Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/04/23 3:23 a.m.12 views

SQL injection in PortalNotes

Description In PortalNotes.php, web server get values parameter as a part of sql query without sanitize, so attacker can be manipulated sql query, which is executed by web server. Proof of Concept POST /rosariosis/Modules.php?value=123 HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 Windows...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2022/04/23 2:51 a.m.11 views

Cross-site scripting - Reflected via mime-type file upload

Description When user upload file with extension not in white-list, server will throw error attach with mime-type of file upload user can controll without sanitize. Proof of Concept POST /rosariosis/Modules.php?modname=SchoolSetup/PortalNotes.php&modfunc=update HTTP/1.1 Host: localhost:8080...

7AI score
Exploits0References1
Huntr
Huntr
added 2022/04/22 6:4 p.m.33 views

XSS in /demo/module/?module=HERE

Description Reflected XSS in /demo/module/?module= bypass of fix for CVE-2022-1439 Proof of Concept In this report I showed an XSS and while one of the filter evasion mechanisms was fixed, the root cause persists to allow other payloads. As I mentioned there are event handlers which are unblocked...

4.3CVSS0.8AI score0.0321EPSS
Exploits2References1
Huntr
Huntr
added 2022/04/22 2:29 p.m.14 views

Remote access to another's conversation based on their email address

System: - Chatwoot 2.4.1, self-hosted - User identity validation is enabled - Each client has a unique identifier and a corresponding valid hmac Description User B can impersonate User A and access his chat history by filling in user A's email address in the setUser despite that the two users do...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/04/22 8:51 a.m.112 views

Sed Injection Vulnerability

Description In Hestia Control Panel 1.5.11, several v-scripts shell scripts have sed injection vulnerabilities. By chaining these vulnerabilities, an authenticated remote attacker with low privileges can execute arbitrary code under root context. Sed injection vulnerabilities exist in the followi...

9CVSS9.1AI score0.04459EPSS
Exploits1
Huntr
Huntr
added 2022/04/21 6:43 p.m.24 views

Stored XSS via upload plugin functionality in zip format

Description Cross-site scripting XSS is a common attack vector that injects malicious code into a vulnerable web application. Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Here...

3.5CVSS0.5AI score0.00732EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/21 3:37 p.m.29 views

heap-use-after-free

Description Whilst experimenting with radare2, built from version 5.6.8, we are able to induce a vulnerability at newrbtree.c:411 in function rrbnodenext , using radare2 as a harness. 409: RAPI RRBNode rrbnodenextRRBNode node 410: rreturnvaliffail node, NULL; //use-after-free here 411: if...

4.3CVSS5.6AI score0.00771EPSS
Exploits1
Huntr
Huntr
added 2022/04/21 12:44 p.m.69 views

Reflected XSS on demo.microweber.org/demo/module/

Description Reflected XSS with filter bypass on /demo/module/ using module= & style= parameters. Proof of Concept https://demo.microweber.org/demo/module/?module='ontransitionend=alert1'"tabindex=1&style=transition:outline%200.001s&id=x&data-show-ui=admin&class=x&fromurl=https://demo.microweber.o...

4.3CVSS0.3AI score0.0321EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/20 5:49 p.m.21 views

Cross-site Scripting (XSS) - Generic

Description The Stream URL of octoprint application allowing xss payload to execute for which its leads to Cross-site Scripting XSS Proof of Concept Login to the application Now go to settings - Webcam & Timelapse - Stream URL and insert the payload " in the Stream URL and click on "Test" You wil...

4.6CVSS0.2AI score0.01152EPSS
Exploits1
Huntr
Huntr
added 2022/04/20 3:30 p.m.14 views

no spoofing protection on email domain (No Valid SPF Records.)

What Is SPF/TXT Records? An SPF record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain. Checking...

7AI score
Exploits0References2
Huntr
Huntr
added 2022/04/20 1:37 p.m.23 views

Store XSS in title parameter executing at EditUser Page & EditProducto page

Description Cross-site scripting XSS is a common attack vector that injects malicious code into a vulnerable web application. Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Proof ...

