Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/06/30 6:50 p.m.8 views

File Protocol Spoofing

Description parse-url misinterpreting the file:// protocol when trying to match git urls. The following payload is certainly valid file protocol but is interpreted as ssh protocol. file:///etc/passwd?http://a:1:1 Proof of Concept // PoC.js const fs = require'fs'; var parseURL = require"parse-url"...

7.2AI score
Exploits0
Huntr
Huntr
added 2022/06/30 4:22 p.m.7 views

Open Redirect

📝 Description The redirect get variable in login page isn't properly checked. Currently, it check if url.scheme and url.netloc are empty using urllib. py parsed = urlparseredirecturl check if redirect url is valid if parsed.scheme != "" or parsed.netloc != "": logger.warning f"Got an invalid...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/06/30 2:6 p.m.9 views

Cross-site Scripting (XSS) - Stored in Space Name

Description Cross-site Scripting XSS - Stored in space name. Because space name is not HTML encoded, "Confirm action" modal pops up then the script is executed. Proof of Concept Step 1: Create a new Space and fill in name with this payload: "alert1. Step 2: Send an invite to victim then save. Ste...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2022/06/29 4:42 p.m.37 views

Bypassing SVG content cleaning lead to Stored XSS

Description the application is accepting SVG files as an image and applies a sanitize on the SVG content to avoid XSS attacks using the following snippet of code php else if $ext === 'svg' if isfile$filePath $sanitizer = new \enshrined\svgSanitize\Sanitizer; // Load the dirty svg $dirtySVG =...

3.5CVSS5.4AI score0.00555EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 3:36 p.m.27 views

Integer Overflow in function lsr_translate_coords

Description Integer Overflow in function lsrtranslatecoords at laser/lsrdec.c:853 gpac version git log commit ea3af7c8242d1a82657dc3a518df5a5b1b5e27ed HEAD - master, origin/master, origin/HEAD Author: Romain Bouqueau Date: Tue Jun 28 19:25:58 2022 +0200 POC ./MP4Box -bt ./pocintof1s.dat...

4.4CVSS0.1AI score0.00379EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 11:15 a.m.20 views

Heap Use After Free in function Q_IsTypeOn

Description Heap Use After Free in function QIsTypeOn at src/bifs/unquantize.c:169 gpac version git log commit ea3af7c8242d1a82657dc3a518df5a5b1b5e27ed HEAD - master, origin/master, origin/HEAD Author: Romain Bouqueau Date: Tue Jun 28 19:25:58 2022 +0200 POC ./MP4Box -bt ./pochuaf1s.dat...

4.4CVSS7.9AI score0.00356EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 9:0 a.m.22 views

Heap Use After Free in function ex_diffgetput

Description Heap Use After Free in function exdiffgetput at diff.c:2790 vim version git log commit 75417d960bd17a5b701cfb625b8864dacaf0cc39 HEAD - master, tag: v9.0.0001, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochuaf3s.dat -c :qa!...

6.8CVSS7.8AI score0.01264EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 8:50 a.m.38 views

Stack-based Buffer Overflow in function spell_dump_compl

Description Stack-based Buffer Overflow in function spelldumpcompl at spell.c:4038 vim version git log commit 75417d960bd17a5b701cfb625b8864dacaf0cc39 HEAD - master, tag: v9.0.0001, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocsbo1s.dat -c :qa!...

6.8CVSS7.8AI score0.01408EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 8:10 a.m.30 views

Integer Overflow in function del_typebuf

Description Integer Overflow in function deltypebuf at getchar.c:1204 vim version git log commit 75417d960bd17a5b701cfb625b8864dacaf0cc39 HEAD - master, tag: v9.0.0001, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocintof1s.dat -c :qa!...

6.8CVSS1AI score0.01343EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 6:55 a.m.28 views

Out-of-bounds Read in function ins_bytes

Description Out-of-bounds Read in function insbytes at change.c:968 vim version git log commit 9610f94510220c783328e1857af87a6ae7bc20b4 HEAD - master, tag: v9.0.0014, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocobr4s.dat -c :qa!...

