Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/06/20 7:20 a.m.16 views

NDIS Packet Buffer Overflow Due To Allocation/Copy Inconsistencies

Description Reading driver source code is a challenge because despite things appearing to be a vulnerability, there might be a single overlooked comment in MSDN's documentation for an obscure function that ensures that something isn't a vulnerability - in light of this challenge, I'm going to wal...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/06/20 7:14 a.m.27 views

Heap-based Buffer Overflow in function utf_ptr2char

Description Heap-based Buffer Overflow in function utfptr2char at mbyte.c:1794 vim version git log commit e366ed4f2c6fa8cb663f1b9599b39d57ddbd8a2a HEAD - master, tag: v8.2.5136, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pochbo3s.dat -c...

6.8CVSS7.6AI score0.01473EPSS
Exploits1
Huntr
Huntr
added 2022/06/19 2:40 p.m.9 views

Username can be enumerated by password reset endpoint

Description The error message on /password/reset/1 can indicate whether the username exists in the instance. I believe this is a valid issue for the following reason: 1. /password/reset after submitting the username on this page, the server always returns success no matter whether the username...

7.3AI score
Exploits0
Huntr
Huntr
added 2022/06/19 7:56 a.m.10 views

UI Redressing

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept 1. Go to this URL:...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2022/06/19 4:19 a.m.8 views

Cross-site Scripting (XSS) - Stored

Description Titra is vulnerable to Stored XSS in the Task field when creating a new task in a project. Steps to reproduce 1.In the Overview tab, click on New project button. 2.Enter a project name and click Save. 3.Move to the Tasks tab in that project and click on New Task button. 4.In the Task...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/06/19 2:34 a.m.40 views

NULL Pointer Dereference in function _appendStartNsEvents

Description NULL Pointer Dereference in function vimappendStartNsEvents at src/lxml/iterparse.pxi:435 allows attackers to cause a denial of service or application crash. Proof of Concept python from io import StringIO from lxml import etree firstinput = """ """ secondinput = """ """ def...

5CVSS1.3AI score0.02462EPSS
Exploits1
Huntr
Huntr
added 2022/06/19 1:42 a.m.32 views

Lack of Character Limit in Notes Sections Leads to Denial of Service

Description The InvenTree application allows for the inclusion of notes for various objects in the application. The notes functionality does not include a character limit. An attacker can submit an infinite number of characters into the notes section, which causes a denial of service and increase...

4.3CVSS0.1AI score0.00788EPSS
Exploits1References1
Huntr
Huntr
added 2022/06/17 4:51 p.m.13 views

Password Reset Allows For User Email Enumeration

Description The password reset function at the login page responds to valid and invalid emails in the application. Submitting an invalid email result in "The e-mail address is not assigned to any user account." A valid response results in a message stating an email has been sent. Proof of Concept...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2022/06/17 4:39 p.m.16 views

Privilege Escalation via edit response body

Description Recently, i found a business logic vulnerabity and this vulnerability allow reader user perform privilege escalation on allaccess user. Because before user perform any function, client-side will perform OPTIONS request to view user permission with specify function via response body. I...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/06/17 11:58 a.m.26 views

Reflected XSS on /editor_tools/module

Description Reflected XSS with filter bypass on /editortools/module using type= parameter. Proof of Concept https://demo.microweber.org/demo/editortools/module?type="alert"xss" The value of the "type" parameter is injected into the source code of the page at line 38. Since the value of the "type"...

4.3CVSS0.02907EPSS
Exploits1
Huntr
Huntr
added 2022/06/17 3:51 a.m.19 views

SSRF via Improper Input Validation

Description Hostname is not detected because of improper handling of username and password. Based on real cases Proof of Concept shell ❯ node -e 'const parseUrl = require"parse-url"; console.logparseUrl"http://google:com:@@localhost"' protocols: 'http' , protocol: 'http', port: null, resource:...

7.5CVSS0.4AI score0.01533EPSS
Exploits1
Huntr
Huntr
added 2022/06/16 4:27 p.m.25 views

Improper Access Control in Crabtyper API

Description The API program allows any user to create languages and snippets, as well as delete them. This allows a malicious actor to add offensive snippets which could appear to any user, and also allows anyone to completely take down the service by removing all snippets. This is due to...

7AI score
Exploits0
Huntr
Huntr
added 2022/06/16 3:27 p.m.12 views

Disabling Account Multi Factor Authentication (MFA) Does Not Require Authenticator Token or Credentials

Description The application does not require a valid MFA authenticator token, user credentials, or other mechanism to disable MFA on an account. Proof of Concept 1. In an account with MFA enabled, go to User Settings 2. Click on Remove multifactor 3. Select the response when the window pops up 4...

