Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/05/27 5:8 p.m.24 views

Use-After-Free in function hash_new_from_values

Description Use-After-Free in function hashnewfromvalues at vm.c:1167 mruby version git log commit ac79849fde3381e001c3274fbcdda20a5c9cb22b HEAD - master, origin/master, origin/HEAD Author: Yukihiro "Matz" Matsumoto Date: Fri May 20 09:59:23 2022 +0900 Build export CFLAGS="-g -O0 -lpthread...

4.6CVSS6.2AI score0.00398EPSS
Exploits1
Huntr
Huntr
added 2022/05/27 1:18 a.m.31 views

Local Command Injection Post-Installation of Dependencies

Description grav version x";touch pwned "/user/plugins/problems sh: 1: cd: can't cd to x SUCCESS cloned https://github.com/getgrav/grav-plugin-error - x";touch pwned "/user/plugins/error sh: 1: cd: can't cd to x SUCCESS cloned https://github.com/getgrav/grav-plugin-markdown-notices - x";touch pwn...

7.5AI score
Exploits0
Huntr
Huntr
added 2022/05/26 5:50 p.m.12 views

SQL injection at exportUsers function

Description SQL injection at exportUsers function via sort query parameter Proof of Concept GET /index.php?q=/api/leadmall/statistical&behavior=exportGoods&sort="updatexmlrand,concatCHAR126,version,CHAR126,null--+-":"asd" HTTP/1.1 Host: demo.leadshop.vip Cookie:...

7.4AI score
Exploits0References1
Huntr
Huntr
added 2022/05/26 4:55 p.m.17 views

Server-Side Request Forgery via upload image gallery

Description Upload image to gallery, the server use filegetcontents function to load image via data scheme url, so attacker can modify this url to any URL like http to send ability request to any URL , and file to read local file, ... Proof of Concept POST /index.php?q=/api/leadmall/gallery...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2022/05/25 5:22 p.m.11 views

proxying Big files leads to potential DOS [/proxy]

Description consider following script and put drawiodockerinstace your address and also bigfileaddress should be serve a big image file 250 MB exploit.py python from multiprocessing import Process import requests def fun: try:...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/05/25 5:14 p.m.13 views

Unvalidated Follow redirects

Description There is some kind of vulnerability class in the following redirect feature, And Guzzle is also affected by this kind of vulnerability. If the developer wants to get a URL from a third-party host and the third-party URL is also redirected to another URL, then the first crafted cookies...

Exploits0
Huntr
Huntr
added 2022/05/25 2:44 p.m.32 views

Heap-based Buffer Overflow in function vim_regsub_both

Description Heap-based Buffer Overflow in function vimregsubboth at regexp.c:1954 vim version git log commit 4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 HEAD - master, tag: v8.2.5037, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pocobw5s.dat -...

6.8CVSS7.7AI score0.01559EPSS
Exploits1
Huntr
Huntr
added 2022/05/25 2:18 p.m.43 views

Out-of-bounds write in function vim_regsub_both

Description Out-of-bounds write in function vimregsubboth at regexp.c:1954 vim version git log commit 4c3d21acaa09d929e6afe10288babe1d0af3de35 HEAD - master, tag: v8.2.5014, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pocobw2s.dat -c :qa!...

6.8CVSS7.8AI score0.01474EPSS
Exploits1
Huntr
Huntr
added 2022/05/25 12:55 p.m.21 views

Out of Bounds Read in string_scan_range

Description When providing crafted input, an attacker can cause rread32 within stringscanrange to do an out of bounds read. This causes a segmentation fault, but could also potentially enable information disclosure. What's interesting is there is already a comment stating "may oobread" near this...

6.4CVSS8.1AI score0.01383EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/25 8:51 a.m.34 views

Use After Free in function find_pattern_in_path

Description Use After Free in function findpatterninpath at search.c:3653 vim version git log commit 4c3d21acaa09d929e6afe10288babe1d0af3de35 HEAD - master, tag: v8.2.5014, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch16s.dat -c :qa!...

6.8CVSS7.8AI score0.01406EPSS
Exploits1
Huntr
Huntr
added 2022/05/25 7:40 a.m.21 views

Incorrect Behavior Make Crash and Can not Access Account

Description Incorrect Behavior Make Crash and Can not Access Account Proof of Concept 1. Send a test message and get the request, send it to Repeater 2. Replace the value of owner and cId with the id of two victims 3. Send the request...

