Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/08/18 10:42 a.m.24 views

Exposure of Sensitive Information Lead To Admin Account Take Over

Description The AP officers account is authorized to Backup and Restore the Database, Due to this he/she can download the backup and see the password hash of the System Administrator account, The weak hash MD5 of the password can be easily cracked and get the admin password. Proof of Concept Step...

6.5CVSS1.2AI score0.01105EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/18 6:18 a.m.27 views

NULL Pointer Dereference in function sug_filltree

Description NULL Pointer Dereference in function sugfilltree at vim/src/spellfile.c:5600. vim version git log commit 4875d6ab068f09df88d24d81de40dcd8d56e243d grafted, HEAD - master, tag: v9.0.0224, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/poc2null.d...

1.9CVSS0.6AI score0.00469EPSS
Exploits1
Huntr
Huntr
added 2022/08/17 10:35 a.m.26 views

Cross-site Scripting (XSS) - Stored

Description The application uses Purify to avoid the Cross Site Scripting attack. However, On ApiAddress module from Settings, the customFields is not validated and it's used directly without any encoding or validation on ApiConfigModal.tpl. It allows attacker to inject arbitrary Javascript code ...

4.9CVSS0.3AI score0.00725EPSS
Exploits1
Huntr
Huntr
added 2022/08/17 12:3 a.m.28 views

Use After Free in function find_var_also_in_script

Description Use After Free in function findvaralsoinscript at vim/src/evalvars.c:3174 vim version git log commit 887748742deae3d6de7aa0fdbb042afe1ccf5e7a grafted, HEAD - master, tag: v9.0.0222, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/poc3huaf.dat -...

4.4CVSS7.6AI score0.00497EPSS
Exploits1
Huntr
Huntr
added 2022/08/16 9:36 a.m.25 views

Stored XSS in 'Table name' field via Database information function

Description When the administrator uses the Database information function, malicious code will be accidentally called and executed through two cases: 1. 1 An internal attacker local with access right to the database could insert malicious content into the table name field by creating a table in t...

4.3CVSS0.3AI score0.00409EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/16 8:12 a.m.17 views

Insufficient Session Expiration

Description Insufficient Session Expiration is when a website permits an attacker to reuse old session credentials or session IDs for authorization. Proof of Concept Steps to reproduce 1- Login into http://127.0.0.1:5000/login/ OctoPrint. 2- Open browser in the incognito tab or open another brows...

3.2CVSS0.3AI score0.00284EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/16 7:28 a.m.25 views

NULL Pointer Dereference in function generate_loadvar

Description NULL Pointer Dereference in function generateloadvar at vim9compile.c:1165 allows attackers to cause a denial of service application crash via a crafted input. vim version git log commit e1f3fd1d02e3f5fe6d2b6d82687c6846b8e500f8 HEAD - master, origin/master, origin/HEAD Author: Bram...

1.9CVSS0.6AI score0.00454EPSS
Exploits1
Huntr
Huntr
added 2022/08/15 8:9 p.m.19 views

Unrestricted File Upload Allowed due to Flawed Move File Functionality

Description Hello Team, Hope you are doing good. Due to misconfiguration in move file functionality an attacker could easily change the file extension of the uploaded malicious file disguised as .gcode file. Steps: 1 . Upload a .gcode file & intercept the request as shown in the screenshots. 2...

4.9CVSS0.2AI score0.00545EPSS
Exploits1
Huntr
Huntr
added 2022/08/15 1:27 p.m.30 views

Improper Authorization lead a user add an arbitrary agent into Team

Description A Vulnerability in edit team function lead an user add another user via ID to Team, alternatively know the email of every user in Chatwoot Step to reproduce - login to the app -navigate to the Team setting: https://app.chatwoot.com/app/accounts/id/settings/teams/list -Create new or ed...

