Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/08/02 1:47 p.m.14 views

No password brute-force protection on login page

Description The login page doesn't have any protection against a brute-force password attack, which allows an attacker to try every possible password combination without any restriction. Proof of Concept 1. 1 - Send a login request of the target user POST http://localhost:3000/api/access-tokens...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/08/02 7:53 a.m.21 views

Cross-site Scripting - Reflected

Description The pricelevel parameter in openemr is vulnerable to reflected XSS Proof of Concept 1. Open the web browser to access the website 2. Access the url: http://openemr.vn/interface/forms/feesheet/review/feesheetoptionsajax.php?pricelevel=%3Cimg%20src%3da%20onerror%3dalertdocument.cookie%3...

5.8CVSS0.7AI score0.95839EPSS
Exploits1References1
Huntr
Huntr
added 2022/08/02 1:44 a.m.21 views

Path Traversal

Description Via the /attachments/:id/download/thumbnails/:filename endpoint, an authenticated user can access any arbitrary file in the system through a path traversal vulnerability in the filename parameter. \ \ The filename parameter is not sanitized and its used to craft the path of the target...

4CVSS1.2AI score0.00785EPSS
Exploits1
Huntr
Huntr
added 2022/07/30 3:9 p.m.11 views

Weak password policy on account creation/password update

Description The password policy used in the account creation and password change pages is weak, allowing to set a password of only 1 character. Proof of Concept Case 1 - Account Creation 1. 1 - Login as admin and go to the users page. 2. 2 - Create a new user and set 1 as the password and click i...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/07/30 11:4 a.m.10 views

CSRF vulnerability exists in modifying user information (including password)

Description Csrf vulnerability in user information modification page Proof of Concept In \app\home\c\UserController $re = M'member'-update'id'=$this-member'id',$w; $member = M'member'-find'id'=$this-member'id'; unset$member'pass'; $SESSION'member' = arraymerge$SESSION'member',$member;...

1.2AI score
Exploits0References1
Huntr
Huntr
added 2022/07/30 8:8 a.m.19 views

Segmentation Fault in SFS_Expression

It can cause Denial-of-service attack. Version root@ubuntu:/gpac/.git cat refs/heads/master 0102c5d4db7fdbf08b5b591b2a6264de33867a07 system stack size default root@ubuntu:/gpac/bin/gcc ulimit -s 8192 POC Download POC Execute root@ubuntu:/gpac/bin/gcc ./MP4Box -info -disox -dump-chap-ogg -dump-cov...

1.9CVSS2.5AI score0.00628EPSS
Exploits1
Huntr
Huntr
added 2022/07/28 11:29 p.m.20 views

Reflected XSS on conversion filter function

Description Fava v1.22 have a conversion filter function on income statement dashboard which allow user to perform XSS due to improper validation on filter conversion. Proof of Concept 1 Navigate to Fava demo instance https://fava.pythonanywhere.com/example-beancount-file/incomestatement/. 2 Filt...

5.8CVSS0.6AI score0.00585EPSS
Exploits1
Huntr
Huntr
added 2022/07/28 6:44 p.m.26 views

Format string modifiers in card label

Description When adding a new video device with v4l2loopback-ctl that contains a card label with format string modifiers the kernel driver interprets these when querying the device capabilities, thus leaking kernel memory stack contents. The vulnerability requires the attacker to have access to t...

2.9CVSS2.1AI score0.00321EPSS
Exploits1References1
Huntr
Huntr
added 2022/07/28 5:56 p.m.16 views

No password brute-force protection on login page

Description The login page doesn't have any protection against a brute-force password attack, which allows an attacker to try every possible combination without any restriction. Proof of Concept 1. 1 - Send a login request of the target user POST /api/auth/token HTTP/1.1 Host: localhost:9091...

1.3AI score
Exploits0
Huntr
Huntr
added 2022/07/28 4:38 p.m.21 views

Full Read Server-Side Request Forgery (SSRF)

Description In the recipe edit page, is possible to upload an image directly or via an URL provided by the user. The function that handles the fetching and saving of the image via the URL doesn't have any URL verification, which allows to fetch internal services. \ \ Furthermore, after the resour...

