Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/09/02 9:52 a.m.24 views

Reflected XSS via POST

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

5.8CVSS6AI score0.00857EPSS
Exploits1References3
Huntr
Huntr
added 2022/09/01 4:8 p.m.20 views

Attacker can turn off 2FA of the Admin

Description The attacker can turn off the 2FA of the admin by performing the CSRF attack Steps to reproduce Step 1: Login as admin on the demo product and navigate to https://demo.corebos.com/index.php?module=Utilities&action=integration&op=getconfig2fa&userlist=1 Step 2: Turn on the 2FA and clos...

4.3CVSS7.1AI score0.00316EPSS
Exploits1References1
Huntr
Huntr
added 2022/09/01 9:55 a.m.30 views

Use After Free in function do_cmdline

Description Use After Free in function docmdline at vim/src/exdocmd.c:1076. vim version git log commit 5d09a401ec393dc930e1104ceb38eab34681de64 HEAD - master, tag: v9.0.0343, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/fuzz/test/poc7huaf.dat -c :qa...

4.4CVSS0.00464EPSS
Exploits1
Huntr
Huntr
added 2022/08/31 3:15 a.m.20 views

Bad Sanitization on "vtlib_purify" function leads to XSS

Description The whole project is using "vtlibpurify" for the sanitization of user inputs. It does a good job while stripping HTML tags like etc. However, it allows tag and we can use javascript protocol on the href attribute via changing : character to . So, our final payload is click Proof of...

4.9CVSS5.2AI score0.00536EPSS
Exploits1
Huntr
Huntr
added 2022/08/31 2:57 a.m.9 views

Reflected XSS on "DetailViewAjax" via "relation_id" parameter

Description The value of the "relationid" parameter on the "DetailViewAjax" reflects to the source code without any sanitization. So, that leads to XSS which allows cookie stealing. Proof of Concept...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/08/29 9:45 p.m.24 views

No rate limit via proxy url parameter

Description Hi Drawio Team , Your proxy server has no limit of requests which an attacker can use it as PORT SCANNER. https://app.diagrams.net/proxy?url=IP:PORT&base64=1 Proof of Concept Image from my OWASP ZAP : https://ibb.co/h87hz3N...

5CVSS0.7AI score0.01017EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/29 4:39 a.m.19 views

BufferOverflow

Description Buffer Overflow is most commonly found in languages ​​such as C and C ++, where there is the need for prior definition of the memory size of the buffer to be used. The program calls a gets function, which does not checks against overflowing the size assigned to buffer. As a result, it...

1.8AI score
Exploits0References2
Huntr
Huntr
added 2022/08/28 8:23 p.m.14 views

SQL INJECTION

Summary The user can submit an SQL query directly to the database, gaining access without providing appropriate credentials. Attackers can then view, export, modify, and delete confidential information; change passwords and other authentication information; and possibly gain access to other syste...

5AI score
Exploits0
Huntr
Huntr
added 2022/08/28 6:32 p.m.29 views

Access violation near NULL on destination operand eval.c:2603:37 in segmentation fault

Description Access violation near NULL on destination operand eval.c:2603:37 in segmentation fault Proof of Concept Faulting Frame: eval1 @ 0x0000000000d9e9d2: in /root/vim/src/vim Disassembly: 0x0000000000d9e9bd: mov rax,r14 0x0000000000d9e9c0: shr rax,0x3 0x0000000000d9e9c4: mov al,BYTE PTR...

1.9CVSS0.6AI score0.0082EPSS
Exploits1
Huntr
Huntr
added 2022/08/28 4:44 p.m.21 views

Stored Cross-Site Scripting (XSS)

Description Input fields allowing Markdown Input are vulnerable to XSS. This requires Superadmin permissions though. Proof of Concept Steps to reproduce: 1. Log in to the admin account 2. Go to Admin - General Settings 3. Enter the Payload in the Login Note and Dashboard Message fields. 4. Go to...

4.3CVSS1.4AI score0.00595EPSS
Exploits1
Huntr
Huntr
added 2022/08/28 4:42 p.m.27 views

Improper Authentication

Description There are two permissions not working correctly: The Licenses - View and Modify License Files & the Self - Create API Keys permission. License Files Files can be uploaded to licenses. There is a permission for users called View and Modify License Files. However, this permission is...

4CVSS4.5AI score0.0072EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/28 2:15 p.m.38 views

Use After Free in Function qf_buf_add_line( )

Description Hello there! How are you doing? I just used the PoC of this previous report as a valid input for fuzzing, and ended up finding what it seems to be a new case of Use After Free, with a slightly different input. The last commit in which I tested it was...