5.5CVSS6.9AI score0.00493EPSS
Exploits1
Huntr
Huntr
added 2022/08/15 3:57 a.m.27 views

Heap-based Buffer Overflow in function latin_ptr2len

Description Heap-based Buffer Overflow in function latinptr2len at vim/src/mbyte.c:1088 . vim version git log commit 249e1b903a9c0460d618f6dcc59aeb8c03b24b20 grafted, HEAD - master, tag: v9.0.0213, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S poc4hbo.dat -c :qa!...

4.4CVSS7.6AI score0.00452EPSS
Exploits1
Huntr
Huntr
added 2022/08/15 3:11 a.m.37 views

Buffer Over-read in function utf_head_off

Description Buffer Over-read in function utfheadoff at vim/src/mbyte.c:3872 vim version git log commit 249e1b903a9c0460d618f6dcc59aeb8c03b24b20 grafted, HEAD - master, tag: v9.0.0213, origin/master, origin/HEAD Proof of Concept ./vim/src/vim -u NONE -X -Z -e -s -S poc3hbo.dat -c :qa!...

4.4CVSS7.7AI score0.00501EPSS
Exploits1
Huntr
Huntr
added 2022/08/15 2:17 a.m.31 views

use after free in function generate_PCALL

Description Use After Free in function generatePCALL at vim/src/vim9instr.c:1606 vim version git log commit 249e1b903a9c0460d618f6dcc59aeb8c03b24b20 grafted, HEAD - master, tag: v9.0.0213, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S poc2huaf.dat -c :qa!...

4.4CVSS7.5AI score0.00727EPSS
Exploits1
Huntr
Huntr
added 2022/08/15 2:3 a.m.11 views

DoS via Collaborative Document

Description An attacker can send an enormous payload via the WebSockets collaborative document feature, without any proper size restriction, leading to the unresponsiveness of every user browser that visits the target document, and even worse, if the payload is bigger enough, in the demonstration...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/08/13 12:39 p.m.9 views

Cross-site Scripting (XSS) - Stored on Translations

Description Translations are vulnerable to Cross-Site Scripting. Steps to reproduce 1 - Go to Website - Settings 2 - Click on Languages 3 - Fill any field to be translated with an XSS payload : ". 4 - XSS popup will appear. Proof of concept...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/08/12 8:3 p.m.62 views

No rate limit on main Login page lead to account takeover

Hi Team, Summary: As a best practice a login page should have a rate limit to avoid any kind of brute force. Aslo The password policy used in the account creation and password change pages is weak, allowing to set a password of only 1 character...

5CVSS1.3AI score0.00688EPSS
Exploits1
Huntr
Huntr
added 2022/08/12 1:49 p.m.28 views

Heap-based Buffer Overflow in function compile_lock_unlock in vim/vim

Description Heap-based Buffer Overflow in function compilelockunlock at vim/src/vim9cmds.c:196 vim version git log commit 326c5d36e7cb8526330565109c17b4a13ff790ae grafted, HEAD - master, tag: v9.0.0194, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S poc2hboM.dat -c :qa!...

4.4CVSS7.6AI score0.00536EPSS
Exploits1
Huntr
Huntr
added 2022/08/12 12:1 p.m.24 views

Use After Free in function string_quote

Description Use After Free in function stringquote at vim/src/strings.c:777 vim version git log commit c9b6570fab46bf2c246a954cfb8c0d95fe2746b3 grafted, HEAD - master, tag: v9.0.0203, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/fuzz/test/poc1uaf.da...

4.4CVSS7.6AI score0.00498EPSS
Exploits1
Huntr
Huntr
added 2022/08/12 11:8 a.m.30 views

Out-of-bounds read in function check_vim9_unlet in vim/vim

Description Out-of-bounds read in function checkvim9unlet at vim/src/vim9cmds.c:95 Vim version git log commit 326c5d36e7cb8526330565109c17b4a13ff790ae grafted, HEAD - master, tag: v9.0.0194, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/hbo1min.dat -c :q...

4.4CVSS7.5AI score0.00513EPSS
Exploits1
Huntr
Huntr
added 2022/08/12 7:34 a.m.22 views

Stored XSS vulnerability when importing RSS Feeds from external source

Description YetiForceCRM allows user create RSS Feeds without purifying the link field of the input data properly from external source. An attacker can take advantage of this vulnerability to perform an XML Injection attack that leads to stored cross-site scripting XSS on the target server. Proof...

