Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/02/15 11:36 a.m.21 views

OS Command Injection in part-db/part-db

Description OS command injection also known as shell injection is a web security vulnerability that allows an attacker to execute arbitrary operating system OS commands on the server that is running an application, and typically fully compromise the application and all its data. Very often, an...

10CVSS1AI score0.35436EPSS
Exploits5
Huntr
Huntr
added 2022/02/15 10:8 a.m.41 views

Path Traversal in prasathmani/tinyfilemanager

Description A Path Traversal vulnerability exists in Tiny File Manager, which allows the upload of files to an arbitrary location in the server. This flaw derives from the way that the file upload/creation is handled when a file with the same name already exists in the target directory. Affected...

7.5CVSS0.3AI score0.01864EPSS
Exploits1
Huntr
Huntr
added 2022/02/15 9:21 a.m.32 views

Improper Access Control in zulip/zulip

Description According to the current design of the application, when the user wants to get value of apikey, API /json/fetchapikey will require password to authentication. However, the application exists another API routed at /json/users/me/apikey/regenerate that allows regenerating apikey value a...

6.5CVSS0.1AI score0.00825EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 10:37 p.m.16 views

Cross-site Scripting (XSS) - Stored in helloxz/onenav

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.1AI score
Exploits0
Huntr
Huntr
added 2022/02/14 10:35 p.m.15 views

in helloxz/onenav

Description During the comparisons of different variables, PHP will automatically convert the data into a common, comparable type. This makes it possible to compare the number 12 to the string '12' or check whether or not a string is empty by using a comparison like $string == True. This, however...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/02/14 10:22 p.m.28 views

in medialize/uri.js

Description Bypass for https://huntr.dev/bounties/1625558772840-medialize/URI.js/ urijs fixed the issue for CVE-2021-3647, however an attacker can still exploit the issue due to case-sensitive checks in the earlier patch. Attacker can use case-insensitive protocol schemes like HTTP, htTP, HTtp et...

6.4CVSS0.0158EPSS
Exploits2
Huntr
Huntr
added 2022/02/14 7:5 p.m.28 views

in ionicabizau/parse-path

Description parse-path is unable to detect the right resource. While parsing http://[email protected] url, parse-path thinks that the host/resource is example.com, however the actual resource is 127.0.0.1. Proof of Concept SSRF PoC javascript const parsePath = require"parse-path"; const axios...

7.5CVSS0.3AI score0.00871EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 2:30 p.m.30 views

in mruby/mruby

Description There is a NULL Pointer Dereference in aryconcat array.c:301. This bug has been found on mruby lastest commit hash ecb28f4bf463483cf914c799d086b0cfff997aee on Ubuntu 20.04 for x8664/amd64. Proof of Concept The crash is not reproducible in a debug build, so a release build config must ...

4.3CVSS0.008EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 10:18 a.m.25 views

in thexxturboxx/dex2jar

Description This vulnerability is originally reported to pxb1988/dex2jar, but re-sending it again for maintained fork repository as requested. dex2jar is a set of tools to work with android .dex and java .class files. In these tools, there is a tool called "dex2smali", and this tool allows a...

7.4AI score
Exploits0
Huntr
Huntr
added 2022/02/14 10:9 a.m.10 views

Cross-site Scripting (XSS) - Stored in alanaktion/phproject

Description This is a vulnerability caused by incorrect patching of the vulnerability at https://huntr.dev/bounties/a465d272-35fc-4f9c-99f3-b89790c5ad1c/. For api /files/@id/@name, the application performed download action if the file was in svg format...

6.3AI score
Exploits0
Huntr
Huntr
added 2022/02/14 9:55 a.m.7 views

Improper Access Control in alanaktion/phproject

Description The application has a vulnerability that allows anonymous users to download files on the server. In addition, when authenticated user deletes a file in an issue, the file is only unlinked, not completely deleted on the server. That results in anonymous users being able to download the...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/02/14 8:40 a.m.10 views

in alanaktion/phproject

Description When the user clicks on the file, the application will checking Content-Type to decide whether to download or display the data directly. However, due to incorrect checking, a vulnerability exists leads to Stored XSS. I recommend that the force action relies on the file format instead ...