3.5CVSS0.2AI score0.00719EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/20 11:3 a.m.37 views

Out-of-bounds Read in mrb_obj_is_kind_of in

Out-of-bounds Read in mrbobjiskindof in mruby/mruby Affected commit 791635a8d1ad9aad98aae0a36a91e092e4d71944 Proof of Concept ruby= Math.initialize do $4 prepend dup 4.instanceexec|| super end Below is the output from mruby ASAN build: bash= AddressSanitizer:DEADLYSIGNAL...

4.6CVSS2.4AI score0.00446EPSS
Exploits1
Huntr
Huntr
added 2022/04/20 10:40 a.m.13 views

Windows-Specific Relative Path Traversal vulnerability in StaticDir server

Description The fix released in version 0.19.1 does not completely fix the relative path traversal vulnerability on Windows hosts. An attacker can access files outside of the configured directory root. This is due to Windows supporting the \ character as a path separator. Proof of Concept With a...

2.1AI score
Exploits0References1
Huntr
Huntr
added 2022/04/20 8:31 a.m.22 views

chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.

Steps to reproduce the issue git clone https://github.com/hpjansson/chafa.git cd chafa export CFLAGS="-g -O0" export CXXFLAGS="-g -O0" ./autogen.sh ./configure --disable-shared make ./tools/chafa/chafa ./poc.gif gdb --args ./tools/chafa/chafa ./poc.gif...

4.3CVSS3.3AI score0.0085EPSS
Exploits1
Huntr
Huntr
added 2022/04/20 3:15 a.m.24 views

Heap-based Buffer Overflow

Description Heap-based buffer overflow in coresymbolication:272 Environment radare2 5.6.9 0 @ linux-x86-64 git. commit: 5.6.9 build: 2022-04-1923:49:49 Build export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan" CXXFLAGS="-fsanitize=address -static-libasan" LDFLAGS="-fsanitize=address...

5.8CVSS0.00735EPSS
Exploits1
Huntr
Huntr
added 2022/04/19 6:46 p.m.12 views

Open Redirect

Description Url redirection at the endpoint /login?next= which leads to redirect admin to malicious domain Proof of Concept Send this link to adminhttp://localhost:3000/login?next=http://evil.com When he will open it and try to login the url will redirect to /evil.com POC VIDEO...

7AI score0.05265EPSS
Exploits2References1
Huntr
Huntr
added 2022/04/19 6:25 p.m.37 views

Dom xss leads to account takeover

Description The endpoint of login allows Javascript payload to execute which leads to XSS pop-up Proof of Concept Send this link to admin http://127.0.0.1:2222/login/?redirect=javascript:alertdocument.cookie When he will open it and try to login XSS will popup. Image POC...

5.1CVSS7.3AI score0.01275EPSS
Exploits1
Huntr
Huntr
added 2022/04/19 7:10 a.m.21 views

A null pointer reference in libmobi.

Description The vulnerability at src/index.cL 1054, function mobitrieinsertinfl. At line 1063 shown as below, function mobigetcncxstringflat uses len as parameter, len got from t.tagvalues. While at line 1060, program doesn’t check the initial value of tagvaluescount, when the for loop begins wit...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/04/17 10:21 a.m.11 views

Relative Path Traversal vulnerability in StaticDir server

Description There is a relative path traversal vulnerability in the serve module of the extra crate. An attacker can simply request a relative path and access files outside of the configured directory root. Proof of Concept With a static folder in the project directory: rs // main.rs use...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/04/17 4:58 a.m.18 views

Improper Access Control on view student list

Description lavsms system provide a feature for teachers to view any student in the systems. The problem is when student also can view the student's list. They also can download the list in pdf or excel. Proof of Concept 1. GET http://lavsms.test/students/list/id Step to reproduce 1. Login as...

1AI score
Exploits0
Huntr
Huntr
added 2022/04/16 10:32 a.m.29 views

Command Injection vulnerability in [email protected]

Command Injection vulnerability in [email protected] git-interface describes itself as a Interface to work with a git repository in node.js Resources: Project's GitHub source code: https://github.com/yarkeev/git-interface Project's npm package: https://www.npmjs.com/package/git-interface I'm...

