Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/04/29 7:38 a.m.19 views

Buffer Over-read

Description Buffer Over-read in hpjansson/chafa at xwd-loader.c:185 Build export CFLAGS="-g -O0 -lpthread -fsanitize=address" export CXXFLAGS="-g -O0 -lpthread -fsanitize=address" export LDFLAGS="-fsanitize=address" ./autogen.sh ./configure --disable-shared make POC ./tools/chafa/chafa ./poc.png...

4.3CVSS5.3AI score0.00616EPSS
Exploits1
Huntr
Huntr
added 2022/04/29 7:13 a.m.14 views

Improper Access Control (IDOR)

Description Any user even user without account can view any student photos through student's id. Proof of Concept Access this URL https://www.rosariosis.org/demonstration/assets/StudentPhotos/2021/studentid.jpg - Attacker can see a student personal photo even without school's account student's id...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/04/29 5:47 a.m.26 views

Reflected XSS

Description hello team, i found a reflected xss in /rtxcomplete/nodeslike via callback parameter Proof of Concept https://arax.rtx.ai/rtxcomplete/nodeslike?=1651210002052&callback=%3CScRiPt%20%3Ealertdocument.domain%3C/ScRiPt%3E&limit=15&word=1...

4.3CVSS1.4AI score0.00732EPSS
Exploits1
Huntr
Huntr
added 2022/04/29 5:23 a.m.23 views

Reflected XSS

Description Hello , i found an authenticated reflected xss via path fragment this was exploitable through trusting user input in url path fragement , please note : if you wrote a different payload you need to URL Encode the payload twice Proof of Concept Enter this url :...

3.5CVSS0.2AI score0.00579EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/29 3:19 a.m.16 views

Cross-site Scripting (XSS) in Error Page

Description The is an XSS could be trigger via error page through invalid file name. Proof of Concept 1.Login as Admin. 2.Upload new file with name .svg 3.Save - Fatal Error Page show up and the xss will be trigger...

1.8AI score
Exploits0References1
Huntr
Huntr
added 2022/04/29 2:30 a.m.30 views

DOM XSS in microweber ver 1.2.15

Description Hi there, on your latest version docker images 3463db62a01f, vulnerable to DOM XSS. Proof of Concept...

4.3CVSS1.4AI score0.0125EPSS
Exploits1
Huntr
Huntr
added 2022/04/29 1:54 a.m.32 views

Blind command injection

Description Hello , its my first report in huntr.dev fast code review : file https://github.com/yogeshojha/rengine/blob/master/web/api/views.pyL820 class CMSDetectorAPIView: def getself, request: req = self.request url = req.queryparams.get'url' savedb = True if 'savedb' in req.queryparams else...

7.5CVSS9.2AI score0.02664EPSS
Exploits1
Huntr
Huntr
added 2022/04/28 8:53 p.m.41 views

Use after free in append_command

✍️ Description When fuzzing vim commit fc78a0369 works with latest build and latest commit 202b4bd3a per this time of this report with clang 13 and ASan, I discovered a buffer overflow. Proof of Concept Here is the poc bash...

6.8CVSS0.1AI score0.02645EPSS
Exploits1
Huntr
Huntr
added 2022/04/28 8:50 p.m.35 views

Heap buffer overflow in vim_strncpy find_word

✍️ Description When fuzzing vim commit fc78a0369 works with latest build and latest commit 202b4bd3a per this time of this report with clang 13 and ASan, I discovered a buffer overflow. Proof of Concept Here is the poc bash...

6.8CVSS7.6AI score0.02303EPSS
Exploits1
Huntr
Huntr
added 2022/04/28 8:2 p.m.41 views

Reflected XSS

Description Bypass XSS filter on /module/ Proof of Concept https://demo.microweber.org/demo/module/?module=admin%2Fmodules%2Fmanage&id=x"draggable="true"ondragexit=alert1&class=x&fromurl=x Drag something around to trigger the XSS. Might only work in FireFox. How to fix This is still CVE-2022-1439...

4.3CVSS0.1AI score0.0321EPSS
Exploits2
Huntr
Huntr
added 2022/04/28 3:46 p.m.10 views

Cross-site scripting - DOM via view file function

Description In Modules - Files, when click a file will have a popup and in URL will append select-file= fragment, so this fragment in url lead to XSS-DOM. Proof of Concept...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2022/04/28 3:8 p.m.12 views

Reflected XSS in microweber

Description Hi there, In your latest version 1.2.15 docker here https://registry.hub.docker.com/r/microweber/microweber, i found an reflected xss endpoint: http://localhost/admin/view:content/action:settings?group=template&template param: template payload: shopmag"alertdocument.cookie Proof of...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/04/28 2:54 p.m.7 views

Cross-site scripting - Stored via upload ".msg" file

Description When user upload file with .msg extension in white-list, but when access this file, server not reponse with Content-type header, so this file can execute javascript code as Content-type: text/html Proof of Concept POST /microweber/plupload HTTP/1.1 Host: localhost User-Agent:...

