Lucene search
K

4072 matches found

Huntr
Huntr
•added 2022/05/11 10:22 a.m.•18 views

Stored XSS in application name.

Description Hi there, there is a stored XSS in Oauth application name. Proof of Concept 1. Install a local instance of Autolab. 2. Go to /oauth/applications and create a new application with name . 3. Click on Authorize and see that a pop up appears with user's cookies. Link to POC...

0.2AI score
Exploits0
Huntr
Huntr
•added 2022/05/11 8:23 a.m.•9 views

Stored XSS due to the setting text/xml mime type for xml files

Description Hi, The patch for the previous XSS vulnerability Cross-site scripting - Reflected via upload .xml file looks incomplete. It just will set the mime type to text/xml for XML files to avoid XSS, However, this one can be also used to perform XSS too. Since an XML file can contain HTML...

5.8AI score
Exploits0
Huntr
Huntr
•added 2022/05/10 9:18 a.m.•29 views

Cross-site Scripting (XSS) - Stored

Description openemr / openemr is vulnerable to Cross-site Scripting XSS - Stored Proof of Concept // Poc alertdocument.cookie steps to reproduce: 1 login open emr patient portal https://demo.openemr.io/openemr/portal/index.php 2 goto my profile in https://demo.openemr.io/openemr/portal/home.php...

4.9CVSS5.5AI score0.00537EPSS
Exploits1
Huntr
Huntr
•added 2022/05/10 3:10 a.m.•15 views

Cross-site Scripting (XSS) in Search Fuction with filter

Description The is an XSS could be trigger via search function in number filter. Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of...

2.9AI score
Exploits0
Huntr
Huntr
•added 2022/05/09 1:8 p.m.•9 views

Set cookie for different domain

Description It is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header. Proof of Concept php true; $client-request"GET", "https://.free.beeceptor.com/setcookie"; $cookies = $client-getConfig'cookies'-toArray; printr$cookies; ? You can us...

0.5AI score
Exploits0References1
Huntr
Huntr
•added 2022/05/09 11:51 a.m.•28 views

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733

Description NULL Pointer Dereference in function vimregexecstring at regexp.c:2733 allows attackers to cause a denial of service application crash via a crafted input. vim version git log commit b370771bffc8395204f53209b69e35dff95a9237 HEAD - master, tag: v8.2.4922, origin/master, origin/HEAD POC...

4.3CVSS1.7AI score0.0149EPSS
Exploits1
Huntr
Huntr
•added 2022/05/09 10:37 a.m.•9 views

Reflected Cross site scripting

Description When a user add new product with a supplier, supplier reference field is responsible to rxss Proof of Concept 1. Navigate to http://localhost/invoices/EditProducto?code=1&action=save-ok and goto supplier tab 2. Click on Add and in "Supplier reference" field add hey...

Exploits0
Huntr
Huntr
•added 2022/05/09 10:4 a.m.•24 views

Account Takeover

Description Hi there i found that forget password functionality can be manipulated and this lead to account takeover. So even if an attacker can takeover low access user to admin accounts. In this bug server is vulnerable to php type juggling attack Proof of Concept 1. While registering app for...

7.5CVSS1.5AI score0.01329EPSS
Exploits1
Huntr
Huntr
•added 2022/05/09 9:43 a.m.•8 views

Stored Xss

Description Hi i found stored xss due to website field Proof of Concept 1. Create a new non-admin account 2. Login and goto http://localhost/invoices/EditAgenciaTransporte add new user with website link to "javascript:confirmdocument.domain" 3. Save user and navigate to http://localhost/invoices/...

6.8AI score
Exploits0
Huntr
Huntr
•added 2022/05/09 7:21 a.m.•32 views

Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2

This vulnerability is of type heap-buffer-overflow. And after quick investigation I think it is very likely to be successfully exploited to remote code execution. The bug exists in latest stable release radare2-5.6.8 and lastest master branch 5a9e0a19ba07e35382776fed9da2649ac824f526, updated in M...