4.4CVSS7.6AI score0.00498EPSS
Exploits1
Huntr
Huntr
added 2022/08/28 12:54 p.m.17 views

Account Takeover

Description hacker can invite any user to team and with the bug i report it before can accept the invitation ..... hacker can add user in group to give them new permission in team...... when hacker visit the team can see private info for victim as and the hash password many token and more...

5CVSS0.7AI score0.0078EPSS
Exploits1
Huntr
Huntr
added 2022/08/28 10:34 a.m.9 views

Tabnabbing on spec-disrespecting browsers

Some browsers do not comply with the 2021 HTML specification, meaning that an attacker can redirect the parent window. This applies to links in descriptions // Create a new card // Add https://someevilsite.com to card // Now the site can do the following:...

0.9AI score
Exploits0References1
Huntr
Huntr
added 2022/08/28 12:41 a.m.23 views

DDOS attack by uploading a few hundred large files

Description can normal user upload the photo to the profile not allowed photo more than 2 MB i can upload photo more allowed limit Proof of Concept https://drive.google.com/file/d/1jh0n9kOoFvW-esHgpOtPeURTYjSIhDm/view?usp=sharing...

4CVSS0.1AI score0.00753EPSS
Exploits1
Huntr
Huntr
added 2022/08/27 12:49 p.m.14 views

Session does not expire on logout

Description Existing session is not invalidated on actions like logout. The fact that the session key is valid for 1 year makes it more dangerous. Proof of Concept 1. Login to planka 2. Record the session token 3. Logout 4. Replay an authenticated request with the recorded token. The actions will...

1.8AI score
Exploits0References1
Huntr
Huntr
added 2022/08/26 5:8 p.m.16 views

Improper Input Validation

Description At the team updatehttps://ripob47346.getoutline.com/api/team.update and user updatehttps://ripob47346.getoutline.com/api/users.update functions, avatarUrl was not verified as a correct url. The user can enter arbitrary values. Proof of Concept /api/team.update /api/users.update Result...

1.1AI score
Exploits0
Huntr
Huntr
added 2022/08/26 12:36 p.m.22 views

CSRF on deleting an API key

Description An attacker can send a crafted link to a Froxlor admin. The admin, after clicking on the link and logging in, will redirect to the API key deletion endpoint, which is a GET request. This will result in deleting the API key with the specified id from the attacker. Proof of Concept 1...

4.3CVSS5.2AI score0.00371EPSS
Exploits1
Huntr
Huntr
added 2022/08/26 7:49 a.m.32 views

Use After Free in function get_next_valid_entry

Description Use After Free in function getnextvalidentry at vim/src/quickfix.c:2709. vim version git log commit 2bd9dbc19fc67395cfa1226dda7326071ab22464 HEAD - master, tag: v9.0.0270, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/test/poc/poc6huaf.da...

4.4CVSS7.7AI score0.00497EPSS
Exploits1
Huntr
Huntr
added 2022/08/26 6:0 a.m.11 views

Firefox XSS when redirecting to untrusted URL

Description When redirecting server side using navigateTo with untrusted user data and with external links set to true, XSS can be triggered on Firefox probably other browsers too. This is due to h3 expecting JSON stringfy to sanitize HTML and nuxt3 also assuming that to be true by using the...

6AI score
Exploits0References3
Huntr
Huntr
added 2022/08/25 10:20 p.m.28 views

Stored Cross-Site Scripting (XSS)

Description It is possible to upload HTML files containing JavaScript Payload to the FileStorage as a low-privilege user with the corresponding permissions. When opening the HTML file via an indirect link, the JavaScript Code is executed. Proof of Concept Steps to reproduce: 1. Login to the backe...

4.9CVSS5.8AI score0.00722EPSS
Exploits0
Huntr
Huntr
added 2022/08/25 9:58 p.m.21 views

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively we can see the...

5CVSS5.2AI score0.00977EPSS
Exploits0References1
Huntr
Huntr
added 2022/08/24 3:59 p.m.28 views

ZipSlip Symlink variant allows to read any file within OctoPrint Box

Using the ZipSlip symlink variant, it is possible to steal any file from the OctoPrint remote server via an upload of a maliciously crafted archive as a language pack and download the stolen files within a backup archive. To set up the Octoprint web application, we used the dockerized version bas...

1.4CVSS1.4AI score0.00405EPSS
Exploits1
Huntr
Huntr
added 2022/08/24 2:48 p.m.10 views

Login bruteforce

Description According to the fix of the previous report, the login page has a rate limit mechanism to block the user’s IP when many attempts are made. The endpoint, for example, /v2/console/status only returns the content when who made the request has the correct rights. However, this request is...

7.2AI score
Exploits0References1
Huntr
Huntr
added 2022/08/24 1:16 p.m.11 views

Floating point exception

Description Floating point exception in udiv commit : b83285697888abbcb2286462da070d49f413ab24 Proof of Concept ruby 1 63.pow1, 0 ASAN Output ================================================================= ==747==ERROR: AddressSanitizer: FPE on unknown address 0x5626e07f6dba pc 0x5626e07f6dba b...