6.9AI score
Exploits0
Huntr
Huntr
added 2022/02/14 8:37 a.m.26 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Stored XSS at the Company name field customercompanynameValueParam parameter in the Copyright settings tab of the Chat configuration page. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to Chat configuration page...

3.5CVSS5.4AI score0.00598EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 8:37 a.m.34 views

Improper Authorization in salesagility/suitecrm

Description In SuiteCRM v7.12.4, affecting Employee Module, any user with the User Type as Regular User could export employee records via /index.php?entryPoint=export endpoint. The prerequisite of this attack is by knowing the user record ID which can be obtained in the employees' section. The...

4CVSS0.2AI score0.00609EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 7:39 a.m.13 views

in mruby/mruby

Description Using out of range pointer occurs in entrydeletedp. commit : ad3ce7b41c4375f818d02a24e6a09cbc790048c9 Proof of Concept $ echo -ne "MC5TJDAsKir9PTAsdjowLHY6MA==" | base64 -d poc ASAN $ ./bin/mruby.asan poc AddressSanitizer:DEADLYSIGNAL...

4.3CVSS2.8AI score0.00914EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 6:51 a.m.33 views

in unshiftio/url-parse

Description Incorrect conversion of @ in protocol in the href leads to improper validation of hostname. Proof of Concept Url-parse is not able to verify broken protocol. This will allow to bypass hostname validation. parse = require'url-parse' console.logparse"http:@/127.0.0.1" Now imagine if the...

5CVSS0.7AI score0.01535EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/14 4:58 a.m.16 views

Improper Authorization in chocobozzz/peertube

Description The app doesn't check the status of video when making data changes. Normal users can create new comment or reply comment in private videos. Proof of Concept note: I'm using instance p.lu for testing - Step 1: Login as video test1 and upload private video. Get video ID of private video...

5.5CVSS5.4AI score0.00667EPSS
Exploits1
Huntr
Huntr
added 2022/02/14 4:30 a.m.29 views

Improper Access Control in chocobozzz/peertube

Description The app doesn't check the status of video when making data changes. Normal users can rating like or dislike in private videos. Proof of Concept note: I'm using instance p.lu for testing - Step 1: Login as video test1 and upload private video. Get video ID of private video - Step 2: Ca...

5.5CVSS0.1AI score0.00667EPSS
Exploits1
Huntr
Huntr
added 2022/02/13 7:42 p.m.32 views

Improper Access Control in salesagility/suitecrm

Description In SuiteCRM v7.12.4, affecting Users Module, any user with the User Type as Regular User could modify other users profiles via the update profile section. The prerequisite of this attack is by knowing the user record ID and username User Name respectively. The user records ID can be...

4CVSS4.8AI score0.0065EPSS
Exploits1
Huntr
Huntr
added 2022/02/13 4:43 p.m.6 views

Improper Access Control in liangliangyy/djangoblog

Description "formvalid" function in comments/views.py file performs the task of saving user comments. However, this function doesn't check the status of article, so users can leave comments on draft article or public article with commentstatus is off. Proof of Concept - Step 1: Login as admin in...

7AI score
Exploits0
Huntr
Huntr
added 2022/02/13 9:39 a.m.25 views

in microweber/microweber

Description Sensitive information as part of the error is getting disclosed while viewing comments from "loadmodule:commentssearch=" Proof of Concept 1. Login to https://demo.microweber.org 2. Visit https://demo.microweber.org/demo/admin/view:modules/loadmodule:commentssearch= 3. Now enter anythi...

5CVSS0.3AI score0.06923EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/13 8:11 a.m.17 views

Open Redirect in microweber/microweber

Description An Open Redirect vulnerability enables attacker to redirect the victims/users to malicious websites. The bug exists due to improper fix of https://huntr.dev/bounties/c9d586e7-0fa1-47ab-a2b3-b890e8dc9b25/. By adding an extra slash / the previous fix can be bypassed. Proof of Concept...

5.8CVSS0.6AI score0.03019EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/13 8:0 a.m.29 views

Business Logic Errors in microweber/microweber

Description The product is vulnerable to Business Logic error through negative product amount. Proof of Concept Step 1: Login to the application, Navigate to Shops - Products - Add Product Step 2: Fill in all the required details with Pricing parameter as -100 and click on save. Here an item is...

