that prevents single-quotes from being encoded. Thi...

6.6AI score
Exploits0
Huntr
Huntr
added 2022/10/08 3:5 p.m.21 views

Deserialization of arbitrary data leads to RCE

Description LibreNMS includes support for monitoring applications, one of which is memcached. When polling for memcached, the data returned by the agent to the LibreNMS server is not verified before it is deserialized. Because LibreNMS has quite a few dependencies, it is easy to find a working...

6.5CVSS2.8AI score0.00859EPSS
Exploits0References1
Huntr
Huntr
added 2022/10/07 4:16 p.m.26 views

Broken Access Controls in Patient Files

Description An authenticated user without document access has the ability to direct access any document in the system by using a url similar to this http://domain/openemr/controller.php?document&retrieve&patientid=2&documentid=19. The autoincrement identifier was also susceptible of being...

5.5CVSS8.1AI score0.00607EPSS
Exploits1
Huntr
Huntr
added 2022/10/07 1:40 p.m.21 views

File Upload Type Validation Error

Description The upload functionality does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature p.e. GIF89 and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS...

6.5CVSS0.1AI score0.01057EPSS
Exploits1
Huntr
Huntr
added 2022/10/06 4:37 p.m.16 views

Improper Name Validation in Upload Document Form

Description The name of any uploaded document can be manipulated using the destination parameter, to include new line characters in its name, breaking the execution of JS code in "New Documents" section from "Miscellaneous" menu, that will be blank until the document is removed from DB. Proof of...

5CVSS0.1AI score0.00862EPSS
Exploits1
Huntr
Huntr
added 2022/10/06 4:17 p.m.19 views

Reflected Cross-Site Scripting in Front Payment CC

Description The frontpaymentcc.php was not properly encoding parameters cardHolderName and zip when the mode AuthorizeNet is sent. The response was a JSON string including unparsed values that will probably be sent using content-type header as text/html, leaving it vulnerable to XSS. Proof of...

5.8CVSS0.6AI score0.00578EPSS
Exploits1
Total number of security vulnerabilities4072