4CVSS2.4AI score0.01176EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/25 7:23 a.m.13 views

Null pointer dereference at chafa-pixops.c:95

Description Null pointer dereference in hpjansson/chafa at chafa-pixops.c:95. Build export CFLAGS="-g -O0 -lpthread -fsanitize=address" export CXXFLAGS="-g -O0 -lpthread -fsanitize=address" export LDFLAGS="-fsanitize=address" ./autogen.sh ./configure --disable-shared make POC ./chafa POC POC ASAN...

7AI score
Exploits0References1
Huntr
Huntr
added 2022/05/25 7:5 a.m.12 views

Null pointer dereference in index.c

Description Null pointer dereference in bfabiszewski/libmobi at index.c:1076. Build export CFLAGS="-g -O0 -lpthread -fsanitize=address" export CXXFLAGS="-g -O0 -lpthread -fsanitize=address" export LDFLAGS="-fsanitize=address" ./autogen.sh ./configure --disable-shared make POC ./mobitool -e -o...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2022/05/24 3:51 p.m.21 views

proxying Big files leads to potential DOS

Description consider following script exploit.py put drawiodockerinstace your address and also bigfileaddress should be serve a big image file 250 MB python from multiprocessing import Process import requests def fun: try:...

5CVSS6.2AI score0.00969EPSS
Exploits1
Huntr
Huntr
added 2022/05/24 3:42 p.m.23 views

Stored XSS in "Tab Image" and "Group Image"

Description The organizr application allows malicious javascript payload in the "Tab Image" and "Group Image" for which its leads to stored XSS. Proof of Concept 1 1.Login to the co-admin account and go to "Settings" - "Tab Editor". 2.Now click on "Tabs" - "Add New Tab" and filled all the details...

3.5CVSS5.8AI score0.00653EPSS
Exploits1
Huntr
Huntr
added 2022/05/24 2:39 p.m.27 views

Send messenger to another user with any sender account

Description Send messenger to another user with any sender account Proof of Concept 1. Login with account A. 2. When click to the message box of the user Victim X we have the id of this message page in URL, such as https://docker.trudesk.io/messages/628ceabe32b93e62146a7d75 is the URL of message ...

5.5CVSS0.01953EPSS
Exploits1References2
Huntr
Huntr
added 2022/05/24 2:0 p.m.39 views

Session tokens are not invalidated on logout

Description The session cookie is not invalidated on logout so, it can be used after logout as well. Proof of Concept Login to the Nakama console. Intercept the request. Below is a sample request: http GET /v2/console/user HTTP/1.1 Host: localhost:7351 Accept: application/json, text/plain, /...

5CVSS0.1AI score0.00818EPSS
Exploits1
Huntr
Huntr
added 2022/05/24 11:42 a.m.13 views

SQL Injection

Description A SQL Injection in rqlite store Proof of Concept use example code go package main import "io" "log" "net/http" "github.com/alexedwards/scs/rqlitestore" "github.com/alexedwards/scs/v2" "github.com/rqlite/gorqlite" var sessionManager scs.SessionManager func main // Establish connection ...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/05/24 11:0 a.m.7 views

User Account Deletion and more via Clickjacking

Description As nakama console is not restricted from being loaded in an iframe, clickjacking attack is possible. Proof of Concept 1. Login to nakama console. 2. Save the following as an .html file and open it in the browser to see that the page loads into an iframe. html :"...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/05/24 9:52 a.m.29 views

No Protection against Bruteforce attacks on Login page

Description Nakama Console does not have any limit for the number of unsuccessful login attempts in a very short period of time. Proof of Concept 1. Send a login request. 2. Capture the login request 3. Replay the login request with different password value. HTTP request http POST...

5CVSS8.7AI score0.01468EPSS
Exploits1
Huntr
Huntr
added 2022/05/23 8:43 p.m.9 views

Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept - it works on firefox not in chromium based browsers - login as admin - go to...

7AI score
Exploits0References1
Huntr
Huntr
added 2022/05/23 4:16 p.m.33 views

Meta Data Is Not Stripped From images

Hey team, while uploading site/page logo as an administrator, The meta data of the image like geolocation, device information, version, name etc is not getting stripped, as a result the attacker can collect all the meta data information of the image by using tools like exif tool, metadata...

5CVSS0.1AI score0.00788EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/23 11:25 a.m.18 views

Improper Restriction of Excessive Authentication Attempts in login feature

Description No rate-limiting leads to bruteforce attack in login feature Steps to reproduce 1.Go to https://www.rosariosis.org/demonstration/ 2.Login with any username and password 3.Using Burp and send login POST request to Intruder 4.Create 30 null payloads and start attack 5.Login with correct...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/05/23 4:14 a.m.36 views

Out-of-bounds read in function gchar_cursor

Description Out-of-bounds read in function gcharcursor at misc1.c:532 vim version git log commit 68e64d2c1735f2a39afa8a0475ae29bedb116684 HEAD - master, tag: v8.2.5006, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch11s.dat -c :qa!...