4.3CVSS0.3AI score0.00681EPSS
Exploits1References1
Huntr
Huntr
•added 2022/05/09 2:9 a.m.•11 views

Cross-site Scripting (XSS) - Reflected

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept 1.Login as admin administrator / administrator. 2.Access this URL...

1AI score
Exploits0References1
Huntr
Huntr
•added 2022/05/08 1:8 p.m.•9 views

Google Storage Bucket Takeover which is getting used in github repository "github.com/wardviaene/kubernetes-course"

Description wardviaene have a opensource project for kubernetes-course In the project, there is a README file which is contains installation instruction of helm. Those instructions are suggesting to download helm binary from a google bucket which was not registered on GCP. So I was able to takeov...

Exploits0References2
Huntr
Huntr
•added 2022/05/08 10:5 a.m.•27 views

Authentication Bypass Using an Alternate Path or Channel

Steps to reproduce 1. 1. Log into Administrator account 2. 2. Navigate to User section 3. 3. Create a new User, call it testUser pass is 12345678 4. 4. Navigate to Groups section and create a new group, call it testGroup 5. 5. Give a "manage:group" permission for testGroup and assign testUser...

9CVSS6.9AI score0.01801EPSS
Exploits1
Huntr
Huntr
•added 2022/05/08 8:58 a.m.•20 views

Reflected Xss using url based payload

Description Hi there i found that url parameter is not verified by server so an attacker can use javascript schema to run xss on user's browser Proof of Concept 1. Visit this page http://localhost/invoices/EditPageOption?code=ListProducto-new&url=javascript:prompt2 2. Click on back button PoC:-...

4.3CVSS0.00709EPSS
Exploits1
Huntr
Huntr
•added 2022/05/08 4:1 a.m.•41 views

Buffer Over-read in function find_next_quote

Description Buffer Over-read in function findnextquote at textobject.c:1663 POC ./vim -u NONE -X -Z -e -s -S ./poch4s.dat -c :qa! ================================================================= ==1740874==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000741a at pc 0x0000010f50...

6.8CVSS7AI score0.01864EPSS
Exploits1
Huntr
Huntr
•added 2022/05/08 3:52 a.m.•33 views

Heap-based Buffer Overflow in function skip_string

Description Heap-based Buffer Overflow in function skipstring at cindent.c:92 vim version git log commit 5a8fad32ea9c075f045b37d6c7739891d458f82b HEAD - master, tag: v8.2.4962, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch7s.dat -c :qa!...

4.6CVSS7AI score0.00599EPSS
Exploits1
Huntr
Huntr
•added 2022/05/08 3:16 a.m.•23 views

Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Add Item,And name is payload alertlocation...

4.9CVSS0.9AI score0.00531EPSS
Exploits1
Huntr
Huntr
•added 2022/05/07 8:17 p.m.•13 views

Authenticated RCE through /admin/settings/email endpoint

Description Craftcms is vulnerable to Command Injection on the email settings, on the /admin/settings/email endpoint. An attacker can send a POST request with a specially crafted transportTypescraft\mail\transportadapters\Sendmailcommand= parameter to inject arbitrary commands that will be execut...

1AI score
Exploits0
Huntr
Huntr
•added 2022/05/07 8:49 a.m.•18 views

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File

Description Formula Injection/CSV Injection in "For what?" , "For whom?" & "How much?" due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept 1.Visit https://ihatemoney.org/ and start your demo application then click on add new bill at the top right. In the field of "wha...

7.4AI score0.0121EPSS
Exploits1References2
Huntr
Huntr
•added 2022/05/06 2:2 p.m.•42 views

Stored xss bug

Description stored xss bug Proof of Concept I created a repository on try.gitea.io and uploaded a pdf file containing xss vector. https://try.gitea.io/cokeBeer/test/src/branch/main/poc.pdf Just click the "Raw" button The xss vector will be triggered Fix Suggestion prohibit viewing pdf directly by...

