Lucene search
K

4072 matches found

Huntr
Huntr
•added 2022/06/09 9:45 a.m.•22 views

Cross-site Scripting (XSS) - Reflected

Description The time parameter in fava is vulnerable to reflected XSS Proof of Concept 1. 1.Open the web browser to access the fava webpage. 2. 2.Access the url:...

5.8CVSS0.1AI score0.00698EPSS
Exploits1References2
Huntr
Huntr
•added 2022/06/09 9:38 a.m.•19 views

Idor Lead to Archive Users

Description In this case a attacker can be able to archive any user of any targeted organization Proof of Concept 1. Attacker create new organization OrgA 2. Attacker add any user to his organization OrgA And archive the user 3. Capture this request in burp suite 4. victim is user of organization...

6.5CVSS1.5AI score0.0094EPSS
Exploits1
Huntr
Huntr
•added 2022/06/09 9:1 a.m.•74 views

SSRF via Plugin SMTP

Description The SMTP plugin doesn't have verification or validation, allowing the attacker to make requests to internal servers and get the contents. Reproduce 1. Go to Team & Settings 2. App Store SMTP 3. Configure and intercept Test request 4. Change Host/Port to internal address, example:...

5CVSS0.5AI score0.01418EPSS
Exploits1
Huntr
Huntr
•added 2022/06/09 7:46 a.m.•10 views

IDOR in Messages function

Description An user can view other users' private messages, join the conversation, delete messages if they know messages uuid Proof of Concept 1. A send B a priavte messages/email 2. C can view messages, join the conversation, delete messages if C know messages uuid...

3.7AI score
Exploits0
Huntr
Huntr
•added 2022/06/09 2:52 a.m.•10 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept Go to this URL:...

0.7AI score
Exploits0References3
Huntr
Huntr
•added 2022/06/08 7:48 a.m.•9 views

stored xss

Description Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Proof of Concept 1Go to this website: https://titra.io/ 2Click on add Track button 3In the Task field enter...

6.1AI score
Exploits0
Huntr
Huntr
•added 2022/06/08 3:34 a.m.•16 views

Reflected XSS in Results tab

Description Please enter a description of the vulnerability. Proof of Concept 1. Install a local instance of phoronix 2. Run a benchmark 3. When the test is complete, for example the result id is xxxxx 4. Acess...

7AI score
Exploits0
Huntr
Huntr
•added 2022/06/08 3:30 a.m.•7 views

Generation of Error Message Containing Sensitive Information

Description The software generates an error message that includes sensitive information about its environment, users, or associated data. Proof of Concept When logging in, the login page will tell you whether or not a username exists which is a vulnerability since it can be paired with the lack o...

0.4AI score
Exploits0References2
Huntr
Huntr
•added 2022/06/08 3:18 a.m.•11 views

UI Redressing

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept 1. Go to this URL:...

0.6AI score
Exploits0References2
Huntr
Huntr
•added 2022/06/08 2:39 a.m.•11 views

Weak Password Policy

Description This page is using a weak password. Acunetix was able to guess the credentials required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such ...

0.2AI score
Exploits0References1
Huntr
Huntr
•added 2022/06/07 10:15 p.m.•24 views

Account Takeover via Webhook Handlebars + API Reset Password

Description Through the Webhook functionality, the attacker is able to use Handlebars to capture sensitive user data. Capturing the emailverificationtoken, which through the API I found the PasswordForget function, enabling account takeover via password reset. Steps 1. - Create Table 2. - Select...

6.8CVSS0.3AI score0.01359EPSS
Exploits1
Huntr
Huntr
•added 2022/06/07 4:26 p.m.•16 views

chafa <= 4bac1466 is vulnerable to an out of bounds read vulnerability.

chafa = 4bac1466 is vulnerable to an out of bounds read vulnerability. Building Build chafa with ASANaddress sanitizer sh $ git rev-parse HEAD 4bac14668535c09f6f47552bbd1566097dab4bf8 $ export CFLAGS="-g -O0 -fsanitize=address"; export CXXFLAGS="-g -O0 -fsanitize=address"; export CC=$which...