10CVSS0.1AI score0.03816EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/16 2:56 a.m.23 views

SQL injection vulnerability in ARAX-UI Synonym Lookup functionality

Description The /rtxcomplete/nodeslike endpoint in the ARAX-UI application at https://arax.rtx.ai is vulnerable to SQL injection. It is possible to include a malicious SQL payload in the word query parameter for this endpoint that would allow an attacker to dump the database, make modifications t...

10CVSS0.5AI score0.03485EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/15 4:18 p.m.24 views

API Privilege Escalation

Description Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed, and such elevation or changes should have been prevented by the application. This is usually caused by a flaw in the application. On Easy!Appointments API authorizati...

9CVSS0.6AI score0.01115EPSS
Exploits1
Huntr
Huntr
added 2022/04/15 4:51 a.m.13 views

Unrestricted Image Upload

Description When testing file upload function in Organizr 2.1.1830, there are improvement on image upload features in Image Manager. But user can bypass it by identify double extension file type method Proof of Concept 1 Login and go to Settings - Image Manager 2 Upload file with double extension...

1.3AI score
Exploits0
Huntr
Huntr
added 2022/04/14 12:14 p.m.31 views

Use of Out-of-range Pointer Offset

Description This issue occur in the version 8.2.4739 Proof of Concept ➜ vim git:master ✗ echo -n AO8A9C4K/QAKaWZ7e3t7e30tPigzKSg/PWEpezAsMSYKaWZ7e2Z7eyAtPig/PVk8ezAsMTB9Yb7dMH1hvt17MRAALS6zNQAAAAr/AF0KgAr1 | base64 -d POC1 ➜ vim git:master ✗ ./src/vim -u NONE -i NONE -n -X -Z -e -m -s -S POC1 -c...

4.3CVSS6.2AI score0.01418EPSS
Exploits1
Huntr
Huntr
added 2022/04/14 8:46 a.m.26 views

Unrestructed file upload

Description I found unrestricted file upload leads to xss, vulnerability can be exploited by uploading a crafted payload inside a file. Then, the vulnerability can be triggered when the user previews the files content. Proof of Concept unrestricted file upload payload...

4.3CVSS0.2AI score0.00728EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/14 7:20 a.m.26 views

Heap-based Buffer Overflow

Description Heap-based Buffer Overflow in rreadle32 Environment radare2 5.6.7 0 @ linux-x86-64 git. commit: 5.6.7 build: 2022-04-1215:06:26 Build export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan" CXXFLAGS="-fsanitize=address -static-libasan" LDFLAGS="-fsanitize=address...

5.8CVSS0.00739EPSS
Exploits1
Huntr
Huntr
added 2022/04/13 8:59 p.m.48 views

global heap buffer overflow in skip_range

✍️ Description When fuzzing vim commit f420ff244 v8.2.4747 with clang 13 and ASan, I discovered a global buffer overflow. Proof of Concept Here is the minified poc bash r 0norm0V:^ How to build bash LD=lld AS=llvm-as AR=llvm-ar RANLIB=llvm-ranlib CC=clang CXX=clang++ CFLAGS="-fsanitize=address"...

6.8CVSS0.2AI score0.03104EPSS
Exploits1
Huntr
Huntr
added 2022/04/13 3:57 p.m.13 views

DoS due to unrestricted hashing

Description The application accepts strings of any size as passwords and processes hashes the string to check in the database if the user exists, for example upon login. Being the hashing process resource-intensive, it can be possible to cause Denial of Service without particular processing power...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/04/13 12:36 p.m.32 views

SQL injection in GridHelperService.php

Description In line 786, we can see $conditionFilters = $filterField . ' ' . $operator . ' ' . $value;. The three variables joins to a string, and the variables come from the request parameter.Maybe line 793 is vulnerable too. The code comes from prepareAssetListingForGrid function. The function ...

5CVSS0.7AI score0.64605EPSS
Exploits1
Huntr
Huntr
added 2022/04/13 5:42 a.m.30 views

NULL Pointer Dereference

Description NULL pointer dereference in rbinnegetsegments Environment Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal radare2 5.6.7 0 @ linux-x86-64 git. commit: 5.6.7 Build export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan"...