3.5CVSS0.4AI score0.00751EPSS
Exploits1References1
Huntr
Huntr
•added 2022/05/06 9:9 a.m.•13 views

Html Injection

Description https://app.diagrams.net/ is vulnerable to html Injection by uploading a html file Proof of Concept 1. Goto https://app.diagrams.net/ and create a new html file with form field's and add this file in project 2. Now goto fileembedhtml and click on create after that click on preview pag...

7.5AI score
Exploits0
Huntr
Huntr
•added 2022/05/06 2:45 a.m.•5 views

0 quantity orders are allowed

Description In the case of commodity purchases, the quantity is 0. Orders should not be allowed to be created, consuming meaningless resource behavior, and the order quantity should always be =1 Proof of Concept...

3AI score
Exploits0
Huntr
Huntr
•added 2022/05/06 2:9 a.m.•26 views

Reflected XSS on ticket filter function

Description Ticket management filter in Trudesk v1.2.0 allow user to perform XSS due to improper validation on filter attribute such as "status", "ticket type", "assignee" and etc. Proof of Concept 1 Login to Trudesk with role user privilege 2 Tickets - Filter ticket 3 Filter for ticket status po...

4.9CVSS0.5AI score0.00688EPSS
Exploits1
Huntr
Huntr
•added 2022/05/05 11:57 p.m.•44 views

Users Account Pre-Takeover or Users Account Takeover.

Team, May you all be well on your side of the screen. : While Doing some research on the https://microweber.org, I was able to find a Pre-Account Takeover vulnerability. Kindly check the proof of concept video & reproduction steps for better understanding. Proof of concept: I have uploaded the bo...

6.8CVSS0.7AI score0.08958EPSS
Exploits4
Huntr
Huntr
•added 2022/05/05 8:34 p.m.•10 views

Cross site scripting

Description 1. Login as teacher 2.Create a new assignment at https://www.rosariosis.org/demonstration/Modules.php?modname=Grades/Assignments.php&assignmenttypeid=3&assignmentid=new 3. Add this payload in discription 4. Save this assigment 5. You will see a prompt...

Exploits0
Huntr
Huntr
•added 2022/05/05 6:47 p.m.•17 views

RCE due to a dependency confusion

Description Hi team, I hope you are well. I found a dependency confusion vulnerability in this repo. When I analyzed your repo, I found a Makefile which install a dependency : https://github.com/bits-and-blooms/bloom/blob/25ba46ef8744ddeba999dcd048dbb8b0fa87edb3/MakefileL188 go get...

4.4CVSS7.3AI score0.00403EPSS
Exploits1References4
Huntr
Huntr
•added 2022/05/05 6:46 p.m.•16 views

RCE due to a dependency confusion

Description Hi team, I hope you are well. I found a dependency confusion vulnerability in this repo. When I analyzed your repo, I found a Makefile which install a dependency : https://github.com/openziti/ziti/blob/271614d50df5535cf99ad0882649ae0ef7bb88a2/ziti/MakefileL155 go get...

7AI score
Exploits0References4
Huntr
Huntr
•added 2022/05/05 9:7 a.m.•16 views

Cross-site Scripting (XSS) in create space function

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept 1.Login as normal user. 2.Access subdomain /space/create/create. 3.Input name, color, description,...

5.7AI score
Exploits0
Huntr
Huntr
•added 2022/05/04 2:20 p.m.•13 views

Cross-site scripting - Stored via upload `.xsig` file

Description When user upload a file with .xsig extension and direct access this file, the server response with Content-type: text/html lead to processing XSIG as HTML file. Proof of Concept POST /facturascripts/EditAttachedFile?code=1&action=save-ok HTTP/1.1 Host: localhost User-Agent: Mozilla/5....

6.9AI score
Exploits0References1
Huntr
Huntr
•added 2022/05/04 7:11 a.m.•103 views

Cross-site Scripting (XSS) via Cookie Value

Description The is an XSS could be trigger via cookie value. Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded...