4.9CVSS0.2AI score0.00688EPSS
Exploits1References2
Huntr
Huntr
added 2022/08/11 12:2 p.m.35 views

2FA Bypass in Cockpit Content Platform ≤ v2.2.1

Description 2FA secret is disclosed in JWT token after user logs into his account in Cockpit Content Platform ≤ v2.2.1 allowing attacker to bypass the 2FA code. Proof of Concept 1.Login with your admin account and enable 2FA in your account and logout. 2.Go to...

6.5CVSS9.3AI score0.01278EPSS
Exploits1
Huntr
Huntr
added 2022/08/11 6:46 a.m.16 views

cross site scripting - reflected

The reflected XSS vulnerability occurs to a flaw in the cleanxsstags function called in new.php of Gnuboard 5. 1. Open the https://sir.kr/bbs/new.php?darkmode=%22%3E%3Cscript%3Ealertdocument.domain%3C/script%3E 2. payload executing...

1.1AI score
Exploits0References1
Huntr
Huntr
added 2022/08/09 11:54 a.m.7 views

UI Redressing

Description Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills...

1AI score
Exploits0References3
Huntr
Huntr
added 2022/08/09 7:50 a.m.28 views

Path traversal on administrative account

Description Relative path traversal in DNN.Platform at log download functionality. Administrative account can download any system file. This could allow direct read access to files that are not meant to be accessible directly by the platform. Proof of Concept Login as administrative user. Payload...

3.3CVSS2.1AI score0.00999EPSS
Exploits1
Huntr
Huntr
added 2022/08/09 12:58 a.m.10 views

Weak Password Change Mechanism

Description The user password change page, doesn't require knowledge of the existing password. Proof of Concept 1. 1 - Log in as a normal user 2. 2 - Go to the User Dashboard page and click Password. 3. 3 - Set a any new password. 4. 4 - The password is changed successfully...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/08/08 10:45 p.m.9 views

Modify other people's articles by modifying the data package

Description The program does not check whether the originator of the request has this permission. I can modify the content of other people's articles and even modify the content by capturing data packets, even if I am not the owner of the article, even if I do not have permission in this respect...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2022/08/08 5:26 p.m.15 views

IDOR allows to create new collection or modify a existing one

Description A normal user can create a new collection with the provided book ids or add new books to an existing collection, whose operations should be only executed by the administrator. \ \ This is possible due to an missing administrative role check in the /api/collection/update-for-series API...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/08/07 3:29 p.m.13 views

Unauthenticated reading list item deletion

Description A unauthenticated user can delete any book item of any user reading list in the system without any authentication or authorization verification, via the /api/readinglist/delete-item API endpoint. Proof of Concept 1 - Send the following request, where x is the target readingListId and ...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/08/07 3:28 p.m.22 views

Stored XSS on Admin Translations

Description Key/Name field in Admin Translation Settings is vulnerable to XSS. Proof of Concept 1 - Go to Settings, Admin Translations. 2 - Click on Add, and put the XSS payload: " on Name then save 3 - XSS popup will be triggered. Both Stable and Dev versions are vulnerable. Video PoC...

4.3CVSS0.4AI score0.01451EPSS
Exploits1
Huntr
Huntr
added 2022/08/07 2:50 p.m.12 views

Unauthenticated book download and view details

Description A unauthenticated user can download, view the details and resources, and retrieve individual pages of any book in the system without any kind of authorization or authentication verification. \ \ Unauthenticated book operations list: 1 - Download any book via the /api/reader/pdf...

1.9AI score
Exploits0
Huntr
Huntr
added 2022/08/07 1:28 p.m.29 views

Stored XSS on Categories

Description Title parameter in the body of POST request when creating/editing a category is vulnerable to stored XSS. Proof of Concept 1 - Go to https://demo.microweber.org/demo/admin/view:content/action:categories 2 - Create a category or edit an existing one. 3 - Modify the title to an XSS...

