Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/02/21 5:48 p.m.36 views

Server-Side Request Forgery (SSRF)

Description Bypass of this report: https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369/ Proof of Concept Blacklist does not check for 0.0.0.0 PAYLOAD: http://0.0.0.0 This payload will be resolved to localhost python import socket from urllib.parse import urlparse PAYLOAD =...

7.5CVSS0.5AI score0.01284EPSS
Exploits1
Huntr
Huntr
added 2022/02/21 5:9 p.m.28 views

Heap-based Buffer Overflow

Description Heap overflow occurs in winlbrchartabsize. commit :592f6250017c31c8996325403e511f4502077ba5 Proof of Concept poc $ echo -ne "c2UgZW5jb2Rpbmc9aXNvODg1OQpub3JtOnNlIAEbCnNlIHZhcnRhYnN0b3A9NDAwCm5vcm0waTAw CQQ=" | base64 -d poc Valgrind $ /valgrind/vg-in-place -s /vim-debug/src/vim -u NON...

4.3CVSS0.5AI score0.12272EPSS
Exploits1
Huntr
Huntr
added 2022/02/21 10:38 a.m.18 views

Out-of-bounds Read

Description OOB read occurs in mrbarypush. commit : 5d9239c2c4644fa8a59d9f5159b4950569dd5e0e Proof of Concept poc $ echo -ne "WzpfXVswLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDBdPTpO" | base64 -d poc ASAN $ ./bin/mruby poc AddressSanitizer:DEADLYSIGNAL...

6.4CVSS1.2AI score0.00906EPSS
Exploits1
Huntr
Huntr
added 2022/02/21 8:0 a.m.32 views

Use of Out-of-range Pointer Offset

Description This issue occur in the v8.2.4428 version. Proof of Concept sh $ echo "dnMgIDPKKSAwMGNtZGxicmVh4OvbmfsA3ykA3/8wAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAhAAAA AAAAAODr3/f/fwAAAAAAAAAAAPZRIwAAAAAAa3N5bWxpbmsgCmJcJlx6cypcenMqQGU=" | base64 -d poc $ /valgrind/vg-in-place -s ./src/vim -u NONE -i NON...

6.5CVSS0.8AI score0.01622EPSS
Exploits1
Huntr
Huntr
added 2022/02/21 5:28 a.m.14 views

NULL Pointer Dereference

Description NULL Pointer Dereference in MP4BOX Command MP4Box -info POC6 POC6 is here. ASAN result iso file Unknown box type url@ in parent dref iso file Unknown box type traj in parent moov iso file Unknown box type 80rak in parent moov iso file Incomplete box mdat - start 11495 size 901165 iso...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/02/21 12:52 a.m.13 views

Multiple Open Redirect

Description In the /user/login endpoint, it doesnt check the value of the next parameter when the user is logged in and pass it directly to redirect which result to open redirect. The bug also exist in /user/logout, /user/register, /user/login, /user/resend-activation. Proof of Concept 1. Go to...

5.8CVSS5.2AI score0.0262EPSS
Exploits1
Huntr
Huntr
added 2022/02/20 9:2 p.m.32 views

Unrestricted Upload of File with Dangerous Type

Description In recent Crater version bed05fc2 tag: 6.0.4 privileged user can upload PHP file as expense receipt. Proof of Concept POST /api/v1/expenses/59/upload/receipts HTTP/1.1 Host: 172.17.0.1:8888 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:98.0 Gecko/20100101 Firefox/98.0 Accept: /...

6.5CVSS7.5AI score0.0091EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/20 8:8 p.m.5 views

Classic Buffer Overflow in john

Description For 1Password Cloud Keychain plugin, the length of inputs are not properly checked. Then inputs are copied to fixed length buffers. For example, creating a salt with a larger length allow a buffer overflow. Proof of Concept Using the cloudkeychain.hash file: $ ./run/john...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/02/20 7:41 p.m.12 views

Heap-based Buffer Overflow in john

Description For PEM plugin, the length of the ciphertext is not properly checked. Then the ciphertext is copied to a fixed length buffer. Creating a ciphertext with a larger length allow a heap overflow. Proof of Concept Using the following file pem.hash bash $ ./congigure -enable-asan; make -j4;...