1.3AI score
Exploits0
Huntr
Huntr
added 2022/08/23 1:34 p.m.10 views

Insufficient Session Expiration

Description The Nakama Console session is not invalidated when the user is deleted. Proof of Concept Steps to reproduce: 1. Log in to the Nakama Console as admin and create a user [email protected] 2. In a separate browser or private window log in to the account [email protected] 3. In the admin session,...

1AI score
Exploits0References1
Huntr
Huntr
added 2022/08/23 12:59 p.m.16 views

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality of the Nakama Console for valid and invalid email addresses or usernames. Proof of Concept 1. Login to the Nakama Console as admin and create a User [email protected] 2. Logout 3. Attempt a Login with an incorrect passwor...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2022/08/23 12:2 p.m.21 views

Privilage escalation allows user with read access only to edit admin portal and take actions

Overview of the Vulnerability Authentication and session management controls can be bypassed in a variety of ways including, calling an internal post-authentication page, modifying the given URL parameters, by manipulating the form, or by counterfeiting sessions. The authentication method for thi...

6.5CVSS1.4AI score0.00437EPSS
Exploits1References2
Huntr
Huntr
added 2022/08/23 5:17 a.m.34 views

Use After Free in function qf_fill_buffer

Description Use After Free in function qffillbuffer at vim/src/quickfix.c:4790 vim version git log commit adce965162dd89bf29ee0e5baf53652e7515762c HEAD - master, tag: v9.0.0246, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/poc5huaf.dat -c :qa!...

4.4CVSS0.7AI score0.00787EPSS
Exploits1
Huntr
Huntr
added 2022/08/22 9:10 p.m.24 views

Session Fixation

Description The session is not invalidated after a password change. Proof of Concept Open Snipe-IT in the browser and login. Do the same in a private window such that there are two sessions. Change the password in one of the two sessions and observe that the second session is not invalidated...

6CVSS1.3AI score0.00674EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/22 1:48 p.m.13 views

Reflected XSS via "stufftype" parameter

Description The value for the stufftype parameter is reflected in the web context without proper filtering in place resulting in possibility to execute malicious javascript code. Testing Environment 1. Windows OS 2. Firefox Browser Proof of Concept 1. Visit...

1AI score
Exploits0
Huntr
Huntr
added 2022/08/22 1:45 p.m.12 views

Reflected XSS via "stuffid" parameter

Description The value for the stuffid parameter is reflected in the web context without proper filtering in place resulting in possibility to execute malicious javascript code. Testing Environment 1. Windows OS 2. Firefox Browser Proof of Concept 1. Visit...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/08/22 1:41 p.m.7 views

Reflected XSS via "idlist" parameter

Description The value for the idlist parameter is reflected in the web context without proper filtering in place resulting in possibility to execute malicious javascript code. Testing Environment 1. Windows OS 2. Firefox Browser Proof of Concept 1. Visit...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/08/22 2:50 a.m.30 views

NULL Pointer Dereference in function do_mouse

Description NULL Pointer Dereference in function domouse at vim/src/mouse.c:496 . vim version git log commit 171c683237149262665135c7d5841a89bb156f53 HEAD - master, tag: v9.0.0242, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/poc3null.dat -c :qa!...

1.9CVSS0.6AI score0.00692EPSS
Exploits1
Huntr
Huntr
added 2022/08/22 2:35 a.m.28 views

Exposure of "Forgot Password" Token on Comments Controller Leads to Account Takeover

Hello there! Hope you are doing great! Description While digging into your app's source code, I noticed that the getComment function, that can be found on CommentController, had an IDOR, but when I went to an actual instance of Tooljet and tested it, I noticed that it's way worse than that! 😱 Thi...

6.8CVSS0.00703EPSS
Exploits1
Huntr
Huntr
added 2022/08/21 5:58 p.m.12 views

Prototype pollution

Description submerge is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Sensitive Information Disclosure/Denial of ServiceDoS/Remote Code Execution. Proof ...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/08/21 4:13 p.m.9 views

DoS via Client Email Update

Description An unauthenticated user, via the Inbox Website Widget, can update its contact email information, whose field doesn't have any proper size restriction or limitation in place, allowing to set as email an unlimited number of characters. \ \ Because of this an attacker can send an enormou...

6.9AI score
Exploits0
Huntr
Huntr
added 2022/08/21 3:29 p.m.19 views

Clickjacking Leads To User Deletion

Hello team, on notrinoserp there is no clickjacking protection implemented x-frame-options, so an attacker can perform clickjacking attack, and in this case im able to delete user account via this vulnerability from the admin account, here is the POC: Exploit Script: iframe position:relative;...