7.1CVSS1.8AI score0.00681EPSS
Exploits1
Huntr
Huntr
added 2022/04/13 2:55 a.m.25 views

Improper access control could make any user export all user of website

Description A user who has to change their password after logging in can export the website's user data. Proof of Concept Step 1: login to website by admin account and change password of a user. Check the box "Force password change upon next login" and save. Step 2: login to website by the accoun...

4CVSS6.5AI score0.01186EPSS
Exploits1
Huntr
Huntr
added 2022/04/13 1:47 a.m.14 views

librenms alert-rules Stored XSS

Description Please enter a description of the vulnerability. 1 . Go to http://SERVER/device-group and Create New-device Group 2 . Input Name parameter following XSS payload and save payload 1 3 . Go to http://SERVER/alert-rules and add Rule. You can choose the Device group that contains XSS paylo...

5.8CVSS5AI score0.00519EPSS
Exploits0References1
Huntr
Huntr
added 2022/04/12 11:56 p.m.21 views

librenms bills Description & Notes Stored XSS

Description Please enter a description of the vulnerability. Proof of Concept 1. Login 2. go to http://librenms/bills 3. Click to Create Bill 4. Add Description or Notes "" // PoC.js payload1 payload2 POST /bills/ HTTP/1.1 Host: 192.168.0.4 Connection: keep-alive Content-Length: 310 Cache-Control...

4.9CVSS0.2AI score0.94216EPSS
Exploits0References1
Huntr
Huntr
added 2022/04/12 7:24 p.m.11 views

Open Redirect

Description An Open Redirect vulnerability enables attacker to redirect the victims/users to malicious websites. The bug exists due to improper fix of https://huntr.dev/bounties/bac0b763-730c-4c4b-8b20-eb4926928cf3/. By using double / it is possible to bypass the check for http at the beggining o...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2022/04/12 4:15 p.m.32 views

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write

Description file.copy operations in GruntJS are vulnerable to a TOC-TOU race condition leading to arbitrary file write when an attacker can create a symlink just after deletion of the dest symlink by repeatedly calling ln -s /etc/shadow2 dest/shadow2 in a while loop but right before the symlink i...

6.9CVSS0.2AI score0.00299EPSS
Exploits1
Huntr
Huntr
added 2022/04/12 4:12 p.m.16 views

Stored XSS on add Group Name

Description XSS found on function add Group Name on User Management module at Organizr 2.1.1810. Proof of Concept 1 Go to User Management - Manage Group 2 Add new group 3 Insert payload on "Group Name" field then Add Group Payload 1 "alert"xss-here"; Screenshot 1 xss-triger 2 version 3 document...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/04/12 7:7 a.m.17 views

Stored xss bug

Description stored xss bug Proof of Concept create a public repo and create a issue .\ now in issue upload a html file with xss payload inside.\ When any user view the repo and click the attachment link then xss is executed .\ you can upload...

3.5CVSS5.6AI score0.00687EPSS
Exploits1
Huntr
Huntr
added 2022/04/11 8:0 p.m.39 views

stored xss due to unsantized anchor url

BUG ====== stored xss due to unsantized anchor url SUMMURY ========= using fullpage.js you can create a anchor tag . But when put href in anchor then it does not sanitize the url which allow to break context of anchor element and can add our new element . I see main javascript or other javascript...

3.5CVSS5.9AI score0.00812EPSS
Exploits1
Huntr
Huntr
added 2022/04/11 5:35 p.m.24 views

Cross-site Scripting (XSS) - Stored

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content. Proof ...

4.9CVSS0.2AI score0.00429EPSS
Exploits1References1
Huntr
Huntr
added 2022/04/11 3:24 p.m.17 views

Stored Cross Site Scripting vulnerability in Item name parameter

Description Stored cross site scripting vulnerability on Item name parameter in Assest module. Add payload in item name and whenever the user add the item in his requested assest . The alert will trigger. Proof of Concept 1. Login to the demo account 2. Go to Asset functionality , add or edit an...