2.1CVSS3.6AI score0.0042EPSS
Exploits1
Huntr
Huntr
•added 2022/06/07 1:42 p.m.•5 views

Cross Site Scripting via Improper Input Validation

Description The parse-url The 5.0.8 version of the parser does not check url characters between protocols. This causes spoofing of the javascript protocol itself. Proof of Concept javascript const parseUrl = require"parse-url"; const express = require'express'; const app = express; parsed =...

0.8AI score
Exploits0
Huntr
Huntr
•added 2022/06/07 12:10 p.m.•23 views

Bypass filter - Stored XSS in Resources

Description Website does incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of concept javaSCRIPTalertorigin Steps to reproduce it works on Firefox not in chromium based browsers 1.Go to...

3.5CVSS5.7AI score0.00844EPSS
Exploits1
Huntr
Huntr
•added 2022/06/07 9:45 a.m.•15 views

https://huntr.dev/bounties/582cb14b-b2a8-4064-91c5-b580ff69ba07/ fix bypass; XSS via improper input validation of \t and lone \n character

Description I read this report https://huntr.dev/bounties/582cb14b-b2a8-4064-91c5-b580ff69ba07/ and noticed \t and lone \n is also missing from the filter list in the regex URL replace/\r?\n|\r/gm, "" All instances of \r \n and \t should be cleaned, but the filter list only checks for \r\n or \r...

Exploits0
Huntr
Huntr
•added 2022/06/07 9:7 a.m.•24 views

Run malicious JS code with other kinds of encoding

Description We can Run malicious JS code With special escaping characters for ASCII chars that start with \x and also all Unicodes start with \u, like the followings : CR == \x0d and \u000d LF == \x0a and \u000a TAB == \t and \u0009 and \x09 So there can be many characters that we can't filter al...

4.3CVSS6.5AI score0.00955EPSS
Exploits1
Huntr
Huntr
•added 2022/06/07 8:29 a.m.•27 views

Bypass of last fix

Description last fix can be bypass because in this line we should consider the case \r\r or even \r too. Proof of Concept javascript const http = require"http"; const parseUrl = require"parse-url"; const url = parseUrl'jav\r\r\rascript://%0aalert1'; console.logurl const server =...

4.3CVSS0.2AI score0.00857EPSS
Exploits1
Huntr
Huntr
•added 2022/06/06 9:4 p.m.•33 views

Client-Side RCE and Stored XSS via Unsafe Deserialization of Diagrams

Description The deserialization mechanism of diagram files is based on an XML like structure. When it is read, internal objects are created and properties on those can be set. Furthermore it allows calling any top-level constructor function and cloning of top level XML/HTML nodes. This has the...

3.5CVSS0.00698EPSS
Exploits1
Huntr
Huntr
•added 2022/06/06 8:54 p.m.•31 views

Stored XSS via Deserialization of Stylesheets

Description Diagram files can contain stylesheets which basically consist of key value pairs that influence the appearance of digram elements. When adding a stylesheet mxStylesheet element it is possible to execute JavaScript code when used in combination with the internal include element. Usuall...

3.5CVSS1.6AI score0.00607EPSS
Exploits1
Huntr
Huntr
•added 2022/06/06 7:9 p.m.•30 views

use after free in skipwhite

Description When fuzzing vim commit 1d97db3d9 works with latest build and latest commit 3760bfddc per this time of this report, I discovered a use after free. Proof of Concept Here is the minimized poc bash spe!fl norm0z= norm0yy no0 Psvc sil!norm0 norm0 How to build bash LD=lld AS=llvm-as...

6.8CVSS7.4AI score0.01411EPSS
Exploits1
Huntr
Huntr
•added 2022/06/06 5:48 p.m.•26 views

Incorrect use of privileged APIs to steal victim's account

Description When user can edit their profile -- Incorrect use of privileged APIs to steal victim's account Proof of Concept 1. Login with hacker's account, get the request when edit profile 2. Replace the endpoint and email with victim's one 3. Send the request. POC video:...