7AI score
Exploits0
Huntr
Huntr
added 2022/07/27 4:27 p.m.10 views

Path traversal in unjs/storage leads to code injection due to unsanitzed code generation

Path Traversal A path traversal vulnerability exists within unjs/unstorage when using the file system storage driver. This vulnerability can be exploited when the user has control over the key name. By creating key names containing sequences of ../ or ..: we can navigate the file system. We are...

7.2AI score
Exploits0References3
Huntr
Huntr
added 2022/07/27 11:39 a.m.10 views

Unauthenticated Cross Site Scripting - Reflected

Description Please enter a description of the vulnerability. Proof of Concept XSS POC: Local Host : http://192.168.0.109:81/?PagePrincipale/rss&id=1%27%3Cscript%3Ealert1122%3C/script%3E Vendor Domain: https://yeswiki.net/?AccueiL/rss&id=1%27%3Cscript%3Ealert1122%3C/script%3E Attached POC Images:...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/07/27 11:31 a.m.14 views

UnAuthenticated SQL Injection

Proof of Concept POC: Vendor Domain Print version: https://yeswiki.net/?AccueiL/rss&id=1%27+and+extractvalue0x0a,concat0x0a,select+version--+- Print Database: https://yeswiki.net/?AccueiL/rss&id=1%27+and+extractvalue0x0a,concat0x0a,select+database--+- Print User:...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/07/27 8:56 a.m.19 views

Cross-site scripting - Stored via upload ".xml" file

Description In file upload function, the server allow upload .xml file with contain some javascript code lead to XSS. Proof of Concept REQUEST POST /?PageTitre/ajaxupload&qqfile=index.xml HTTP/1.1 Host: localhost:8081 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:104.0 Gecko/20100101...

7.3AI score
Exploits0References1
Huntr
Huntr
added 2022/07/26 8:33 p.m.26 views

Improper Input Validation Leads to Privilege Escalation and Denial of Service

Description Improper input validation allows an attacker to privilege escalation and can make crash nginx server. There is no input validation in the v-add-web-domain-redirectL82, and "v-redirect-custom" input on the "Edit Web Domain" page, inputs are written directly to the...

6.5CVSS0.01076EPSS
Exploits1
Huntr
Huntr
added 2022/07/26 4:26 a.m.11 views

Password Reset token returned in Respose to Account takeover.

Description Password Reset token returned in Respose. Then you can set an arbitrary password with the following url: url //auth/reset-password?token=token Proof of Concept...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/07/26 1:49 a.m.7 views

Cross-Site Request Forgery (CSRF)

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept PoC.html history.pushState'', '', '/' document.forms0.submit;...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/07/25 12:26 p.m.21 views

Idor disclose other user's appointment

Description:- In this case an idor allow an attacker to view portal user's appointments Proof of Concept 1.Goto http://demo.openemr.io/openemr/portal/home.php and then goto my profile my appointment 2.Click on edit appointment button and capture the request in burp suite 3. Change eid parameter t...

4CVSS0.2AI score0.00696EPSS
Exploits1
Huntr
Huntr
added 2022/07/24 5:47 p.m.10 views

Cross site script

Description In this case a patient is able to execute js scripts in admin's session. further exploitation could lead to admin account takeover Steps to Repro:- 1. Login here https://demo.openemr.io/openemr/portal 2. Goto my documents and create new insurance form 3. Add this payload to any select...

Exploits0
Huntr
Huntr
added 2022/07/23 4:29 p.m.23 views

No Protection against Bruteforce attacks on Login page

Description Wger Workout Manager does not limit unsuccessful login attempts allowing Brute Forcing. Proof of Concept Steps to Reproduce: 1. Register a new user 2. Logout 3. Send a login request with an incorrect password 4. Capture the login request 5. Replay the login request with a different...