6.8CVSS7.6AI score0.013EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 6:46 a.m.19 views

Heap-based Buffer Overflow in function utfc_ptr2len

Description Heap-based Buffer Overflow in function utfcptr2len at mbyte.c:2113 vim version git log commit 75417d960bd17a5b701cfb625b8864dacaf0cc39 HEAD - master, tag: v9.0.0001, origin/master, origin/HEAD POC ./afl/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochbor3s.dat -c :qa!...

6.8CVSS7.8AI score0.01363EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 6:40 a.m.25 views

Inefficient Regular Expression Complexity potentially leads to Denial of Service in

Description Inefficient regular expression complexity of lowercase and uppercase regex could lead to a denial of service attack. With a formed payload 'a' + 'a'.repeati + 'A', only 32 characters payload could take 29443 ms time execution when testing lowercase. The same issue happens with...

5CVSS1.5AI score0.01331EPSS
Exploits1References2
Huntr
Huntr
added 2022/06/29 4:21 a.m.31 views

Heap-based buffer overflow in function inc

Description Heap-based buffer overflow in function inc at misc2.c:344 Version commit 8eba2bd291b347e3008aa9e565652d51ad638cfa HEAD, tag: v8.2.5151 Proof of Concept guest@elk:/trung$ valgrind ./vimlatest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc80min3 -c :qa! ==6151== Memcheck, a memo...

6.8CVSS0.01224EPSS
Exploits1
Huntr
Huntr
added 2022/06/29 2:34 a.m.26 views

Failure to invalidate session after password change

Description The application does not invalidate session after the password is changed which can enable attacker to continue using the compromised session. Proof of Concept 1Login to the same accounts in two different browsers https://demo.bigbluebutton.org/gl 2Change password in the 1st browser a...

9.5AI score0.0041EPSS
Exploits0References1
Huntr
Huntr
added 2022/06/28 8:20 p.m.19 views

Global overflow in pppdump leads to RCE

Global overflow vulnerability in pppdump A global overflow vulnerability is present in the pppdump utility of the ppp repo which may lead to code execution. Specifically when the -p flag is given for enabling the pppmodeon the pppdump command, a malicious crafted pppdump file can trigger a global...

1AI score
Exploits0
Huntr
Huntr
added 2022/06/28 1:21 p.m.162 views

Bypass open redirect protection

Description I could bypass the open redirect protection on the application after parsing the redirect function using the following payload http://[email protected]/ and the payload with the link in the following...

5.8CVSS5.1AI score0.00893EPSS
Exploits1References1
Huntr
Huntr
added 2022/06/28 7:23 a.m.11 views

Arbitrary template creation leading to Authenticated Remote Code Execution

Description Arbitrary File Write Reproduction Steps: 1. As a low privileged user, Create a new recipe and click on the "+" to add a New Asset. 2. Select a file, then proxy the request that will create the asset. 3. Update the values in the POST request to the ones shown below: POST...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/06/28 7:1 a.m.38 views

Multiple Reflected XSS Vulnerabilities in error handlers

Description Multiple routing error handlers are vulnerable to reflected XSS. Proof of Concept Deploy trilium server and access to these endpoint will execute the alert js function. http://localhost:8080/custom/%3Cscript%3Ealert1%3C/script%3E...

4.3CVSS1.3AI score0.03096EPSS
Exploits1
Huntr
Huntr
added 2022/06/28 5:58 a.m.17 views

Stored Cross-Site Scripting vulnerability in Recipe Instructions allows Admin session hijacking

Description A low privilege user can insert malicious JavaScript code into the Recipe Instructions which will execute in another person's browser that visits the recipe. Proof of Concept Reproduction Steps: 1. As a lower privileged user login to the Mealie web application. 2. Create a recipe and...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/06/28 12:59 a.m.68 views

Out-of-bound read in function msg_outtrans_special

Description Out-of-bound read in function msgouttransspecial at message.c:1716 Version commit c101abff4c6756db4f5e740fde289decb9452efa HEAD - master, tag: v8.2.5164 Proof of Concept guest@elk:/trung$ valgrind ./vimlatest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc4min2 -c :qa! ==23509=...