7.9AI score
Exploits0
Huntr
Huntr
added 2022/02/20 5:33 p.m.18 views

Cross-site Scripting (XSS) - Stored

Description Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. Proof of Concept Steps to Reproduce:- = Install the WebApp and Setup it =...

3.5CVSS5.2AI score0.03506EPSS
Exploits4References2
Huntr
Huntr
added 2022/02/20 5:12 p.m.9 views

Improper Access Control in File Manager module

Description In Webmin 1.984, any authenticated low privilege user who did not have access to the File Manager module could interact with a variety of file manager capabilities such as modifying file ownership chown, viewing file properties, listing or deleting files and directories on the server...

0.8AI score
Exploits0References1
Huntr
Huntr
added 2022/02/20 4:15 p.m.12 views

Relative Path Traversal to Remote Code Execution

Description Pandora FMS v7.0NG.759 allows relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to Remote Code Execution with running application privilege...

5.8CVSS2.9AI score0.01067EPSS
Exploits0References1
Huntr
Huntr
added 2022/02/20 10:14 a.m.28 views

Heap-based Buffer Overflow

Description heap-buffer-overflow /home/ubuntu/fuzz/radare2/libr/include/rendian.h:176 in rreadle32 Environment Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal radare2 5.6.3 27472 @ linux-x86-64 git.5.6.2 commit: d24dbb9fbb0b398a6a739847008ccef3ea7e687c ASAN...

5.8CVSS5.8AI score0.00952EPSS
Exploits1
Huntr
Huntr
added 2022/02/20 9:27 a.m.30 views

NULL Pointer Dereference

Description NULL pointer dereference in binsymbols.c Environment bash Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal radare2 5.6.3 27472 @ linux-x86-64 git.5.6.2 commit: d24dbb9fbb0b398a6a739847008ccef3ea7e687c POC radare2 -AA -qq ./poc poc ASAN...

7.1CVSS1.5AI score0.00928EPSS
Exploits1
Huntr
Huntr
added 2022/02/20 6:3 a.m.22 views

Cross-site Scripting (XSS) - Reflected

Description There is a Reflected cross site scripting issue chained using these endpoints: 1 /admin/content/0/edit 2 /apiqqalert1fca4/page Proof of Concept 1. Login to https://demo.microweber.org 2. Now visit https://demo.microweber.org/demo/admin/content/0/edit 3. Now open this url in same tab o...

3.5CVSS0.8AI score0.009EPSS
Exploits1
Huntr
Huntr
added 2022/02/20 5:42 a.m.16 views

Improper Access Control in Configuration (Credential store)

Description Pandora FMS v7.0NG.759 allows improper access control in Configuration Credential store where a user with the role of Operator Write could create, delete, view existing keys which are outside the intended role. Proof of Concept Affected endpoint: POST...

5.5CVSS0.6AI score0.00332EPSS
Exploits0
Huntr
Huntr
added 2022/02/20 5:21 a.m.48 views

Insertion of Sensitive Information Into Debugging Code

Description Laravel debug mode exposes sensitive data, eg: internal source codes, stack traces, sql queries, databases names, tables names, user's cookies, email, phone number, username, laravel version, php version, etc Proof of Concept 1. Login into http://demo.microweber.org 2. Navigate to thi...

4CVSS0.6AI score0.01376EPSS
Exploits1
Huntr
Huntr
added 2022/02/20 3:32 a.m.26 views

Cross-site Scripting (XSS) - Reflected

Description The endpoint https://demo.microweber.org/demo/admin/post/id/edit is vulnerable to cross site scripting. The "Edit source" field is affected. Proof of Concept 1. Login into https://demo.microweber.org 2. Navigate to https://demo.microweber.org/demo/admin/post/25/edit 3. click EditSourc...

3.5CVSS5.6AI score0.00888EPSS
Exploits1
Huntr
Huntr
added 2022/02/19 8:40 p.m.34 views

Insecure Storage of Sensitive Information

Description:- When the user uploads his profile picture, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of microweber users like their Geolocation, their Device information like Device Name, Version, Software & Software version...