7.5CVSS1.9AI score0.02975EPSS
Exploits1
Huntr
Huntr
•added 2022/06/06 4:9 p.m.•186 views

Bypass to Remote Command Execution in uploading repository file

Description I find a bypass for CVE-2022-0415 and previous fixs. In the fix of CVE-2022-0415, gogs filter /.git/ by strings.HasSuffix and strings.Contains. However, use /.Git/ can bypass this and upload successfully Proof of Concept Create a repository in Gogs, upload a file config to the...

7.5CVSS8.6AI score0.97839EPSS
Exploits2
Huntr
Huntr
•added 2022/06/06 11:9 a.m.•178 views

Regular Expression Denial of Service (ReDoS)

Description Affected versions of the package are vulnerable to Regular Expression Denial of Service ReDoS attacks for any string input controlled by the user. An attacker can provide a specially crafted input to the default function moment, which nearly matches the pattern being matched. This wil...

5CVSS3AI score0.04923EPSS
Exploits1
Huntr
Huntr
•added 2022/06/05 10:24 a.m.•16 views

buffer size confusion

Description an attempt to write 2000 into a buffer of 10 bytes, while SSLread does not add a zero at the end. Proof of Concept cpp define BUFFSIZE 2000 ... char buf10; SSLreadssl,buf,BUFFSIZE; int virtualIP = atoibuf;...

1.6AI score
Exploits0
Huntr
Huntr
•added 2022/06/04 8:22 p.m.•8 views

Failure to strip Authentication header on HTTP downgrade

The Guzzle redirect middleware fails to strip the Authorization header when a redirect downgrades from https to http. The middleware currently only checks if the host has changed...

0.5AI score
Exploits0
Huntr
Huntr
•added 2022/06/04 1:3 p.m.•38 views

Cross-site scripting - Reflected XSS caused by error logs in neorazorx/facturascripts

Description There are two fields that can insert the XSS payload by the error log. 1. http://127.0.0.1/facturascripts/EditBalance, the codbalance field 2. http://127.0.0.1/facturascripts/EditSettings, the tipoidfiscal field in Fiscal Id Both fields require 1 and 25 numbers or letters, no spaces,...

3.5CVSS0.3AI score0.00643EPSS
Exploits1
Huntr
Huntr
•added 2022/06/04 11:47 a.m.•24 views

Contextual Code Execution

Description The main function uses the eval function which can lead to contextual code execution, allowing an attacker to gain access to a system and execute commands with the privileges of the running program by setting NUITKAPYTHONPATH, NUITKANAMESPACES or NUITKAPTHIMPORTED to a malicious paylo...

7.2CVSS3.6AI score0.00965EPSS
Exploits2References1
Huntr
Huntr
•added 2022/06/04 8:32 a.m.•23 views

Stored XSS in Task field

Description The application Titra is vulnerable to Stored XSS in Task field. Steps To Reproduce 1. Click on add Track button 2. In the Task field enter the payload " 3. click save 4. Now Click on Details 5. XSS will be triggered Image PoC...

3.5CVSS0.2AI score0.00674EPSS
Exploits1
Huntr
Huntr
•added 2022/06/04 8:22 a.m.•22 views

Stored XSS in Project Name

Description The application Titra is vulnerable to Stored XSS in Project name field. Steps To Reproduce 1. Click on Edit button 2. Under the Project Name enter the paylaod " 3. Click on save. 4. Now navigate to details the XSS will be triggered. Image PoC...

3.5CVSS0.1AI score0.00674EPSS
Exploits1
Huntr
Huntr
•added 2022/06/03 6:51 p.m.•26 views

Insufficient Session Expiration

Description The application NocoDB failed to invalidate the session after changing the password and In this scenario changing the password doesn't destroy the other sessions which are logged in with old passwords. Proof of Concept Login same account in two different browsers. Try to change the...