0.7AI score
Exploits0
Huntr
Huntr
•added 2022/05/04 5:59 a.m.•7 views

Denial of service

Affected commit 49b8cef31f01c0d88d874e17714dff1fa5b85df0 Proof of Concept ruby= raise SystemStackError.new BasicObject.new Expected: Raise exception without abort the software Case output: bash= root:/mruby/mruby/bin ./mruby poc.rb poc.rb:1: can't convert BasicObject into String TypeError Aborted...

3.1AI score
Exploits0
Huntr
Huntr
•added 2022/05/03 3:14 p.m.•19 views

A heap-buffer-overflow in mobi_decode_infl in index.c

Description A heap-buffer-overflow in mobidecodeinfl in index.c Env Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal mobitool build: May 3 2022 20:46:07 clang Ubuntu Clang 11.1.0 libmobi: 0.10 Build export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasa...

5.8CVSS5.6AI score0.00782EPSS
Exploits1
Huntr
Huntr
•added 2022/05/03 2:25 p.m.•15 views

Server-Side Request Forgery in scout

Description Server-Side Request Forgery in remotecors Proof of Concept GET /remote/cors/http://:8888 HTTP/1.1 Host: localhost:8000 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:100.0 Gecko/20100101 Firefox/100.0 Accept:...

6.4CVSS0.5AI score0.01095EPSS
Exploits1References1
Huntr
Huntr
•added 2022/05/02 6:28 p.m.•10 views

Improper Access Control

Description The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Proof of Concept Unauthorized actors can access critical pages directly. - InstallDatabase.php - diagnostic.php...

3.8AI score
Exploits0
Huntr
Huntr
•added 2022/05/02 10:45 a.m.•6 views

Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept - it works on firefox not in chromium based browsers - login as admin - go to...

Exploits0
Huntr
Huntr
•added 2022/05/02 8:53 a.m.•10 views

Improper File Deletion

Description A student uploaded a file when submitting an assignment. Then, if a teacher deletes that assignment, the attachment is still remained on the server and if anyone has the link to that file, he can access to it to view or download it. Steps to reproduce Login to the demo environment by...

2AI score
Exploits0
Huntr
Huntr
•added 2022/05/02 5:15 a.m.•13 views

Improper handling of large integer values

Description In create Fee function, improper handling of large integer values in mount field value. Proof of Concept POST /demonstration/Modules.php?modname=StudentBilling/StudentFees.php HTTP/1.1 Host: www.rosariosis.org Cookie: RosarioSIS=kja39eaq6q73envhk6eo8300vgumn2612c5huvue08vgh66faog1...

0.1AI score
Exploits0References1
Huntr
Huntr
•added 2022/05/01 6:1 p.m.•24 views

Arbitrary Code Execution through Sanitizer Bypass

Description The sanitizer function of the drawio core library which is responsible to sanitize various parts of a diagram of potentially dangerous HTML/JavaScript code can be bypassed. It is vulnerable to mutation XSS payloads, which allows escaping from the sanitizer. This allows arbitrary code...

6.8CVSS0.02273EPSS
Exploits1References1
Huntr
Huntr
•added 2022/05/01 4:21 p.m.•12 views

Stack buffer overflow in RTSP packet parsing

Description A malicious RTSP server can trigger a stack buffer overflow via an RTSP packet with an excessively long content-length due to no bounds check when copying into a fixed sized buffer. Proof of Concept poc.py is available here terminal 1 python3 poc.py 31337 terminal 2 ./configure...

2.3AI score
Exploits0
Huntr
Huntr
•added 2022/05/01 7:47 a.m.•15 views

Store XSS

Description Phishing and stealing users through vulnerabilities and accessing users' personal information Proof of Concept POST /admin/enhavo/article/article/update/5?viewid=6 HTTP/1.1 Host: demo.enhavo.com User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:56.0 Gecko/20100101 Firefox/56.0...

0.1AI score
Exploits0References1
Huntr
Huntr
•added 2022/05/01 5:46 a.m.•247 views

Stored XSS Via Markdown payload at HackerOne Settings

Description Rengine supports automatic vulnerability reporting to hackerone the module included a feature to customize the report using a markdown editor. Although it was blocking some malicious payloads, the Cross-Site Scripting was found exploitable via a special payload. Proof of Concept 1. Go...