4CVSS0.4AI score0.01961EPSS
Exploits2References6
Huntr
Huntr
added 2022/02/19 8:13 p.m.31 views

Denial of Service

Description A malformed mdmp file causes a DoS attack and leads to resource exhaustion. Proof of Concept bash printf "%s" "TURNUJOnkwAA9f8AIwAAAAAAAAAA4FJj5gADAAAAGwAAAAAEAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAA" | base64 -d /tmp/a strace r2 /tmp/a This hangs and leads to resource exhaustion...

4.3CVSS5.9AI score0.00989EPSS
Exploits1
Huntr
Huntr
added 2022/02/19 5:12 p.m.19 views

Cross-Site Request Forgery (CSRF) to User Privilege Escalation

Description Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation User operation resulting in elevation of privilege to Administrator group. Detail Version: Pandora FMS v7.0NG.759 - OUM 759 - MR 51 Affected components: Console Proof of Concept Affected Endpoint: POST...

6.8CVSS1.7AI score0.0024EPSS
Exploits0References1
Huntr
Huntr
added 2022/02/19 5:7 p.m.33 views

NULL Pointer Dereference

Description Null pointer dereferencing occurs in finducmd. commit : cdf717283ca70b18f20b8a2cefe7957083280c6f Proof of Concept $ echo -ne "dGFiZQpzaWwwbm9ybTBxL2cJOkkb" | base64 -d poc Valgrind $ /valgrind/vg-in-place -s ./src/vim-u NONE -i NONE -n -X -Z -e -m -s -S poc -c ":qa!" ==1411416==...

4.3CVSS6.3AI score0.01525EPSS
Exploits1
Huntr
Huntr
added 2022/02/19 1:26 p.m.25 views

Cross-site Scripting (XSS) - Reflected

Description Hi, The endpoint https://demo.microweber.org/demo/admin/page is vulnerable to Cross Site Scripting. Proof of Concept 1. just navigate to the poc url:...

4.3CVSS0.7AI score0.01088EPSS
Exploits1
Huntr
Huntr
added 2022/02/19 1:6 p.m.30 views

Cross-site Scripting (XSS) - Stored

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. I used &10 Line Feed character in the href attribute of tag to bypass th...

3.5CVSS1AI score0.01343EPSS
Exploits1
Huntr
Huntr
added 2022/02/19 12:47 p.m.13 views

Uncaught Exception

Description The application is not able to handle errors, leading to expose of internal files paths. Vulnerable POC Url: https://demo.microweber.org/demo/api/saveedit Vulnerable Endpoint: demo/api/saveedit Vulnerable Parameter: database64= Request Method: POST Proof of Concept 1. Send a POST...

Exploits0
Huntr
Huntr
added 2022/02/19 5:59 a.m.33 views

Use of Out-of-range Pointer Offset

Description Using out-of-range Pointer Offset occurs in unixexpandpath. commit : e89bfd212b21c227f026e467f882c62cdd6e642d Proof of Concept $ echo -ne "c2UgbWwgd2ljCnRj+42NjaYq" | base64 -d poc valgrind $ /valgrind/vg-in-place -s /vim-debug/src/vim.debug -u NONE -i NONE -n -X -Z -e -m -s -S poc -c...

6.8CVSS8.1AI score0.01723EPSS
Exploits1
Huntr
Huntr
added 2022/02/19 4:0 a.m.29 views

Authorization Bypass Through User-Controlled Key

Description Bypass https://hackerone.com/reports/496293 via \b backspace character. Proof of Concept const parse = require'./index.js' url = parse'\bhttp://google.com' console.logurl Result: slashes: false, protocol: '', hash: '', query: '', pathname: '\bhttp://google.com', auth: '', host: '',...

7.5CVSS0.9AI score0.0222EPSS
Exploits1
Huntr
Huntr
added 2022/02/18 7:7 p.m.20 views

Open Redirect on Rudloff/alltube

Description Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain...

5.8CVSS0.1AI score0.03378EPSS
Exploits1
Huntr
Huntr
added 2022/02/18 4:23 p.m.26 views

Use multiple time the one-time coupon

Description I create a coupon only for one user and a one-time use coupon. Then create two users, and both of them can use the coupon, but only one of them should be able to use the coupon. Proof of Concept first, create a one-time and one-user coupon code that, e.g. is aaaaa. the attacker has tw...