3.5CVSS1.2AI score0.00834EPSS
Exploits1
Huntr
Huntr
added 2022/04/11 9:40 a.m.14 views

libde265 1.0.8, was discovered to contain a heap-use-after-free in put_qpel_fallback

Description libde265 1.0.8, was discovered to contain a heap-use-after-free in putqpelfallback fallback-motion.cc ENV - Version : 1.0.8 - Commit : 45904e5667c5bf59c67fcdc586dfba110832894c - OS : Ubuntu 18.04 - Configure : cmake -DCMAKEBUILDTYPE=Debug -DCMAKECXXCOMPILER=clang++-10...

7.4AI score
Exploits0
Huntr
Huntr
added 2022/04/10 2:30 p.m.51 views

URL Restriction Bypass

Description The validation of URLs contains flaws that allow bypassing security restrictions that are applied in the security profiles of PlantUML. There are two different flaws through which validation mechanisms can be circumvented. In the examples images are loaded to showcase the bypass...

6.4CVSS0.1AI score0.01514EPSS
Exploits1
Huntr
Huntr
added 2022/04/10 2:25 p.m.25 views

Out-of-bounds Read in r_bin_ne_get_entrypoints function

Description Out-of-bounds OOB read vulnerability exists in rbinnegetentrypoints function in Radare2 5.6.7 Version bash radare2 5.6.7 27777 @ linux-x86-64 git.5.6.6 commit: 0c4af43def68ce29f7a74847bb1b7286da155200 build: 2022-04-1008:53:32 Analysis The vulnerability exists due to the invalid type...

6.4CVSS7.6AI score0.00862EPSS
Exploits1
Huntr
Huntr
added 2022/04/10 10:43 a.m.26 views

Multiple Stored XSS

Description The organizr application allows malicious javascript payload in multiple-input fields like "Categories", "Bookmark Tabs" and "Bookmark Categories" for which attacker can takeover the admin account. Proof of Concept 1.Login to the co-admin account and go to go to "Settings" - "Tab...

3.5CVSS0.7AI score0.01024EPSS
Exploits1
Huntr
Huntr
added 2022/04/10 10:36 a.m.38 views

Stored XSS due to no sanitization in the filename

Description The organizr application doesn't sanitize malicious javascript payload which leads to stored XSS and can also perform to the takeover admin account. Proof of Concept 1.Login with Co-admin account and go to "Settings" - "Image Manager" and upload any small size jpeg image and intercept...

3.5CVSS8.9AI score0.01024EPSS
Exploits1
Huntr
Huntr
added 2022/04/10 10:32 a.m.32 views

Stored XSS viva .svg file upload

Description The application allows .svg files to upload which leads to stored XSS Proof of Concept 1.Download the payload from this link:- https://drive.google.com/file/d/1c1BP5bxXBxtwLfRJTrEPgMWK1yVFDF2R/view?usp=sharing 2.Login to the application with Co-admin account and go to "Settings" -...

3.5CVSS8.9AI score0.00982EPSS
Exploits1
Huntr
Huntr
added 2022/04/10 10:28 a.m.36 views

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users

Description The application Organizr allows malicious javascript in the "Username" & "Email" input fields for which an attacker can able to take over the account of Admin & Co-admin users. Proof of Concept 1.During "Signup" put the below payloads in the "Username" & "Email" input fields. 2.Now ru...

6CVSS1.4AI score0.01204EPSS
Exploits1
Huntr
Huntr
added 2022/04/10 10:27 a.m.25 views

Leaking password protected articles content due to improper access control

Description Any user who can publish their article can protect it using a password before publishing. So, a valid password to the article is required to view the contents of the article. But when a request is made to article /2022/04/10/ the UI show it requires a password to view content. But the...

4CVSS1.5AI score0.01166EPSS
Exploits1
Huntr
Huntr
added 2022/04/09 5:49 a.m.323 views

ZeroTierOne for windows local privilege escalation because of incorrect directory privilege

Description When administrators install zerotierone for windows, it will install ZeroTierOneService, the ImagePath of it is C:\ProgramData\ZeroTier\One\zerotier-onex64.exe,however, the permission of C:\ProgramData\ZeroTier\One\ is incorrect, an attacker with low privilege can get system privilege...

7.2CVSS5.1AI score0.00392EPSS
Exploits1
Total number of security vulnerabilities4072