6.8CVSS7.7AI score0.0157EPSS
Exploits1
Huntr
Huntr
added 2022/05/23 3:52 a.m.30 views

Heap-based Buffer Overflow in function utf_head_off

Description Heap-based Buffer Overflow in function utfheadoff at mbyte.c:3872 vim Version git log commit 68e64d2c1735f2a39afa8a0475ae29bedb116684 HEAD - master, tag: v8.2.5006, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S poch6s.dat -c :qa!...

6.8CVSS7.2AI score0.01315EPSS
Exploits1
Huntr
Huntr
added 2022/05/22 8:56 p.m.24 views

Session Fixation

🔒️ Requirements None. 📝 Description The updateUser function does not reset user's session. 🕵️‍♂️ Proof of Concept Use two browsers and on the first, update the second user's session to delete his privileges. Going to the second, you and refreshing the page, you will that the user have lost his...

5.5CVSS2.2AI score0.00671EPSS
Exploits1
Huntr
Huntr
added 2022/05/22 8:47 p.m.25 views

The publify application allows large characters to insert in the input field "title name and post field" on the article field which can allow attackers to cause a Denial of Service (DoS)

Description Please enter a description of the vulnerability. Proof of Concept 1 - Create New article https://demo-publify.herokuapp.com/admin/content/new 2 - Fill the title name and post field with huge characters, more than 1 lakh Copy the below payload and put it in the input fields and click o...

7.5CVSS8.9AI score0.00909EPSS
Exploits1
Huntr
Huntr
added 2022/05/22 8:23 p.m.19 views

Weak Password Policy

Description I would like to let you know about the password management issue. Proof of Concept 1- Go to your Profile or https://demo-publify.herokuapp.com 2- Give a password as simple as 12345678. You can see you will be password has been changed and there is no strong enforcement...

4CVSS6.4AI score0.007EPSS
Exploits0References1
Huntr
Huntr
added 2022/05/22 8:12 p.m.26 views

Metadata Is Not Stripped From Images

While uploading an image on https://demo-publify.herokuapp.com/admin/resources as a low privileged user the meta data of the image like geolocation, device information, version, name etc is not getting stripped, as a result the attacker can collect all the meta data information of the image by...

4CVSS0.00562EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/22 8:5 p.m.21 views

Path Traversal

🔒️ Requirements Privilege: User 📝 Description File path isn't properly sanitized and allow ... 🕵️‍♂️ Proof of Concept Listing other user folder content First, create a user with Read privilege and with specific home folder like /test. Then, Connect to his account and access the home page...

5.5CVSS0.3AI score0.00953EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/22 7:58 p.m.12 views

Subdomain Takeover of https://test.diagrams.net/

First of all, I apologize for reporting it here because I noticed that they have a program with huntr but only for DrawIO source code. Since I discovered this vulnerability I decided to ethically disclose it here instead of leaving it vulnerable. I found a subdomain of diagrams.net that was...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/05/22 10:3 a.m.9 views

Improper privilege management - Anyone can view room settings.

Description Hi bigbluebutton maintainers, I would like to report an improper privilege management, this allows anyone to view any room settings. Proof of Concept 1. To demonstrate the vulnerability, I've created a room https://demo.bigbluebutton.org/gl/hoa-j4s-sxx-5gn 2. Run this curl command to...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/05/22 3:6 a.m.32 views

Buffer Over-read in function utf_ptr2char

Description Buffer Over-read in function utfptr2char at mbyte.c:1794 vim version git log commit 31d9948e3a2529c2f619d56bdb48291dc261233d HEAD - master, tag: v8.2.5026, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch10ns.dat -c :qa!...

6.8CVSS7.8AI score0.02481EPSS
Exploits3References2
Huntr
Huntr
added 2022/05/21 6:40 p.m.11 views

Cross-site Scripting (XSS) - Reflected

Description I find Relected XSS in search function. Proof of Concept 1.Login with admin or teacher account 2.Access this url:...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2022/05/21 2:15 p.m.30 views

Use of Uninitialized Function Pointer

Description When providing a crafted input binary to radare2, the context-readaddr function pointer is never initialized before use. This is due to the switch statement responsible for the assignment not finding a matching value for its switch cases. Calling function c static bool...