1.8AI score
Exploits0References2
Huntr
Huntr
added 2022/06/16 2:9 p.m.27 views

InvenTree Deploys a Weak Password Change Mechanism

Description When setting a new user password, InvenTree does not require knowledge of the original password or using another form of authentication. Proof of Concept 1. Log in as a regular user 2. Go to the account settings link 3. Select Set Password 4. Enter any 8-character password string this...

1AI score
Exploits0References1
Huntr
Huntr
added 2022/06/16 9:49 a.m.11 views

Inefficient Regular Expression Complexity potentially leads to Denial of Service

Description Inefficient Regular Expression Complexity of url regex could lead to a denial of service attack. This report bypasses the fix in issue 300 by a well-formed payload '//a.b' + 'c1'.repeati + 'a'. With only 36 characters payload could take 18672 ms time execution. Proof of Concept js //...

1.9AI score
Exploits0References1
Huntr
Huntr
added 2022/06/16 7:50 a.m.34 views

The NocoDB application allows large characters to insert in the input field "New Project" on the create field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request

Proof of Concept Go to http://localhost:8080/dashboard//projects Click on New project and create Fill the "Enter project name" field with huge characters, more than 1 lakh Copy the below payload and put it in the input fields and click on continue. You will see the application accepts large...

4CVSS2.7AI score0.01787EPSS
Exploits1References2
Huntr
Huntr
added 2022/06/16 7:42 a.m.37 views

Heap-based Buffer Overflow in function get_lisp_indent

Description Heap-based Buffer Overflow in function getlispindent at indent.c:1994 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pochbo2s.dat -...

6.8CVSS7.7AI score0.01554EPSS
Exploits1
Huntr
Huntr
added 2022/06/16 6:58 a.m.12 views

Memory leaks in function vim_strsave

Description Memory leaks in function vimstrsave at strings.c:27 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC root@fuzz-vm0-187:/home/fuzz/fuzz/vim/afl/src ./vim -u NONE -i NONE -n -m -X -Z -e -s -S...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/06/16 6:9 a.m.33 views

Buffer Over-read in function current_quote

Description Buffer Over-read in function currentquote at textobject.c:1801 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC root@fuzz-vm0-187:/home/fuzz/fuzz/vim/afl/src ./vim -u NONE -i NONE -n -m -X -Z -e -s -S...

6.8CVSS1.2AI score0.01481EPSS
Exploits1
Huntr
Huntr
added 2022/06/16 5:54 a.m.30 views

Out-of-bounds Read in function suggest_trie_walk

Description Out-of-bounds Read in function suggesttriewalk at spellsuggest.c:1437 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC root@fuzz-vm0-187:/home/fuzz/fuzz/vim/afl/src ./vim -u NONE -i NONE -n -m -X -Z -e -s...

6.8CVSS7.7AI score0.01481EPSS
Exploits1
Huntr
Huntr
added 2022/06/16 5:35 a.m.42 views

Out-of-bounds write in function vim_regsub_both

Description Out-of-bounds write in function vimregsubboth at regexp.c:1973 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC root@fuzz-vm0-187:/home/fuzz/fuzz/vim/afl/src ./vim -u NONE -i NONE -n -m -X -Z -e -s -S...

6.8CVSS7.6AI score0.01343EPSS
Exploits1
Huntr
Huntr
added 2022/06/15 1:11 p.m.12 views

Cross site Scripting By injecting iframe

Description Cross site scripting using iframe Proof of Concept 1.Goto https://demo.inventree.org/company/manufacturers/ 2.Create new Manufracturer 3.In Add notes Section add this payload and save 4.Visit this address https://demo.inventree.org/company/ID POC :- Visit this url...

Exploits0
Huntr
Huntr
added 2022/06/15 9:25 a.m.28 views

Possible prototype pollution in Schema.path

Description Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Affected versions of this package are vulnerable to Prototype Pollution. The Schema.path function is vulnerable to prototype pollution when setting the schema object. This vulnerability allows...

7.5CVSS2.6AI score0.32676EPSS
Exploits1References2
Huntr
Huntr
added 2022/06/15 9:6 a.m.7 views

curl_auth not cleared on downgrade

Description Guzzle recently fixed a vulnerability related to "Authorization" handling on downgrade here - https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q. However, there also exists another code path, for which Guzzle uses a Authorization header located when it uses diges...