5.8AI score
Exploits0
Huntr
Huntr
•added 2022/04/30 6:53 p.m.•10 views

Improper file deletion

Description When a user created with a profile picture and deleted after some time the profile picture of that user is still remain on the server even after deleting the user's account Proof of Concept 1. Create a new student with a profile picture 2. Delete this user 3. And visit this url...

0.1AI score
Exploits0
Huntr
Huntr
•added 2022/04/30 5:35 p.m.•14 views

Cross-site Scripting (XSS) - Reflected

Description The listmonk application is vulnerable to reflected XSS in Partial SQL expression to query subscriber attributes. Proof of Concept 1.Go to "Subscribers" - "All subscribers" - "Advanced" 2.Put this payload: " in the input filed. 3.Now click on Query then XSS will pop-up Video POC...

1.8AI score
Exploits0
Huntr
Huntr
•added 2022/04/30 2:15 p.m.•5 views

Stored XSS in "campaigns"

Description The listmonk application is vulnerable to stored XSS in the "Name" input filed for "campaigns" for which when a user tried to delete the "campaigns" XSS gets triggered. Proof of Concept 1.Go to "Campaigns" - "All campaigns" - "New" 2.Put this payload: in the "Name" input field and fil...

0.2AI score
Exploits0
Huntr
Huntr
•added 2022/04/30 12:54 p.m.•18 views

Heap-buffer-overflow in mobi_search_links_kf7

Description heap-buffer-overflow /home/ubuntu/libmobi-public/src/parserawml.c:110 in mobisearchlinkskf7 Environment Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal mobitool build: Apr 29 2022 20:52:30 gcc 9.3.0 libmobi: 0.10 Build export CC=gcc CXX=g++...

5.8CVSS5.7AI score0.00668EPSS
Exploits1
Huntr
Huntr
•added 2022/04/30 10:55 a.m.•11 views

Cross-site scripting - Reflected via upload `.xml` file

Description When user upload a file with .xml extension and direct access this file, the server response with Content-type: text/html lead to processing XML as HTML file. Proof of Concept POST /facturascripts/EditAttachedFile?code=1&action=save-ok HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0...

0.1AI score
Exploits0References1
Huntr
Huntr
•added 2022/04/30 10:26 a.m.•24 views

Cross-site scripting - Reflected in Create Subaccount

Description Cross-site scripting - Reflected in Create Subaccount via codsubcuenta parameter. Proof of Concept POST /facturascripts/EditSubcuenta HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:100.0 Gecko/20100101 Firefox/100.0 Accept:...

4.3CVSS0.00832EPSS
Exploits1References1
Huntr
Huntr
•added 2022/04/30 5:55 a.m.•25 views

heap-buffer-overflow in mobi_get_attribute_value

Description heap-buffer-overflow /home/ubuntu/libmobi-public/src/parserawml.c:357 in mobigetattributevalue Environment Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal mobitool build: Apr 29 2022 20:52:30 gcc 9.3.0 libmobi: 0.10 Build export CC=gcc CXX=g++...

5.8CVSS5.7AI score0.0066EPSS
Exploits1
Huntr
Huntr
•added 2022/04/30 1:51 a.m.•11 views

Cross-site Scripting (XSS) - Stored

Description I am able to bypass the fix in the report https://huntr.dev/bounties/4f7be1e2-b844-4def-af9f-136dcce1c349/ which caused the XSS vulnerability. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page...

6.1AI score
Exploits0
Huntr
Huntr
•added 2022/04/29 9:19 a.m.•7 views

Exposure of Sensitive Information to an Unauthorized Actor

Description Attacker can be able to download file from system. Proof of Concept 1.Login as student - Go to GRADES - Assignments - Submit a file to a random assignment - save. 2.Attacker with or without account can be able to download through this URL...

6.9AI score
Exploits0
Total number of security vulnerabilities4072