7.5CVSS8.8AI score0.00661EPSS
Exploits1References1
Huntr
Huntr
added 2022/07/23 6:59 a.m.24 views

Improper Input Validation

Description Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe for processing within the code, or when communicating with other components. When software does not validate input properly, an attacker is able to cra...

1.1AI score
Exploits0References3
Huntr
Huntr
added 2022/07/23 4:9 a.m.48 views

Null Pointer Dereference Caused Segmentation Fault

Description Null pointer dereference caused segmentation fault. This can cause Denial-of -service attack. version smlijun@ubuntu:/gpacasan/bin/gcc$ ./MP4Box -version MP4Box - GPAC version 2.1-DEV-rev243-gf87b12b32-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Plea...

1.9CVSS5.7AI score0.00488EPSS
Exploits1
Huntr
Huntr
added 2022/07/22 6:42 p.m.467 views

Privilege Escalation admin user to root user

Description "admin" user has sudo rights and can gain root access. By default sudo installation "admin" group has root rights. "admin" user created by hestia installation and this user is also in "admin" group. if the attackers access "admin" user, can gain root access. Proof of Concept...

5.8CVSS0.8AI score0.01035EPSS
Exploits1References1
Huntr
Huntr
added 2022/07/22 6:41 p.m.20 views

Reflected XSS in fava application

Description The "querystring" parameter of fava application is vulnerable to reflected XSS for which a attacker can modify any information that the user is able to modify. Proof of Concept 1.Open the url:...

5.8CVSS0.9AI score0.00698EPSS
Exploits1References2
Huntr
Huntr
added 2022/07/22 6:25 p.m.34 views

OS Command Injection user to admin

Summary Arbitrary commands can be injected when installing DokuWiki. Description Authenticated as "User" role users can inject commands. Injected commands are running as "admin" user. Prerequisite 1. Any user access 2. php 7.4 must be installed in order to install dokuwiki only admin can install...

6.5CVSS0.9AI score0.4749EPSS
Exploits1References1
Huntr
Huntr
added 2022/07/22 3:11 a.m.24 views

DOM-based Cross-Site Scripting (XSS) in OpenEMR 7.0.0 and below at White list files

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version; Open Source electronic health records and medical practice management application; has DOM-based Cross-Site Scripting XSS vulnerability in the...

4.9CVSS5.5AI score0.00437EPSS
Exploits1References3
Huntr
Huntr
added 2022/07/21 7:5 p.m.12 views

Cross-Site Request Forgery (CSRF)

Description CSRF is still possible on the Leads module Detailed Video is attached Proof of concept. Tested from: Firefox URL of Demo : https://demo.corebos.com/index.php?module=Leads&action=index&record=&relmodule=Leads Proof of Concept Video Link : https://vimeo.com/732211543 Steps Involved 1...

1AI score
Exploits0References2
Huntr
Huntr
added 2022/07/21 4:20 p.m.20 views

Non-Privilege user can view Patient's Amendments

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version Open-Source electronic health records and medical practice management application has Insecure direct object reference IDOR to function “Patient’s Amendments”, and it never bee...

4CVSS0.2AI score0.00641EPSS
Exploits1
Huntr
Huntr
added 2022/07/21 3:40 p.m.14 views

Cross-site Scripting via link creation bypass filter javascript scheme

Description The markdown's link creation feature allows inserting paths containing javascript scheme bypass filter javascript scheme via add https scheme prefix, so this flaw lead to XSS vulnerability. The payload used is the following: Proof of Concept Step to reproduct 1. Create new document 2...

6.2AI score
Exploits0References1
Huntr
Huntr
added 2022/07/21 10:8 a.m.26 views

Unauthorized to create and edit Amendments function

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version Open Source electronic health records and medical practice management application has unauthorized create and edit on “Patient/dashboard/Amendments” with function...