5CVSS0.9AI score0.01032EPSS
Exploits1
Huntr
Huntr
added 2022/02/18 4:4 p.m.17 views

Business Logic Errors

Description I found a IDOR vulnerability where we can able to delete their product in the cart by the id parameter Steps to Produce: First add any product in to the cart and checkout In the checkout page , we can see the cart details and we have functionality to delete the product also I gave the...

4CVSS0.00911EPSS
Exploits1
Huntr
Huntr
added 2022/02/18 1:27 p.m.20 views

Cross-site Scripting (XSS) - Stored

Stored-xss is possible when adding a rule. Create a new Alert Rule like below and adjust the query like below with the following payload " Save the rule and see a xss-pop up...

3.5CVSS1.4AI score0.00613EPSS
Exploits1
Huntr
Huntr
added 2022/02/18 6:48 a.m.27 views

Cross-site Scripting (XSS) - Reflected

Description Can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out. Proof of Concept txt https:///demo/api/logout?redirectto=/asdf" Impact Through this vulnerability, an attacker is capable to execute malicious scripts...

4.3CVSS0.6AI score0.02273EPSS
Exploits1
Huntr
Huntr
added 2022/02/18 6:35 a.m.8 views

Path Traversal in silvanmelchior/RPi_Cam_Web_Interface

Description A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/02/17 10:14 p.m.19 views

Heap-based Buffer Overflow

Description There is a heap corruption when r2 processes a crafted dyldcache file. Confirmed on the latest release 5.6.2 and the master branch. Proof of Concept bash printf "%s"...

6.8CVSS8AI score0.0116EPSS
Exploits1
Huntr
Huntr
added 2022/02/17 8:30 p.m.39 views

Authorization Bypass Through User-Controlled Key

Description url-parse is unable to find the correct hostname when no port number is provided in the url. Payload: http://example.com: Proof of Concept javascript var Url = require'url-parse'; var PAYLOAD = "http://example.com:"; // Expected hostname: example.com // Actual hostname by url-parse:...

6.4CVSS0.01827EPSS
Exploits1
Huntr
Huntr
added 2022/02/17 4:48 p.m.30 views

Cross-site Scripting (XSS) - Generic

Description The user-controlled GET user parameter in index.php is unsanitized resulting in Cross-Site Scripting. Proof of Concept Endpoint: GET https://HOST/edit/user File: /web/edit/user/index.phpL11 // Check user argument if empty$GET'user' header"Location: /list/user/"; exit; Request...

4.3CVSS5.1AI score0.00952EPSS
Exploits1
Huntr
Huntr
added 2022/02/17 3:58 p.m.16 views

Arbitrary Command Injection

Description When creating a strapi app using npxcreate-strapi-app, we can inject arbitrary commands through the template cli argument as per the code in this particular link https://github.com/strapi/strapi/blob/master/packages/generators/app/lib/utils/fetch-npm-template.jsL13, this happens due t...

7.2CVSS0.8AI score0.00782EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/17 3:30 p.m.27 views

Cross-site Scripting (XSS) - Reflected

Description The user-controlled GET domain parameter in index.php is unsanitized resulting in Reflected Cross-Site Scripting. Proof of Concept Endpoint: GET https://HOST/edit/web/ // File: /web/edit/web/index.phpL28 // List domain $vdomain = $GET'domain'; // User controllable parameter if...

4.3CVSS5.1AI score0.00821EPSS
Exploits1
Huntr
Huntr
added 2022/02/17 1:0 p.m.6 views

Improper Input Validation

Description There is a lack of input length validation in phone number field at the checkout product where any user may able to add more than 5000+ character which shouldn't be allowed . Our expected result should be only 255 character should be allowed Steps to Reproduce In the Shop , checkout...

1.9AI score
Exploits0References1
Huntr
Huntr
added 2022/02/17 12:48 p.m.26 views

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/

Description The Introduction of a New Line Character lets the attacker the stack trace at demo.microweber.org/ This Attack becomes more significant because of its Less complication. The Stack trace discloses following information : 1. Backend Response code. 2. The Versions of Backend Laravel...

5CVSS0.7AI score0.44259EPSS
Exploits1
Huntr
Huntr
added 2022/02/17 12:30 p.m.11 views

in microweber/microweber

Description There is no input field length in update username where any user can able to add large number of characters like imagine we can add more 5000+ character on to the update name field . Steps to Reproduce Visit the particular URL Vulnerable-link Where there is a functionality to update o...