6.8CVSS7.6AI score0.01331EPSS
Exploits1
Huntr
Huntr
added 2022/06/28 12:13 a.m.14 views

Reflected XSS in type url parameter

Description The application has a reflected xss vulnerability in the url parameter type. Proof of Concept // PoC.js var payload = "alertdocument.cookie...

1.6AI score
Exploits0References1
Huntr
Huntr
added 2022/06/27 7:2 p.m.24 views

Stored xss in "users name","functions name","storage buckets name" and in "database collections name"

Description Appwrite application allows malicious javascript payload to inject in users name,functions name,storage buckets name and in database collections name which leads to Stored XSS. Proof of Concept 1.Login to the application 2.Go to the "users name","functions name","storage buckets name"...

4.9CVSS0.7AI score0.00663EPSS
Exploits2
Huntr
Huntr
added 2022/06/27 12:33 p.m.16 views

Threaded Race Condition in Authentication Allows Bypass of Authentication Attempt Restrictions

Description A threaded race condition exists in how the application handles authentication attempts in the application. The application recognizes and protects against single-threaded attempts with a five-attempt lockout function. By increasing threads in an authentication brute force attack it i...

7.5CVSS0.4AI score0.00747EPSS
Exploits0References1
Huntr
Huntr
added 2022/06/27 7:56 a.m.18 views

Out-of-bound write in function parse_command_modifiers

Description Out-of-bounds write in function parsecommandmodifiers at exdocmd.c:3123 Version commit c101abff4c6756db4f5e740fde289decb9452efa HEAD - master, tag: v8.2.5164 Proof of Concept guest@elk:/trung$ ./vim3/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc4min -c :qa!...

6.8CVSS7.6AI score0.01346EPSS
Exploits1
Huntr
Huntr
added 2022/06/27 7:30 a.m.8 views

Reflected XSS in multiple parameters

Testing Environment 1. Windows OS 2. Firefox Browser Vulnerable URLs ----...

1.4AI score
Exploits0
Huntr
Huntr
added 2022/06/27 5:37 a.m.9 views

Command Injection:

Description cookiecutter is a command-line utility that creates projects from cookiecutters. Affected versions of this package are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg...

8AI score
Exploits0References3
Huntr
Huntr
added 2022/06/27 4:14 a.m.22 views

Out-of-bound read data in function suggest_trie_walk() abusing array byts

Description Out-of-bound read data in function suggesttriewalk abusing array byts in line spellsuggest.c:1925 Tested version: v8.2.5166 commit f65cc665fa751bad3ffe75f58ce1251d6695949f HEAD - master, tag: v8.2.5166, origin/master, origin/HEAD Author: Bram Moolenaar Date: Sun Jun 26 18:17:50 2022...

5.8CVSS7.2AI score0.0132EPSS
Exploits1
Huntr
Huntr
added 2022/06/26 5:26 p.m.30 views

Null pointer dereference in function skipwhite

Description Null pointer dereference in function skipwhite at charset.c:1428 Version commit c101abff4c6756db4f5e740fde289decb9452efa HEAD - master, tag: v8.2.5164 Proof of Concept guest@elk:/trung$ valgrind ./vimlatest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc40min -c :qa! ==32519==...

4.3CVSS6.2AI score0.01226EPSS
Exploits1
Huntr
Huntr
added 2022/06/26 2:21 p.m.35 views

RCE due to Improper Authorization in 'Add Extension' functionality

Description The application does not properly implement authorization checks in the add extension functionality and allows a low-privileged user to upload extensions. Since no approval/verification is required to create an account in the application, any unauthenticated attacker can create a...