6.8CVSS7.4AI score0.00855EPSS
Exploits1
Huntr
Huntr
added 2022/05/21 11:53 a.m.12 views

categoly Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept 1. Create new user,add category and add XSS payload" onClick="alert1" 2. Search user. 3. Click...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/05/20 5:41 p.m.42 views

SSRF in /service endpoint

Description The problem came from this line of code I ran docker-drawio with following command : docker run -it --rm --name="draw" -e EXPORTURL=http://somesite.com -p 8080:8080 -p 8443:8443 jgraph/drawio if the drawio EXPORTURL is set to an address without any / after the primary Hostname like...

5CVSS6.4AI score0.05704EPSS
Exploits1
Huntr
Huntr
added 2022/05/20 2:52 p.m.5 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept Go to this URL:...

0.7AI score
Exploits0References2
Huntr
Huntr
added 2022/05/20 2:27 p.m.7 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept Go to this URL:...

0.7AI score
Exploits0References2
Huntr
Huntr
added 2022/05/20 6:32 a.m.34 views

Allocation of Resources Without Limits in

Steps to reproduce: 1. As an admin, start a new conversation with any membernormal user 2. If the membernormal user reply with a text of huge characters, more than crores, etcthe admin may not able to access the dash board and its get started lagging, because the server get DOS POC Screenshot: PO...

4CVSS0.00919EPSS
Exploits1
Huntr
Huntr
added 2022/05/20 12:29 a.m.21 views

Improper Access Control - Articles

Description A low-privileged user can modify and delete admin articles just by changing the value of the articleid parameter. Proof of Concept - Step 1 - Authenticated as an unprivileged user, create a New article - Step 2 - Click Edit article - Step 3 - Intercept requests and Save your article -...

4CVSS0.00786EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/19 11:52 p.m.38 views

Bypass Restriction and File Upload Leads to XSS Stored - TXT to HTML

Description Unrestricted file upload allowed the attacker to manipulate the request and bypass the protection of HTML files using a text file, XSS Stored was obtained when uploading the HTML file. Proof of Concept POST /admin/resources/upload HTTP/1.1 Host: demo-publify.herokuapp.com Cookie:...

3.5CVSS5.5AI score0.00715EPSS
Exploits1References3
Huntr
Huntr
added 2022/05/19 8:10 p.m.39 views

SQL injetction

Description SQL injection exists in the camptocamp/terraboard. Among all APIs there is an API routed to /api/search/attribute, whose corresponding method is api.SearchAttribute. In the api.SearchAttribute method, the program takes the request parameters and passes them into the db.SearchAttribute...

6.5CVSS0.1AI score0.0642EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/19 6:42 p.m.34 views

Account Takeover

Description Hi I found a way to takeover user's account Proof of Concept 1.Victim A is a member of a organization orgA 2.Attacker create a new account with orgB 3.Invite victimA to orgB 4.Since an admin can access invitation link attacker copy this link and set new password using this link 5.Now...

6CVSS0.6AI score0.01081EPSS
Exploits1
Huntr
Huntr
added 2022/05/19 4:12 p.m.4 views

Denial of Service on embed2 servlet

Description The application stores a 5MB file in a hashmap variable using a user input as a key, with a large number of requests its possible to increase the memory usage of the application and deny the access to embed2.js stencils resource Proof of Concept import requests...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/05/18 8:32 p.m.30 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept 1. Go to this URL:...

4.9CVSS0.6AI score0.01526EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/18 2:6 p.m.27 views

Business Logic error lead to race condition

Description I have found Business logic Bug in para application free User can create more than 1 app even after App limit reached Proof of Concept 1 - Go to https://paraio.com/apps 2 - Create a new app 3- Enter the name of app 4- Intercept the request in burp suite and send into intruder and sele...

4.3CVSS5.6AI score0.0096EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/18 12:23 p.m.28 views

Server Side Request Forgery

Description There are two SSRF's in the draw-image-export2 repository, both work on the domain convert.diagrams.net One is a Blind SSRF the other one a Full Response SSRF. Blind SSRF The first one is simple and can be invoked by accessing the following URL:...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/05/18 9:51 a.m.10 views

Cross Site Request Forgery in acknowledging Toast

Description Hi there linkding maintainers, I would like to report a Cross site request forgery in acknowledging toast. This is due to the use of GET method. Proof of Concept 1. Install a local instance of linkding 2. Create admin user admin 3. Log in as admin and create a new toast 4. Go back to...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/05/18 8:16 a.m.10 views

xss bypass

Description xss check bypassed Proof of Concept The fix for this bug https://huntr.dev/bounties/2adf903d-cab1-4ca8-8236-b6315f0fdaba/ can be bypassed using bellow payload jAvAsCriPt://sadas.com/%0aalert11;//...

0.2AI score
Exploits0
Total number of security vulnerabilities4072