4.9CVSS0.2AI score0.00393EPSS
Exploits1
Huntr
Huntr
added 2022/08/07 8:2 a.m.24 views

Hostname Spoofing

Description parse-url parses following https url incorrectly, identifies its protocol as ssh, and its host name is parsed incorrectly either. https://www.google.com:[email protected]:x node -e 'const parseUrl=require"parse-url";console.logparseUrl"https://www.google.com:[email protected]:x"' protocols:...

5.8CVSS6.4AI score0.00586EPSS
Exploits1
Huntr
Huntr
added 2022/08/06 5:53 p.m.20 views

Previously created sessions continue being valid after MFA activation [namelessmc.com]

Description 1. Hello Team I found one issue related to your 2FA system on https://namelessmc.com/user/settings/?do=enabletfa&s=2 Vulnerability Type: 1. Improper Access Control - Generic STEP TO REPRODUCE: 1. 1- access the same account on https://namelessmc.com/ in two devices 2. 2- on device 'A' ...

6.4CVSS0.5AI score0.00594EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/06 3:31 p.m.17 views

Unauthenticated Path Traversal

Description A unauthenticated user can read and download files of the application system by abusing the filename parameter, of the /api/image/cover-uploadendpoint, that is not properly sanitized. Proof of Concept 1 - Send the following request, where the filename has the relative path of the targ...

1.7AI score
Exploits0
Huntr
Huntr
added 2022/08/06 3:18 p.m.21 views

No password brute-force protection on login page

Description The login page doesn't have any protection against a brute-force password attack, which allows an attacker to try every possible password combination without any restriction. Proof of Concept 1. 1- Send a login request of the target user POST http://localhost:5000/api/account/login...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/08/06 3:13 p.m.22 views

IDOR in password change page leads to administrative account takeover

Description The password change function doesn't properly handle the Change Password role, allowing to any user, that has this role enabled, to change the password of any user in the system, including the administrator account. Proof of Concept 1. 1 - Log in as a normal user that can change its o...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/08/06 3:5 p.m.48 views

Full Read Server-Side Request Forgery (SSRF)

Description Via the /api/upload/upload-by-url endpoint is possible to upload an image via an URL provided by the user. The function that handles this upload, doesn't verify or validate the provided URL, allowing to fetch internal services. \ \ Furthermore, after the resource is fetched, there is ...

4CVSS0.6AI score0.02298EPSS
Exploits1
Huntr
Huntr
added 2022/08/06 6:45 a.m.19 views

Account Takeover [namelessmc.com]

Description: 1. Hello team, while i was testing on https://namelessmc.com/login/ i noticed that there is no ratelimit protection on POST login form, so an attacker can takeover the account by brute forcing the password field Steps to reproduce: 1. 1- go to https://namelessmc.com/login/ 2. 2- Ente...

5CVSS7.8AI score0.01118EPSS
Exploits1
Huntr
Huntr
added 2022/08/06 3:48 a.m.48 views

Insufficient Session Expiration After Password Change

Description During my test, I found that in Cockpit v 2.1.2, the application was not validating the request after password change. This allows attacker to update user account details even after admin changes password. Steps to Reproduce : 1. Login with your account and click on click on "Account...

7.5CVSS0.8AI score0.00956EPSS
Exploits1
Huntr
Huntr
added 2022/08/05 6:36 p.m.10 views

Send message to blocked user

Description In this case if a userA block userB. UserB is still able to send private message to user A Proof of Concept 1.USerA block userB 2.UserB send direct request to message endpoint with userA''s userID Poc POST https://bookwyrm.social/post/direct Host: bookwyrm.social User-Agent: Mozilla/5...

7AI score
Exploits0
Huntr
Huntr
added 2022/08/05 11:57 a.m.43 views

Tabnabbing via window.opener [bookwyrm.social]

Description: 1. Hello @bookwyrm-social I found a tabnabbing vulnerability. attack is possible due to taget=blank or Tab nabbing via window.opener. VISIT:- https://bookwyrm.social/ SUMMARY: 1. I was browsing the site and found a tabnabbing vulnerability . As per the observation I found that attack...