7.2AI score
Exploits0
Huntr
Huntr
added 2022/06/14 11:5 a.m.77 views

SSRF via Import URL

Description While importing CSV and Excel file via an URL, the server does not validate requests properly that's how the attacker can able to make requests to internal servers and access the contents. Proof of Concept 1. Go to any project 2. From Dashboard, click on Add / Import CSV or Microsoft...

5CVSS0.6AI score0.01841EPSS
Exploits1
Huntr
Huntr
added 2022/06/14 10:29 a.m.19 views

Forward credential header to attacker host

Description Some Admins set the "Authorization" header with the help of a reverse proxy to restrict initial access to the Drawio application server. In this kind of setup, the "Authorization" header should always be sent to the reverse proxy, and the reverse proxy will forward it to Drawio But Th...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/06/14 8:38 a.m.14 views

Multiple user creation with the same email Id via existing verification bypass

Hello team, while i was checking on the nakama dashboard as an Administrator i noticed that we can bypass the existing verification and create multiple user with same email id Steps to reproduce: 1. Open the dashboard as an adminuser and go to the user management form http://site.com//users 2...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2022/06/14 1:31 a.m.14 views

Stored Cross-site Scripting (XSS) via SVG file upload in courses.

Description An attacker can upload and store a malicious SVG file in work forms and execute client side JavaScript code when opened. Replication Steps and Proof of Concept We create a file named file.svg containing the following: // We upload the file in an active work assignment inside any cours...

2.5AI score
Exploits0
Huntr
Huntr
added 2022/06/13 10:45 a.m.16 views

Allows large characters in change password filling

Description The titra application allows large characters to insert in the input field "password" at password change feature which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1. Login and go to profile or https://app.titra.io/profile 2. Using...

1.5AI score
Exploits0References2
Huntr
Huntr
added 2022/06/13 10:36 a.m.17 views

Allows large characters in password filling

Description The titra application allows large characters to insert in the input field "password" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1. Register a new account or go to https://app.titra.io/join?email= 2. Fill a normal email, fil...

2.5AI score
Exploits0References2
Huntr
Huntr
added 2022/06/13 9:59 a.m.8 views

Weak Password Policy

Description You can change your password in profile to a weak password. Proof of Concept 1. Login and go to your Profile 2. Use the password change feature or https://app.titra.io/changePwd 3. Enter your current password, fill the "Password" and "Password again" with 1 You can see your password h...

7.2AI score
Exploits0References2
Huntr
Huntr
added 2022/06/13 8:50 a.m.11 views

Generation of Error Message Containing Sensitive Information

Description The software generates an error message that includes sensitive information about its environment, users, or associated data. Proof of Concept 1. The forgot password feature will tell you whether or not a username exists which is a vulnerability since it can be paired with the lack of...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2022/06/13 4:39 a.m.11 views

Stored XSS in Supplier Company Name

Description The application inventree is vulnerable to Stored XSS in supplier company name field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/1KDrwbWkftO-cNrd-4XSoNh27Z3vqiMR/view?usp=sharing...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/06/13 4:37 a.m.9 views

Stored XSS in Supplier Company Description

Description The application inventree is vulnerable to Stored XSS in supplier company description field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/115LLo4rxW7RzWd7hevbSFAlf-V83OUhU/view?usp=sharing...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/06/13 4:29 a.m.7 views

Stored XSS in Customer Company Description

Description The application inventree is vulnerable to Stored XSS in customer company description field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/19l7W3MMeTdhQzroutdDBBIdIVLGhQtw1/view?usp=sharing...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/06/13 4:27 a.m.8 views

Stored XSS in Customer Company Name

Description The application inventree is vulnerable to Stored XSS in customer company name field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/11tKQzqKFobDEuqigsQYIdQhMnqSLIBsi/view?usp=sharing...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/06/13 1:58 a.m.18 views

Weak policy at Change password function

Description We can register an normal account with = 8 characters password. But we ccan change password with just 1 character when we use change password function Proof of Concept https://drive.google.com/file/d/1D-IDqrMiaBGLnZaZY9L3u-S4u-MoGxPc/view?usp=sharing...

5CVSS1.3AI score0.00994EPSS
Exploits1
Huntr
Huntr
added 2022/06/12 2:22 a.m.17 views

A stored XSS in dolibarr/htdocs/admin/accountant.php

Description I found a stored XSS in the admin/accountant.php, the field town, name, Accountant code can escape the double quote. In the path 'dolibarr/htdocs/main.inc.php' has a WAF, we can not inject any the javascript onxxx event. However, in the path...