7.5AI score
Exploits0References1
Huntr
Huntr
added 2022/04/28 12:18 p.m.8 views

Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept - it works on firefox not in chromium based browsers - login as admin - go to...

Exploits0
Huntr
Huntr
added 2022/04/28 10:33 a.m.39 views

Cross-site Scripting (XSS)

Proof of Concept Steps to reproduce: Naviagate the below URL URL: https://demo.contao.org/contao/" Here Some Image POC Attached...

4.3CVSS0.2AI score0.03795EPSS
Exploits0
Huntr
Huntr
added 2022/04/28 9:10 a.m.13 views

Improper Access Control (IDOR)

Description Improper Access Control IDOR could leak admin information. Proof of Concept 1.Login as admin, edit a role to give permission show a user information - save 2.Login as an user with that role - go to url http://my.facturascripts.site/EditUser?code=admin&action=export&option=PDF - Can se...

Exploits0
Huntr
Huntr
added 2022/04/28 8:58 a.m.11 views

Thirdparty site authorization header leak

Description mechanize library is used to manipulate the URL of web pages and crawl the contents of web pages. mechanize does not filter the request header after redirecting. It will also transfer the authentication and cookie request header of the first request to the service after redirecting,...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/04/28 4:22 a.m.29 views

Buffer Over-read in function utfc_ptr2len

Description Buffer Over-read in function utfcptr2len at mbyte.c:2113 vim version git log commit 5a8fad32ea9c075f045b37d6c7739891d458f82b HEAD - master, tag: v8.2.4962, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/poch8s.dat -c :qa!...

6.8CVSS6.9AI score0.01252EPSS
Exploits1
Huntr
Huntr
added 2022/04/28 3:47 a.m.34 views

Heap-based Buffer Overflow in function cmdline_erase_chars

Description Heap-based Buffer Overflow in function cmdlineerasechars at exgetln.c:1085 POC ./vim -u NONE -X -Z -e -s -S ./poch1.dat -c :qa! ================================================================= ==3840814==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60b00000087f at pc...

6.8CVSS6.9AI score0.02481EPSS
Exploits1
Huntr
Huntr
added 2022/04/28 2:42 a.m.38 views

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729

Description NULL Pointer Dereference in function vimregexecstring at regexp.c:2729 allows attackers to cause a denial of service application crash via a crafted input. POC ./vim -u NONE -X -Z -e -s -S ./pocn.dat -c :qa! Segmentation fault pocn.dat GDB ─── Output/messages...

5CVSS1.7AI score0.01518EPSS
Exploits1
Huntr
Huntr
added 2022/04/27 5:42 p.m.14 views

Cross-site scripting - Stored via upload ".cad" file

Description When user upload file with .cad extension in white-list, server will stored .cad file at userfiles/media/default/, so we can direct access. Becase when access this file, server not reponse with Content-type header, so this file can execute javascript code as Content-type: text/html...

7.3AI score
Exploits0References1
Huntr
Huntr
added 2022/04/27 8:27 a.m.27 views

Multiple Store XSS via upload svg file and the file name of attachment

Description Hi There, facturascripts is vulnerable to store XSS by upload svg file, and the filename Step to produce with svg file Login as admin or any account has role Admin-Library, access Admin - library - New and upload file svg with content: alertdocument.cookie; save this. XSS will be...

3.5CVSS5.7AI score0.00643EPSS
Exploits1
Huntr
Huntr
added 2022/04/27 7:52 a.m.5 views

Stored XSS on Import Targets

Description Hello, When a XSS payload is used as the Add or Import Targets file name, it executes it hence stored XSS is possible. Proof of Concept Name a file .txt Import the file at /target/add/target You can see it being executed...

5.9AI score
Exploits0
Huntr
Huntr
added 2022/04/27 7:52 a.m.17 views

Refelect XSS in facturascripts

Description facturascripts is vulnerable to XSS in fsNick parameter Proof of Concept save this code as poc.html history.pushState'', '', '/' document.forms0.submit; open file with your browser - xss trigger...

4.3CVSS2.5AI score0.00907EPSS
Exploits1
Huntr
Huntr
added 2022/04/27 4:26 a.m.14 views

Cross-site Scripting (XSS) - Stored via htm file upload

Description rosariosis is vulnerable to Stored XSS in the File upload in Assignments by uploading an htm file with the javascript code inside. Proof-of-Concept phish.htm Test Upload File Test upload alert1 Step to reproduce From attacker side student 1.Login to the demo environment by student...