5.8CVSS0.00492EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/04 3:26 p.m.85 views

Stored XSS via image markdown

Description The site allows creating markdown to get an image from a link, from which we can use it to generate XSS. Proof of Concept Payload: markdown Video: Youtube Only works on Google Chrome...

1.9AI score
Exploits0
Huntr
Huntr
added 2022/08/04 1:30 a.m.16 views

Cross-Site Request Forgery

Description The administrative /api/users registration endpoint is vulnerable to an Cross-Site Request Forgery attack due the lack of any kind of anti-CSRF token verification. Proof of Concept 1. 1 - An authenticated administrator visits an attacker-controllable website, in this case the PoC file...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/08/03 10:57 p.m.9 views

Denial of Service via Attachment Upload

Description An attacker can upload an attachment without any size limitation which leads to an exception and the crash of the application. Proof of Concept 1. 1 - Log in and select and project and card. 2. 2 - Upload a file, in this case, a 5GB file. Used sample file. 3. 3 - After some seconds th...

1.9AI score
Exploits0
Huntr
Huntr
added 2022/08/03 4:25 p.m.14 views

Lack of Maximum Characters Length Validation on `Assignment Title` Input

Hello, Description The Assignment Title input is not being validated against a large number of characters added in it's value. This allows to initiate large number of characters and very big text inside the page. Proof of Concept 1. Navigate to Assignments section:...

7AI score
Exploits0References1
Huntr
Huntr
added 2022/08/03 12:27 p.m.15 views

Remote Code Execution due to code injection

Description RCE in CP ADMIN site structure it needs admin privilege Because of the typo in the sanitization. Anyone who has admin privilege can edit “site structure”, bypass it and execute php code. And we can execute system or other system function by php, so that's a RCE vulnerability. And next...

2.6AI score
Exploits0
Huntr
Huntr
added 2022/08/03 11:54 a.m.28 views

parser bypass and make SSRF attack

parse-url inproperly detecting protocol,resource and Pathname . This allow to bypass protocol check . Also this bug make ssrf check bypass\ \ lets check normal url result for parse-url import parseUrl from "parse-url"; console.logparseUrl"http://nnnn@localhost:808/?id=xss" protocols: 'http' ,...

6.4CVSS0.4AI score0.00907EPSS
Exploits1
Huntr
Huntr
added 2022/08/02 9:22 p.m.10 views

Idor when creating group

Description Insecure direct object references when creating a list allows one user to create a new list on behalf of another. Proof of Concept POST /user/[email protected]/groups HTTP/2 Host: bookwyrm.social Cookie: csrftoken=; djangolanguage=None; sessionid= User-Agent: Mozilla/5.0 Windows N...

7AI score
Exploits0
Huntr
Huntr
added 2022/08/02 7:43 p.m.26 views

User can do all actives with other's signature (view, get, create, update, delete,...)

Description I observed that users can view any user's signature by changing their user parameter to other's user parameter. By the same way users can create/delete/update other's signature in create signature function. View/Get other's signature: 1. Login to an account I use account receptionist...

5.5CVSS0.00609EPSS
Exploits1
Huntr
Huntr
added 2022/08/02 5:52 p.m.14 views

IDOR leads to delete messages in Message Center of others.

Description I observed that users can delete messages in other's Message Center by changing deleteid parameter to deleteid value of message which belongs to other. Step: - Login with Physician account and determine deleteid of messages in Physician's Message Center - Login with Clinician account....

1AI score
Exploits0
Huntr
Huntr
added 2022/08/02 2:0 p.m.7 views

Weak password policy on account creation/password update

Description The password policy used in the account creation and password change pages is weak, allowing to set a password of only 1 character. Proof of Concept Case 1 - Account Creation 1. 1 - Login as admin and go to the users page. 2. 2 - Create a new user and set 1 as the password and click i...

0.2AI score
Exploits0
Total number of security vulnerabilities4072