4CVSS1.9AI score0.0061EPSS
Exploits1
Huntr
Huntr
added 2022/02/13 2:30 a.m.24 views

Cross-site Scripting (XSS) - Stored in librenms/librenms

Description Stored XSS in create/modify Transport Groups, Add/Edit Service and Edit Service Template Proof of Concept Payload: ' PoC image: Xss payload in create/modify Transport Groups Xss payload in Add/Edit Service Xss payload in Edit Service Template XSS will fire-up by user visiting: 1...

3.5CVSS5.3AI score0.00834EPSS
Exploits1
Huntr
Huntr
added 2022/02/13 1:39 a.m.22 views

Improper Authorization in librenms/librenms

Description LibreNMS v22.1.0 allows users with the normal role/level to interact with the plugin setting resulting in the users could take action such as switching on/off any installed plugins which are supposedly accessible by the Administrator only. Proof of Concept Affected endpoints: 1 GET...

4CVSS0.7AI score0.01004EPSS
Exploits1
Huntr
Huntr
added 2022/02/13 12:50 a.m.18 views

Exposure of Sensitive Information to an Unauthorized Actor in librenms/librenms

LibreNMS v22.1.0 allows users with the normal role/level to view/access the alert transport details. The alert transport may expose sensitive information to an actor that is not explicitly authorized to have access to that information which are supposedly accessible by the Administrator only. Pro...

4CVSS0.5AI score0.01054EPSS
Exploits1
Huntr
Huntr
added 2022/02/12 10:13 p.m.25 views

Improper Access Control in librenms/librenms

Description Improper Access Control vulnerability in LibreNMS v22.1.0 allows attackers with the normal role/level to interact with port-groups functionality such as create, edit/modify and delete the existing port group. The port-groups functionality fails to enforce policy such that normal users...

6.5CVSS7.6AI score0.01149EPSS
Exploits1
Huntr
Huntr
added 2022/02/12 9:28 p.m.29 views

Cross-site Scripting (XSS) - Generic in librenms/librenms

Description Cross-Site Scripting vulnerability in LibreNMS v22.1.0 which allows attackers to execute arbitrary javascript code which affected Alerts module Alert Transport in Transport name field. Proof of Concept Endpoint: 1 POST http://HOST/ajaxform.php - Parameter name Payload: ' XSS will...

4.3CVSS0.2AI score0.00998EPSS
Exploits1
Huntr
Huntr
added 2022/02/12 7:20 p.m.21 views

Cross-site Scripting (XSS) - Stored in librenms/librenms

Description Cross-Site Scripting vulnerability in LibreNMS v22.1.0 which allows attackers to execute arbitrary javascript code in the browser of a victim which affected Devices module Add Device in sysName, Hardware and Community fields. Proof of Concept Endpoint: 1 POST http://HOST/addhost...

3.5CVSS0.2AI score0.00847EPSS
Exploits1
Huntr
Huntr
added 2022/02/12 5:11 p.m.25 views

SQL Injection in salesagility/suitecrm

Description In SuiteCRM v7.12.4, a malicious user can inject SQL query in order to affect the execution of predefined SQL commands impacting database leakage. Proof of Concept The $POST'record'1 parameter is controllable by a user and it is concatenated into SQL query 2 without validating them...

4CVSS0.1AI score0.00795EPSS
Exploits1
Huntr
Huntr
added 2022/02/12 5:7 p.m.37 views

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

Description The Authorization header leaks from same hostname https-http redirect. If https://example.com redirects to http://example.com, then an attacker who can listen in on the wire or perform a MITM attack will be able to receive the Authorization header due to the use of the insecure HTTP...

6.7AI score0.07443EPSS
Exploits2References1
Huntr
Huntr
added 2022/02/12 5:2 p.m.88 views

Insecure Storage of Sensitive Information in chatwoot/chatwoot

BUG ======== Stored xss via referer url allow to hijack victim access-token STEP TO REPRODUCE =================== 1. From admin account goto https://app.chatwoot.com/app/accounts/42689/settings/inboxes/list and create a inbox of type website .\ Now get you configuration script from this inbox and...