6.5CVSS0.1AI score0.00703EPSS
Exploits1
Huntr
Huntr
added 2022/07/20 6:11 p.m.12 views

Send message in chat function with any username

Description In chat function, username is not validated. We can change username to any value we want which not match with logged in user. Exploitation steps: 1. Login with Phil1 account Patient account. 2. Send message via Burpsuite proxy 3. Modify username to any value you want I user "n00b" 4. ...

7AI score
Exploits0
Huntr
Huntr
added 2022/07/20 8:35 a.m.12 views

heap-buffer-overflow occurs in function eval_string ./vim/src/typval.c:2226

Description heap-buffer-overflow occurs in evalstring ./vim/src/typval.c:2226, it should be allocated more memory at ./vim/src/typval.c:2126 vim version git log commit 5154a8880034b7bb94186d37bcecc6ee1a96f732 HEAD - master, tag: v9.0.0057, origin/master, origin/HEAD Proof of Concept Poc ./vim -u...

4.4CVSS7.2AI score0.00492EPSS
Exploits1
Huntr
Huntr
added 2022/07/19 1:28 p.m.21 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Description The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session Proof of Concept PHPSESSID:"ID" Created:"Tue, 19 Jul 2022 13:15:32 GMT" Domain:"demo.pimcore.fun" Expires / Max-Age:"Sessio...

Exploits0References2
Huntr
Huntr
added 2022/07/19 11:38 a.m.24 views

Reflected Cross Site Scripting in OpenEMR 7.0.0 and below at backup

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version Open Source electronic health records and medical practice management application has Reflected Cross Site Scripting vulnerability in the formstatus parameter...

5.8CVSS0.3AI score0.00461EPSS
Exploits1References2
Huntr
Huntr
added 2022/07/18 11:16 p.m.81 views

Blind SSRF on the RSS Feed

A normal user can add an RSS Feed with an internal URL which could lead to a blind SSRF issue by using local URLs...

5CVSS1.6AI score0.00459EPSS
Exploits0
Huntr
Huntr
added 2022/07/18 8:39 a.m.12 views

Insecure Direct Object References when creating a list

Description Insecure direct object references when creating a list allows one user to create a new list on behalf of another. Proof of Concept POST /list HTTP/2 Host: bookwyrm.social Cookie: djangolanguage=None; csrftoken=I5lj4znBJ9B5HnT3FAsII67G1EISidIKGlsIz5ElN9kmlDwucM2hGKx0Fy4gM8vj;...

7AI score
Exploits0
Huntr
Huntr
added 2022/07/18 8:34 a.m.27 views

xss via improper parsing of javascript: url

Description A URL like javascript://example.com%0aalert1 will get incorrectly recognised as a file: protocol. It has nothing to do with escaping as the common characters such as &, , if parsed.protocol !== "javascript" res.send"CLICK ME!" app.listen9999;...

2.3AI score
Exploits0
Huntr
Huntr
added 2022/07/17 11:48 a.m.23 views

[Bypass] Cross-site Scriptin (XSS) via file upload

🔒️ Requirements Privileges: User. 📝 Description I found a bypass to this report by uploading the file with "public": true, parameter. This is due to the fact that AWS bucket public folder does not auto download files when we access them. 🕵️‍♂️ Proof of Concept Step 1: Go your outline home and...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/07/17 2:30 a.m.8 views

Cross-Site Request Forgery (CSRF)

Description I found a possible Cross-Site Request Forgery CSRF vulnerability in Login Form. Login CSRF is a type of attack where the attacker can force the user to log in to the attacker’s account on a website and thus reveal information about what the user is doing while logged in. Proof of...

1.6AI score
Exploits0References3
Huntr
Huntr
added 2022/07/15 4:5 p.m.10 views

Insecure direct object references in "review" function

Description Insecure direct object references in review a book function allows one user to create a comment on behalf of another. Proof of Concept POST /post/review HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=bYsdqkQkkbYXZYRVd8AynhYxG1rBb2AoOfAO76XCYmgzXK3A266EpZamGcKL0pN5;...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2022/07/15 12:54 p.m.29 views

Heap-based Buffer Overflow in function ins_compl_infercase_gettext()

Description Heap-based Buffer Overflow in function inscomplinfercasegettext at src/insexpand.c:645 vim version commit 3a393790a4fd7a5edcafbb55cd79438b6e641714 Author: Dominique Pelle Date: Thu Jul 14 17:40:49 2022 +0100 patch 9.0.0053: E1281 not tested with the old regexp engine Problem: E1281 no...