6.1AI score
Exploits0
Huntr
Huntr
added 2022/04/27 4:23 a.m.20 views

Cross-site Scripting (XSS) - Reflected

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept Turn on debugger mode. Add path /?alertorigin to any endpoint - script will be reflected, executed...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2022/04/27 3:58 a.m.18 views

NULL Pointer Dereference in function mobi_build_opf_metadata at opf.c:1161

Description NULL Pointer Dereference in function mobibuildopfmetadata at opf.c:1161 allows attackers to cause a denial of service application crash via a crafted input file Build git clone https://github.com/bfabiszewski/libmobi.git cd libmobi export CFLAGS="-g -O0 -lpthread -fsanitize=address"...

4.3CVSS0.5AI score0.00582EPSS
Exploits1
Huntr
Huntr
added 2022/04/27 3:47 a.m.150 views

Cross-site Scripting (XSS) - Stored via xHTML file upload

Description rosariosis is vulnerable to Stored XSS in the File upload in Assignments by uploading an xHTML file with the javascript code inside. Proof of Concept phish.xhtml alertdocument.domain; Step to reproduce From attacker side student 1.Login to the demo environment by student account...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/04/26 6:55 p.m.14 views

Insecure Storage of Sensitive Information

Description When the user uploads his profile picture, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of Scoold users like their Geolocation, their Device information like Device Name, Version, Software & Software version used,...

0.2AI score0.01961EPSS
Exploits1References5
Huntr
Huntr
added 2022/04/26 6:31 p.m.4 views

Small Space of Random Values

Description The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks. Vulnerable code snippet $password = $staff'USERNAME' . rand 1000, 9999 ;...

2AI score
Exploits0References1
Huntr
Huntr
added 2022/04/26 10:30 a.m.31 views

Cross-site Scripting (XSS)

Proof of Concept 1 Login to the webapplication 2 Navigate to the below URL URL :- https://demo.livehelperchat.com/siteadmin/system/languages/updated/true/sa/HEXX%22%3E%3Ca%20onmouseover=alert11122%3EDEXX%3Ca Below some image POC...

4.3CVSS5.1AI score0.00622EPSS
Exploits1
Huntr
Huntr
added 2022/04/26 8:18 a.m.27 views

Cross-site Scripting (XSS) - Stored via HTML file upload

Description rosariosis is vulnerable to Stored XSS in the File upload in Assignments by uploading an HTML file with the javascript code inside. Proof-of-Concept phish.html Test Upload File Test upload alert1 Step to reproduce From attacker side student 1.Login to the demo environment by student...

6AI score
Exploits0
Huntr
Huntr
added 2022/04/26 12:58 a.m.23 views

Buffer Over-read

Description Stack-based Buffer Overflow at index.c:991 Build git clone https://github.com/bfabiszewski/libmobi.git cd libmobi export CFLAGS="-g -O0 -lpthread -fsanitize=address" export CXXFLAGS="-g -O0 -lpthread -fsanitize=address" export LDFLAGS="-fsanitize=address" ./autogen.sh ./configure...

4.6CVSS6.9AI score0.00395EPSS
Exploits1
Huntr
Huntr
added 2022/04/25 11:57 a.m.27 views

Buffer Over-read at parse_rawml.c:1416

Description Heap-based Buffer Overflow at parserawml.c:1416 Build git clone https://github.com/bfabiszewski/libmobi.git cd libmobi export CFLAGS="-g -O0 -lpthread -fsanitize=address" export CXXFLAGS="-g -O0 -lpthread -fsanitize=address" export LDFLAGS="-fsanitize=address" ./autogen.sh ./configure...

3.6CVSS6.7AI score0.00342EPSS
Exploits1
Huntr
Huntr
added 2022/04/25 9:35 a.m.57 views

SQL injection in Calendar.php

Description In Calendar.php line 498-513, web server get values parameter as a part of sql query without sanitize, so attacker can be manipulated sql query, which is executed by web server...

6.4CVSS0.2AI score0.01873EPSS
Exploits1
Huntr
Huntr
added 2022/04/25 6:3 a.m.7 views

HTML Injection in Subscan view

Description HTML code is executed in the Subscan feature Proof of Concept 1. Add a scan engine: HTMLInjection 2. Go to "subdomains" for a target and add a Subscan using the scan engine. 3. Initiate a Subscan 4. View the subscan...

1AI score
Exploits0
Huntr
Huntr
added 2022/04/25 2:52 a.m.16 views

Stored XSS via Scan Engine Name

Description Scan Engine name is displayed in different places without validation Proof of Concept 1. Add a scan engine with name: 2. Scan a target, Create scheduled tasks 3. Go to https://127.0.0.1/scan/history/scan Note: Try on a private browser if it doesn't execute on the first. I am not sure...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/04/24 8:28 p.m.36 views

Improper handling of Length parameter

Description There was no restriction on the amount of text that can be inserted into a user's name field. When the text size was large enough the service resulted in a momentary outage in our non-production environment not high availability. An internal reproduction showed isolated disruption but...