7.5CVSS1.2AI score0.01071EPSS
Exploits1
Huntr
Huntr
added 2022/06/26 12:22 p.m.6 views

Reflected XSS in "cbSurvey" module

Description Reflected XSS due to bad sanitization of "idstring" parameter in cbSurvey module. Proof of Concept https://demo.corebos.com/index.php?module=cbSurvey&action=cbSurveyAjax&file=MassEdit&mode=ajax&idstring=" onfocus=javascript:alertdocument.domain type=txt autofocus="...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/06/26 8:58 a.m.19 views

CSRF attack while uploading files on [/plupload] via GET request

Description The application is applying a technique to protect itself from CSRF attacks by sending the CSRF token on the cookies and checking the value on the backend and also check the referer header, the CSRF token is deleted from the cookies if the request comes from another origin and just...

Exploits0
Huntr
Huntr
added 2022/06/26 8:6 a.m.15 views

Bypassing CSRF on Multiple Endpoint

Description It's possible to bypass the CSRF protection which is already implemented on the coreBOS CMS. When some request not contain any valid CSRF token, the webpage will be displayed an error like: CSRF Error. The reason this happens is that the page has been open without any interaction for...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/06/25 5:1 p.m.9 views

Reflected XSS on the Products Modules

Description coreBOS is vulnerable with Reflected XSS on the Products modules. The HTML tag can be escaped with " character and the attacker can be able to perform the Reflected XSS Proof of Concept 1. Login to coreBOS 1. Go to...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2022/06/25 4:51 p.m.26 views

Cross-site Scripting (XSS) - Reflected

Description Hi, i found a Reflected XSS vulnerability GET request in /index.php in phoronix test suite, Results tab. Line 45 of index.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. Proof of Concept GET...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/06/25 9:30 a.m.31 views

Out-of-bound write in function ml_append_int

Description Out-of-bound write in function mlappendint at memline.c:2895 Version commit 8eba2bd291b347e3008aa9e565652d51ad638cfa HEAD, tag: v8.2.5151 Proof of Concept guest@elk:/trung$ valgrind ./vim2/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/guest/trung/poc/poc35min -c ':qa!' ==28900==...

6.8CVSS7.7AI score0.01331EPSS
Exploits1
Huntr
Huntr
added 2022/06/25 2:38 a.m.8 views

Improper storage of authorization cookie on HTTPs pages

The authorization cookie used by the panel pufferauth is stored in the browser without using HttpOnly or Secure flags on the cookie...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/06/25 1:58 a.m.24 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept 1 Go to this URL:...

0.4AI score
Exploits0References4
Huntr
Huntr
added 2022/06/25 1:52 a.m.9 views

Improper path sanitization allows remote read of sensitive system resources

In pufferpanel/files.go there is an EnsureAccess method that accepts a source string and prefix argument. This function attempts to validate that the path being requested is within the scope of the server's operating directory. However, there is a logic bug in this function that improperly passes...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/06/25 12:34 a.m.37 views

Heap-based buffer overflow in function ins_bs

Description Heap-based buffer overflow in function insbs at edit.c:4187 Version commit 8eba2bd291b347e3008aa9e565652d51ad638cfa HEAD, tag: v8.2.5151 Proof of Concept guest@elk:/trung/vim2/src$ valgrind ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/guest/trung/poc/poc24 -c :qa! ==5251== Memchec...

6.8CVSS0.01395EPSS
Exploits1
Huntr
Huntr
added 2022/06/25 12:25 a.m.45 views

Null pointer dereference in function diff_check

Description Null pointer dereference in function diffcheck at diff.c:1923 Version commit 8eba2bd291b347e3008aa9e565652d51ad638cfa HEAD, tag: v8.2.5151 Proof of Concept guest@elk:/trung/vim2/src$ valgrind ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /home/guest/trung/poc/poc22 -c :qa! ==4357==...