3.5CVSS5.6AI score0.00863EPSS
Exploits1
Huntr
Huntr
added 2022/06/11 5:36 p.m.19 views

Stored Cross-Site Scripting

Description A stored cross-site scripting vulnerability exists within the Gallery View comments functionality. Replication Steps and PoC Preconditions PC1. A project exists. PC2. A table with a sheet containing data exists in the project. PC3. A gallery view exists. PC4. A user with the editor ro...

3.5CVSS1.2AI score0.00678EPSS
Exploits1References1
Huntr
Huntr
added 2022/06/11 12:57 p.m.10 views

Cross Site Scripting via Improper Input Validation

Description The parse-url The 5.0.8 version of the parser does not check :// character between protocols. This causes spoofing of the javascript protocol itself. Additionally, protocol spoofing does not occur in url-parse, new URL, and url.parse other than parse-url. Proof of Concept const parseU...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/06/11 9:14 a.m.30 views

Unrestricted File Upload in Part Attachment

Description The application inventree allows users to upload any file in part attachment allowing attacker to render files such as HTML in the browser. Proof of Concept Video PoC Link: https://drive.google.com/file/d/1vurBkHegeYCwbXopE5Yhyb702rYgG9FM/view?usp=sharing...

6.5CVSS1.9AI score0.02205EPSS
Exploits2References1
Huntr
Huntr
added 2022/06/11 9:8 a.m.22 views

Formula Injection Part Description

Description Formula Injection/CSV Injection in inventree due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept Video PoC link: https://drive.google.com/file/d/1mfBTUDS1iZ4uJfBpc568WgpdZdN5f/view?usp=sharing...

6.8CVSS0.8AI score0.0234EPSS
Exploits2References1
Huntr
Huntr
added 2022/06/11 8:59 a.m.13 views

Stored XSS in Part Revision

Description The application inventree is vulnerable to Stored XSS in part revision field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/1ZobGHiFXbhPG0agsH8mcg8VMsrjSuUP/view?usp=sharing...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/06/11 8:55 a.m.15 views

Stored XSS in Part IPN

Description The application inventree is vulnerable to Stored XSS in part IPN field. Proof of Concept Video PoC link: https://drive.google.com/file/d/1HEy7XS89FlzVSPFGilowBrBDMPAfCs/view?usp=sharing...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/06/11 8:51 a.m.10 views

Stored XSS in Part Parameter

Description The application inventree is vulnerable to Stored XSS in part parameter field. Proof of Concept Video PoC link: https://drive.google.com/file/d/19MiGIB3Q1VzdmMBttCKiEtFKR34z-2/view?usp=sharing...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/06/11 8:44 a.m.26 views

Stored XSS in Part Description

Description The application inventree is vulnerable to Stored XSS in part description field. Proof of Concept Video PoC link: https://drive.google.com/file/d/1ZFgWiVpalxZ8zGeDrErezjZCQjB3VP-w/view?usp=sharing...

3.5CVSS0.4AI score0.00751EPSS
Exploits1
Huntr
Huntr
added 2022/06/11 8:28 a.m.10 views

heap-buffer-overflow in dex_parse

Description There exists a heap based out of bounds read vulnerability in dexparse c setinteger yrle16tohmapitem-type, dex-object, "maplist.mapitem%i.type", i; Reproduction Build the fuzz target with address sanitizer enabled + optional libfuzzer and run the test case from here $ git rev-parse HE...

7AI score
Exploits0
Huntr
Huntr
added 2022/06/10 8:32 p.m.33 views

Chatwoot's Misconfigured Rack_Attack.rb Does Not Appropriately Protect Against Brute Force Attacks

Description Chatwoot relies on the rackattack.rb file to defend the application against various brute force attacks. The Chatwoot application fails to prevent brute force attacks against the listed paths when strings are appended to the end of POST directory names. Some protection still exists,...

7.5CVSS0.3AI score0.00882EPSS
Exploits1References3
Huntr
Huntr
added 2022/06/10 3:13 p.m.16 views

Sensitive header uncleared on same-host, cross-port redirect

Description Sensitive headers are uncleared on cross-port redirect Proof of Concept poc.php 'http://10.0.2.4', ;...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/06/10 9:45 a.m.11 views

Reflected XSS in param 'activetab' and param 'code'

Description We can insert XSS payload at http://localhost/facturascripts/ListAlbaranProveedor, the 'activetab' parameter. Proof of Concept GET...

0.3AI score
Exploits0
Total number of security vulnerabilities4072