4.4CVSS7.7AI score0.00552EPSS
Exploits1
Huntr
Huntr
added 2022/07/15 6:15 a.m.32 views

Undefined behavior in diff_write_buffer()

Description Undefined behavior. commit hash: 99af91e5820c78a196c9272cd8ce5aa5be7bf374 It may occur heap-buffer-overflow. Proof of Concept Download POC file POC GDB gdb-peda$ r -u NONE -i NONE -n -m -X -Z -e -s -S undefinedpoc -c :qa! 0000089bd31 in diffwritebuffer buf=0x62500000f100, din= at...

1.9CVSS6.5AI score0.00854EPSS
Exploits1
Huntr
Huntr
added 2022/07/15 3:17 a.m.16 views

Cross-site Scripting (XSS)

Description ihatemoney is vulnerable to Cross-Site Scripting XSS when inviting people via email. Steps to reproduce 1.Go to https://ihatemoney.org/ and try out the demo. 2.In the bottom left, click on Invite people. 3.In the Send via Emails section, input the payload: into the People to notify...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/07/14 6:34 p.m.11 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Description The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. Proof of Concept Link: https://postimg.cc/1nBBXZr5 Remediation If possible, you should set the Secure flag for these cooki...

0.8AI score
Exploits0References2
Huntr
Huntr
added 2022/07/14 5:25 p.m.10 views

LFI / Path Traversal allows attacker to read any file in the working directory

Description The file upload functionality allows a user to attach a file to a paste. When an attacker views the attached file he can alter the path e.g. via burpsuit and read any file in the working directory via the relative path. This also accounts for private pastes. The attacker needs...

1.4AI score
Exploits0
Huntr
Huntr
added 2022/07/14 6:54 a.m.10 views

Insecure redirect when submit invalid form

Description When submit invalid form, the server will redirect to url which obtain via Referrer header. Proof of Concept POST /create-shelf HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=ZpIuGbCcxOyhta5bki4N46N7vknEAcpaG3881kcMAfWKBEYKEiLEeSc3Sr4lUTVa; djangolanguage=en-us;...

0.9AI score
Exploits0References1
Huntr
Huntr
added 2022/07/14 6:32 a.m.10 views

Insecure direct object references in `create-shelf` function

Description Insecure direct object references in create-shelf function allows one user to create a shelf on behalf of another. Proof of Concept POST /create-shelf HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=ZpIuGbCcxOyhta5bki4N46N7vknEAcpaG3881kcMAfWKBEYKEiLEeSc3Sr4lUTVa;...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2022/07/14 4:11 a.m.25 views

Cross-site Scripting (XSS) - Reflected

Description Hi team, I found XSS at /module/. Proof of Concept Pop up POC: Reflected POC: Full request payload: POST /demo/module/ HTTP/1.1 Host: demo.microweber.org User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:102.0 Gecko/20100101 Firefox/102.0 Accept: / Accept-Language: en-US,en;q=0....

5.8CVSS6AI score0.00785EPSS
Exploits1
Huntr
Huntr
added 2022/07/12 11:57 a.m.11 views

stackexchange uses an unpached version of jQuery < 3.4.0 which exposes it to prototype pollution

Description By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses...

2.2AI score0.87218EPSS
Exploits4References2
Huntr
Huntr
added 2022/07/12 7:56 a.m.19 views

Email enumeration via Resend link page

Description Through the Resend link page, an attacker can know that if an email exists or not; just by observing the notification in the response page. So, once the attacker knows that an email exists, he can launch a brute force attack against it. If an email exists: There is no notification and...

0.2AI score
Exploits0
Total number of security vulnerabilities4072