4.3CVSS0.01303EPSS
Exploits1
Huntr
Huntr
added 2022/06/23 7:20 p.m.13 views

Cross-site Scripting ( XSS) - Reflected

Description Please enter a description of the vulnerability. File pts-core/phoromatic/publichtml/public.php line 258 of public.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. Proof of Concept GET /test"alert1 HTTP/1.1 Host: localhost:8670...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/06/23 7:15 a.m.29 views

Out-of-bound read in function msg_outtrans_attr

Description Out-of-bound read in function msgouttransattr at message.c:1551 Version commit 8eba2bd291b347e3008aa9e565652d51ad638cfa HEAD - master, tag: v8.2.5151 Proof of Concept ./vim/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S pocvim01 -c :qa!...

6.8CVSS0.013EPSS
Exploits1
Huntr
Huntr
added 2022/06/22 2:50 a.m.16 views

Zammad's Misconfigured Rack_Attack.rb Does Not Appropriately Protect Against Brute Force Attacks

Description Zammad relies on the rackattack.rb file to defend the application against various brute force attacks, including forgotten password requests, ticket submissions, etc. The currently utilized RackAttack.rb file's configuration attempts to prevent password reset requests per IP to 3 per...

5CVSS0.1AI score0.00733EPSS
Exploits0References1
Huntr
Huntr
added 2022/06/22 2:40 a.m.23 views

Open Redirect

Description The Greenlight end-user interface is vulnerable to Open Redirect vulnerability in Login page due to unchecked the value of returnto cookie. Proof of Concept Original request example POST /gl/u/login HTTP/1.1 Host: demo.bigbluebutton.org Cookie:...

0.4AI score0.00362EPSS
Exploits0
Huntr
Huntr
added 2022/06/21 10:56 a.m.29 views

Reflected XSS on /api/module

Description Reflected XSS via filter bypass on /api/module using type= parameter. Proof of Concept https://demo.microweber.org/demo/api/module?type=alert"xss"&liveedit=true&fromurl=test The value of the "type" parameter is injected into the source code of the page at line 63. Since the value of t...

4.3CVSS0.1AI score0.02811EPSS
Exploits1
Huntr
Huntr
added 2022/06/21 8:9 a.m.18 views

Stored XSS in EditEstadoDocumento

Description In facturascripts/EditEstadoDocumento, the field Icon can be injected an XSS payload into it. Proof of Concept // PoC.js POST /facturascripts/EditEstadoDocumento?code=27&action=save-ok HTTP/1.1 Host: 127.0.0.1 Content-Length: 1224 Cache-Control: max-age=0 sec-ch-ua:...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/06/20 6:52 p.m.22 views

Mastadon's Misconfigured Rack_Attack.rb Does Not Appropriately Protect Against Brute Force Attacks

Description Mastadon relies on the RackAttack.rb file to manage API throttling in the application through the declaration of absolute paths i.e., /auth/signin. By appending random strings of characters to the end of the directory in a POST request it is possible to bypass brute force protections...

7.5CVSS9.3AI score0.01002EPSS
Exploits0References1
Huntr
Huntr
added 2022/06/20 4:57 p.m.31 views

UI REDRESSING

Description Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills...

5.8CVSS0.9AI score0.00638EPSS
Exploits1References3
Huntr
Huntr
added 2022/06/20 8:3 a.m.30 views

Buffer Over-read in function put_on_cmdline

Description Buffer Over-read in function putoncmdline at exgetln.c:3540 vim version git log commit e366ed4f2c6fa8cb663f1b9599b39d57ddbd8a2a HEAD - master, tag: v8.2.5136, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pocbor2s.dat -c :qa!...

6.8CVSS7.7AI score0.013EPSS
Exploits1
Huntr
Huntr
added 2022/06/20 7:28 a.m.26 views

Out-of-bounds Read in function get_lisp_indent

Description Out-of-bounds Read in function getlispindent at indent.c:2083 vim version git log commit e366ed4f2c6fa8cb663f1b9599b39d57ddbd8a2a HEAD - master, tag: v8.2.5136, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pocobr2s.dat -c :qa!...

6.8CVSS7.7AI score0.0145EPSS
Exploits1
Total number of security vulnerabilities4072