6.5CVSS0.1AI score0.01065EPSS
Exploits1References4
Huntr
Huntr
added 2022/04/24 3:49 a.m.9 views

Cross Site Request Forgery in Release all grades feature

Description Hi there, there is a Cross site request Forgery in your Release all grades feature. This is due to the release all grades action is using GET request method. Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/04/24 2:11 a.m.15 views

Authenticated Reflected XSS

Description Hello Team , I found a Authenticated Reflected XSS when you go here : https://demo.collectiveaccess.org and then login as demo , demo username,password Proof of Concept https://demo.collectiveaccess.org/lookup/DisplayTemplate/Get?table=caobjects&id=21&template=asdasdasdasd alert1xx...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/04/23 11:24 p.m.8 views

Cross-site Scripting (XSS) - Stored

Description he software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept - login as an admin - go to...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/04/23 8:31 p.m.17 views

Mass Assignment Leading to (Limited) Password Confirmation Bypasses at UsersController

Description Hello there! Hope you are having an amazing day! 🤗 Just found out, while testing one of diaspora\ open servers, that the /user/edit endpoint has a limited case of "mass assignment", which enables an authenticated user to change their password and disable 2FA or change its secret witho...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/04/23 6:12 p.m.8 views

Cross-site Scripting (XSS) - Stored

Description Stored XSS found due to long name summarize Proof of Concept 1.First, access the latest version of the demo environment. https://www.rosariosis.org/demonstration/index.php 2.Then log in with your teacher account teacher/teacher 3.After logging in, access to add an assignment. 4.Then...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2022/04/23 5:48 p.m.9 views

Cross-site scripting - Stored via upload xml file

Description When user upload file with XML extension in white-list, server will stored XML file at assets/PortalNotesFiles/, so we can direct access and execute javascript code. Proof of Concept POST /rosariosis/Modules.php?modname=SchoolSetup/PortalNotes.php&modfunc=update HTTP/1.1 Host:...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2022/04/23 3:9 p.m.31 views

Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function

Description Out-of-bounds OOB read vulnerability exists in rbinjavabootstrapmethodsattrnew function in Radare2 5.6.9. This is similar with CVE-2022-0518 and CVE-2022-0521. Version radare2 5.6.9 27745 @ linux-x86-64 git.conti commit: 14189710859c27981adb4c2c2aed2863c1859ec5 build: 2022-04-2311:05:...

5.8CVSS6.4AI score0.01005EPSS
Exploits3References2
Huntr
Huntr
added 2022/04/23 3:0 p.m.27 views

Out-of-bounds Read in r_bin_java_constant_value_attr_new function

Description Out-of-bounds OOB read vulnerability exists in rbinjavaconstantvalueattrnew function in Radare2 5.6.9. This is similar with CVE-2022-0518 and CVE-2022-0521 Version radare2 5.6.9 27745 @ linux-x86-64 git.conti commit: 14189710859c27981adb4c2c2aed2863c1859ec5 build: 2022-04-2311:05:49...

5.8CVSS6.4AI score0.01005EPSS
Exploits3References2
Huntr
Huntr
added 2022/04/23 8:34 a.m.31 views

Stored Cross Site Scripting vulnerability in the checked_out_to parameter

Description The checkedoutto is not escaped, which leads to a XSS problem. Proof of Concept 1. 1.Login to the demo account 2. 2.Report-Depreciation Report 3. 3.Choose a Asset and goto Assets menu and check it out. new a location which is '" and check the asset to this location 4. 4.Return to...

3.5CVSS1.4AI score0.00743EPSS
Exploits1
Huntr
Huntr
added 2022/04/23 4:16 a.m.8 views

Improper authorization - receptionist can read all Clinic reports

Description Hi there openemr maintainers, I would like to report an improper authorization vulnerability in your source code. Proof of Concept 1. Install openemr in your system and create an admin account and a receptionist account 2. Log in as receptionist and see that you don't see Reports...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/04/23 4:6 a.m.10 views

Improper Privilege Management - receptionist can view background services and log for admin

Description Hi there openemr maintainers, I would like to report an improper authorization vulnerability in your source code. Proof of Concept 1. Install openemr in your system and create an admin account and a receptionist account 2. Log in as receptionist and see that you don't see Reports...

1.9AI score
Exploits0
Huntr
Huntr
added 2022/04/23 3:31 a.m.15 views

Improper authorization - receptionist can read all secure messaging

Description Hi there openemr maintainers, I would like to report an improper authorization vulnerability in your source code. Proof of Concept 1. Install openemr in your system and create an admin account and a receptionist account 2. Use admin account and create a secure message by go to Portal...

0.7AI score
Exploits0
Total number of security vulnerabilities4072