6.5CVSS8.8AI score0.02432EPSS
Exploits2References1
Huntr
Huntr
•added 2022/06/03 6:32 p.m.•28 views

Account takeover due to stored XSS in "Project Title"

Description The Project "Title" of the NocoDB application is vulnerable to stored xss which can leads to admin account takeover. Proof of Concept Login with low privileged users and Click on "New Project" then click on "Create" Now write the payload and again click on "Create" Then login from sup...

3.5CVSS0.6AI score0.00772EPSS
Exploits1
Huntr
Huntr
•added 2022/06/03 4:20 p.m.•31 views

Out-of-bounds write in function append_command

Description Out-of-bounds write in function appendcommand at exdocmd.c:3447 vim version git log commit bfaa24f95343af9c058696644375d04e660f1b00 HEAD - master, tag: v8.2.5052, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocobw6s.dat -c :qa!...

6.8CVSS7.7AI score0.01527EPSS
Exploits1
Huntr
Huntr
•added 2022/06/03 12:37 p.m.•33 views

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File

Description Formula Injection/CSV Injection in "Task" due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept 1. Click on plus track button 2. Under the task input field enter the payloads =1+1 3. Now enter the work hour as 2 4. Then click on save 5. Now go to details and...

3.5CVSS0.5AI score0.0234EPSS
Exploits2References1
Huntr
Huntr
•added 2022/06/03 12:15 p.m.•33 views

Stored XSS in Name

Description The application Titra is vulnerable to Stored XSS in user's name field. Proof of Concept Go to profile and under the name put the payload " Video POC: https://drive.google.com/file/d/1MHPloy-i2hsxaLuuVn46oUZVpFm6Nywf/view?usp=sharing...

3.5CVSS0.00674EPSS
Exploits1
Huntr
Huntr
•added 2022/06/03 11:30 a.m.•25 views

Bypass filter - Stored XSS in Resources

Description Website does incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. This fix for this bug https://huntr.dev/bounties/dcf87c0b-6188-4817-8798-ef1e2581b15a/ can be bypassed using bellow payload...

3.5CVSS5.7AI score0.00643EPSS
Exploits1
Huntr
Huntr
•added 2022/06/02 11:28 p.m.•32 views

Path Traversal vulnerability on the endpoint '/info/refs'

Summary It seems "gogs" suffers from a Path Traversal which may lead a malicious user to access another legitimate user's git config files or issue a couple of git commands on its behalf. Steps to reproduce and Proof of Concept 1. I created two users sim4n6 and sim4n62. 2. From sim4n6 dashboard...

5.5CVSS8.2AI score0.51136EPSS
Exploits1
Huntr
Huntr
•added 2022/06/02 4:34 p.m.•29 views

Unrestricted Upload of File with any dangerous extension

Description Unrestricted Upload of File with any extension Proof of Concept 1. Create a ticket 2. Upload a file with any dangerous extension 3. Intercept the request in Burp Suite, replace the Content-Type with image/jpeg POC video:...

7.5CVSS0.4AI score0.02649EPSS
Exploits1
Huntr
Huntr
•added 2022/06/02 2:36 p.m.•22 views

Path traversal leads to arbitrary file deletions and file writes

Description Deploy and run gogs in Windows. Proof of Concept 1.Create a repository in Gogs, upload a file named test to the repository on the web page, The content of the file is as follows: xml 1111 2.The attacker can remove any files. http request: POST...

6.4CVSS0.3AI score0.02251EPSS
Exploits1
Huntr
Huntr
•added 2022/06/02 9:45 a.m.•12 views

Stored XSS in Resources

Description Website does incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Steps to reproduce it works on Firefox not in chromium based browsers 1.Go to https://www.rosariosis.org/demonstration/ and login with...

6.9AI score
Exploits0
Huntr
Huntr
•added 2022/06/01 4:19 p.m.•10 views

Path Traversal via Files Manager

Description Please enter a description of the vulnerability. Steps to reproduce 1.Login to admin panel and go to Modules - Files http://localhost/microweber/admin/view:modules/loadmodule:files 2.Click any file, the url will have the following format:...