4.3CVSS1.8AI score0.00615EPSS
Exploits1
Huntr
Huntr
added 2022/08/21 8:48 a.m.12 views

clickjacking attack

Description clickjacking bug.\ I see there is no x-frame-options header set . So, the erp url can be loaded in iframe tag . which allow clickjacking attack Proof of Concept same this bellow code in html file and open this html url is browser . STUDY METERIAL...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/08/20 11:57 p.m.23 views

Weak Password Change Mechanism

Description The user password change page, doesn't require knowledge of the existing password. Proof of Concept 1. - Log in as a normal user 2. - Go to the User Dashboard page and click User Settings. 3. - Set a any new password. 4. - Click confirm 5. - The password is changed successfully...

4.3CVSS1AI score0.00334EPSS
Exploits1
Huntr
Huntr
added 2022/08/19 9:53 p.m.9 views

XSS on URL recorder

Description Hi Team , I found XSS vulnerability in url recorder https://conifer.rhizome.org/"USERNAME"/default-collection/ Proof of Concept Image : https://ibb.co/dBr0QQr...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/08/19 6:0 p.m.21 views

Persistent Cross Site Scripting - WidgetsManagement Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On WidgetsManagement module from Settings, the "title"parameter is not validated and it's used directly without any encoding or validation on Vitger/dashboards/ChartFilter.tpl. It allows attacker to injec...

4.9CVSS0.3AI score0.00626EPSS
Exploits1
Huntr
Huntr
added 2022/08/19 5:57 p.m.20 views

Persistent Cross Site Scripting - BusinessHours Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On BusinessHours module from Settings, the type of name parameter is "Text" but it is not validated and it's used directly without any encoding or validation on EditViewBlocks.tpl. It allows attacker to...

4.9CVSS1.1AI score0.00547EPSS
Exploits1
Huntr
Huntr
added 2022/08/19 5:53 p.m.27 views

Persistent Cross Site Scripting - LayoutEditor Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On LayoutEditor module from Settings, the type of fieldModel-label parameter is "Text" but it is not validated and it's used directly without any encoding or validation on LayoutEditor/EditField.tpl. It...

4.9CVSS5.5AI score0.00529EPSS
Exploits1
Huntr
Huntr
added 2022/08/19 5:49 p.m.25 views

Persistent Cross-site Scripting - SlaPolicy Module - Settingss

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On SlaPolicy module from Settings, the type of recordModel-name parameter is "Text" but it is not validated and it's used directly without any encoding or validation on SlaPolicy/EditViewBlocks.tpl. It...

4.9CVSS1.2AI score0.00512EPSS
Exploits1
Huntr
Huntr
added 2022/08/19 5:45 p.m.23 views

Persistent Cross Site Scripting - Workflow Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On Workflow module from Settings, the type of workflowModel-summary parameter is not defined and validated, it's used directly without any encoding or validation on Workflows/Step1.tpl and...

4.9CVSS0.1AI score0.00512EPSS
Exploits1
Huntr
Huntr
added 2022/08/19 4:26 p.m.50 views

Full account takeover

POC: Step 1: Use a normal user account Step 2: Change user password in edit profile function Step 3: Enter data fields that change normally Step 4: Use burp suite to intercept requests to update profile Step 5: Change id from 2 to id 1 and send request The result of logging in with the new userna...

6.5CVSS0.7AI score0.00703EPSS
Exploits1
Huntr
Huntr
added 2022/08/19 1:47 a.m.30 views

Use After Free in function vim_vsnprintf_typval

Description Use After Free in function vimvsnprintftypval at vim/src/strings.c:2299. vim version git log commit 9e043181ad51536f23d069e719d6f6b96c4c0ec0 grafted, HEAD - master, tag: v9.0.0226, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/poc4huaf.dat -c...

4.4CVSS7.7AI score0.00501EPSS
Exploits1
Huntr
Huntr
added 2022/08/18 2:47 p.m.27 views

Weak Password Requirements

Description The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts. Proof of Concept Steps to reproduce 1. Login to admin account. 2. Drom user account setup create a new user. 3. Full the form username user3 and...

7.5CVSS2.4AI score0.00757EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/18 12:4 p.m.17 views

Cross Site Scripting (reflected) on fee_sheet_ajax.php

Description When testing the app for XSS we found out that the feesheetajax.php endpoint is actually vulnerable to an XSS exploit. PoC 1. visit https:///interface/forms/feesheet/review/feesheetajax.php?task=retrieve&mode=encounters&prevencounter=%3Cimg%20src%3da%20onerror%3dalertdocument.cookie%3...

5.8CVSS0.5AI score0.00651EPSS
Exploits1References1
Total number of security vulnerabilities4072