1.1AI score
Exploits0References1
Huntr
Huntr
added 2022/02/17 10:0 a.m.11 views

Heap-based Buffer Overflow in gpac/gpac

Description Heap-based Buffer Overflow in gpac Proof of Concept Version: MP4Box - GPAC version 1.1.0-DEV-rev1762-g90a145735-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/02/17 6:7 a.m.33 views

Improper Authorization in webmin/webmin

Description The /cron/saveallow.cgi endpoint is accessible to any authenticated low privilege users resulting in controlling user access to cron jobs. They could allow and deny other users access to cron jobs affecting the Scheduled Cron Jobs module. Proof of Concept Affected Endpoint: GET...

5.5CVSS1AI score0.01275EPSS
Exploits4
Huntr
Huntr
added 2022/02/17 5:42 a.m.13 views

Improper Privilege Management in rhizome-conifer/conifer

Description In admincontroller.py file, all APIs will perform user permission checks using adminview function to avoid access from low-level users. However, this does not apply to API /api/v1/admin/defaults. Anonymous users can change maxsize configuration which prevents other users from creating...

1.3AI score
Exploits0
Huntr
Huntr
added 2022/02/17 2:55 a.m.46 views

Improper Access Control to Remote Code Execution

Description In Webmin v1.984, affecting File Manager module, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as download file from remote URL and change file permission chmod. It is possible to achieve...

9CVSS0.9AI score0.96977EPSS
Exploits13
Huntr
Huntr
added 2022/02/16 3:54 p.m.21 views

Cross-site Scripting (XSS) - Stored

Description The application does not escape special characters before output to FE, lead to stored XSS. Proof of Concept 1. Go to Content Menus or Content Items. 2. Add an Item with the title set to XSS payload, e.g: Title" 3. Save Draft or Publish Go to View/Preview Draft. XSS will be triggered...

4.3CVSS0.3AI score0.00728EPSS
Exploits1
Huntr
Huntr
added 2022/02/16 10:39 a.m.27 views

Stack-based Buffer Overflow in vim/vim

Description Buffer overflow occurs in gaconcatshortenesc. commit : f5288c589500de0677444af4a428cfbccfccb8ce Proof of Concept poc $ echo -ne "bm9ybTEwMGdy3YAKZnUgUigpCmxldCBsaW5lPWdldGxpbmUoMSkKcmV0dSBsaW5lCmVuZGYKCmNh bGwgYXNzZXJ0X2VxdWFsKDEsUigpKQo=" | base64 -d poc ASAN $ ./src/vim.asan -u NONE...

6.8CVSS8.5AI score0.01806EPSS
Exploits1
Huntr
Huntr
added 2022/02/16 8:6 a.m.18 views

in mruby/mruby

Description commit ecb28f4bf463483cf914c799d086b0cfff997aee Proof of Concept sh ⚡ root@pocas  /fuzz/mruby2   master ±  echo "P2MKWyoqMCwqKjgsbTowXQSAPRpbAAB7" | base64 -d poc1 ⚡ root@pocas  /fuzz/mruby2   master ±  ./bin/mruby poc1 AddressSanitizer:DEADLYSIGNAL...

5.8CVSS1.4AI score0.00992EPSS
Exploits1
Huntr
Huntr
added 2022/02/16 7:59 a.m.19 views

Open Redirect in archivy/archivy

Description The application doesn't check the target website before redirecting leads to Open Redirect vulnerability. Proof of Concept Install local service for testing - Step 1: Go to http://127.0.0.1:5000/login?next=%2F%2fevil.com - Step 2: Enter valid credential, you will be redirect to evil.c...

5.8CVSS0.8AI score0.00618EPSS
Exploits1
Huntr
Huntr
added 2022/02/15 11:46 a.m.12 views

Open Redirect in ikus060/rdiffweb

Description The application has an Open Redirect vulnerability because the data filtering process does not completely prevent attacks. Proof of Concept - Step 1: Visit https://rdiffweb-demo.ikus-soft.com/login/?redirect=//evil.com - Step 2: Login with valid account, you will be redirect to evil.c...

1.6AI score
Exploits0
Total number of security vulnerabilities4072