0.6AI score
Exploits0
Huntr
Huntr
•added 2022/06/01 1:54 p.m.•15 views

OS Command Injection

Description A OS Command Injection in rancher continuous delivery panel, add repository function Proof of Concept first install a rancher in docker and login. Go to continuous delivery panel and click add repository button.\ set repository url as --upload-pack=$touch /tmp/poc, and click Create...

1.2AI score
Exploits0
Huntr
Huntr
•added 2022/06/01 8:6 a.m.•20 views

Weak Password Requirements

Description Weak password policy leads to successful bruteforce attack Steps to reproduce 1.Go to http://localhost:8083/login and login with default credentials admin/admin123 2.Go to http://localhost:8083/me and change password to 123 3. Noticed that password has been changed successful...

7.5CVSS9.2AI score0.00742EPSS
Exploits1
Huntr
Huntr
•added 2022/06/01 6:43 a.m.•93 views

OS Command Injection in file editor

Description Deploy and run gogs. Proof of Concept 1. Create a repository and upload a file named config to the repository repo6. The content of the file is as follows: xml core repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true ignorecase = true precomposeunicode =...

7.5CVSS0.5AI score0.04483EPSS
Exploits1
Huntr
Huntr
•added 2022/06/01 5:25 a.m.•15 views

Improper Restriction of Excessive Authentication Attempts in login feature

Description No rate limiting in login form leads to bruteforce attack Steps to reproduce 1.Go to http://localhost:/login 2.Login with wrong credentials 3.Capture POST request with Burp Suite and Send to Intruder 4.Create 100 null payloads and start attack 5.Noticed that all request return 200...

7.5CVSS9.2AI score0.00762EPSS
Exploits1
Huntr
Huntr
•added 2022/05/31 7:14 p.m.•6 views

Cross site script

Description 1.Create a new recipe. 2.Edit this recipe and add this payload 3.Save the recipe and reload the recipe page...

0.9AI score
Exploits0
Huntr
Huntr
•added 2022/05/31 12:15 p.m.•10 views

classic overflow on the stack, with the ability to intercept control.

Description if arguments longer than 1024 were passed to program iusql, we get a classic stack overflow. Proof of Concept I removed the docking check to reduce POC, this check did not show overflow protection git clone https://github.com/lurcher/unixODBC.git 123 sed -i 's/^.if .phEnv, phDbc !=...

0.3AI score
Exploits0
Huntr
Huntr
•added 2022/05/31 4:17 a.m.•17 views

Cross-site Scripting (XSS) - Stored

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. Proof of Concept 1.Access demo website https://demo.syspass.org and login with an account. 2.Create new account, in URL/IP field - input https://google.com"...

0.2AI score
Exploits0
Huntr
Huntr
•added 2022/05/30 5:22 p.m.•33 views

Use After Free in function utf_ptr2char

Description Use After Free in function utfptr2char at mbyte.c:1794 vim version git log commit be99042b03edf7b8156c9adbc23516bfcf2cec0f HEAD - master, tag: v8.2.5044, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pochuaf2s.dat -c :qa!...

6.8CVSS7.8AI score0.01419EPSS
Exploits1
Huntr
Huntr
•added 2022/05/30 6:54 a.m.•30 views

Refelect XSS in neorazorx/facturascripts

Description /facturascripts/EditCuenta can input the taint data without sanitization by the parameter description Proof of Concept POST /facturascripts/EditCuenta HTTP/1.1 Host: 127.0.0.1 Content-Length: 1115 Cache-Control: max-age=0 sec-ch-ua: "NotA:Brand";v="8", "Chromium";v="101"...

4.3CVSS0.7AI score0.00729EPSS
Exploits1
Huntr
Huntr
•added 2022/05/29 8:32 p.m.•10 views

Server side request forgery lead to denial of service

Description In this case if a attacker try to load a huge file then server will try to load the file and eventually server use its all memory which will dos the server Proof of Concept 1.Goto...

0.4AI score
Exploits0
Total number of security vulnerabilities4072