4.9CVSS5.6AI score0.00614EPSS
Exploits1
Huntr
Huntr
added 2022/02/12 1:53 p.m.20 views

Heap-based Buffer Overflow in mruby/mruby

Description Heap Overflow occurs in mrbfsend. commit : 38b164ace7d6ae1c367883a3d67d7f559783faad Proof of Concept $ echo -ne "c2VuZCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5kIiwic2Vu ZCIsInNlbmQiLCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5kIiwic2VuZCIsInNlbmQiCg==" | base64 -d poc ASAN ...

7.5CVSS8AI score0.00908EPSS
Exploits1
Huntr
Huntr
added 2022/02/12 12:13 p.m.61 views

Cross-site Scripting (XSS) - Reflected in gnuboard/gnuboard5

Description https://github.com/gnuboard/gnuboard5/blob/v5.4.22/mobile/shop/lg/mispwapurl.phpL7 has no filtering for the variable. So, Attackers can trigger Reflected XSS via $GET'LGDOID' Proof of Concept /mobile/shop/lg/mispwapurl.php?LGDOID=%3Cscript%3Ealert1%3C/script%3E Impact Attacker can...

3.6AI score
Exploits0
Huntr
Huntr
added 2022/02/11 11:41 p.m.19 views

Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it

Description An attacker can enumerate users through the response message in the password reset page. When you visit the password reset page, you will be provided with the option to enter your email address. Let's use two different emails, one will be a valid address, and another will be an invali...

4.3CVSS4.5AI score0.01041EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/11 11:27 p.m.21 views

in snipe/snipe-it

Description An attacker can enumerate users through the response time in the password reset page. When you visit the password reset page, you will be provided with the option to enter your email address. Let's use two different emails, one will be a valid address, and another will be an invalid...

5CVSS5.2AI score0.00972EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/11 1:21 p.m.12 views

in liangliangyy/djangoblog

Description The application leaked emails of unvalidated users to anonymous user. Proof of Concept - Step 1: Go to http://127.0.0.1:8000/register and create account. After create success, you will receive URL like http://127.0.0.1:8000/account/result.html?type=register&id=4 - Step 2: Open another...

1AI score
Exploits0
Huntr
Huntr
added 2022/02/11 1:15 p.m.37 views

Cross-site Scripting (XSS) - Reflected in orchardcms/orchardcore

Description Reflected XSS is found under DesignShortcodeNew Shortcode Proof of Concept POC Video https://drive.google.com/file/d/1yFfa7g8MMUvJrrKTpJXZEHhQLRSZ1Cii/view?usp=sharing Impact Through this vulnerability, an attacker is capable to execute malicious scripts...

3.5CVSS0.8AI score0.00609EPSS
Exploits1
Huntr
Huntr
added 2022/02/11 11:33 a.m.25 views

Improper Privilege Management in snipe/snipe-it

Description It was found that if a user is not having access to supplier module, he can access and view the supplier content. Proof of Concept 1. Create two users, one admin and one normal user 2. A normal user is not having access to the supplier module. 3. But by enumeration the normal user vie...

4CVSS1.2AI score0.01017EPSS
Exploits1
Huntr
Huntr
added 2022/02/11 10:0 a.m.61 views

Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url

Description First Assume this example var parseUrl = require"parse-url" parseUrl"http://[email protected]:[email protected]/path/name?foo=bar&bar=42some-hash" that return : protocols: "http" protocol: "http" port: null resource: "[email protected]" user: "" pathname:...

5CVSS5.8AI score0.01104EPSS
Exploits1
Huntr
Huntr
added 2022/02/11 7:58 a.m.18 views

Cross-site Scripting (XSS) - Reflected in cortezaproject/corteza-server

Description The logout function doesn't clean/filter value of "back" parameter before reflecting into html code leading to Reflected XSS vulnerability. Proof of Concept Visit URL: https://latest.cortezaproject.org/auth/logout?back=%22%3E%3Cscript%3Ealertorigin%3C/script%3E%3C%22 Poc:...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/02/11 3:44 a.m.30 views

Code Injection in publify/publify

Description The application doesn't check/filter the comments provided by the user before save to database. Attacker can't insert js code to steal admin's data but can insert html code, leads to many information security risks. Proof of Concept - Step 1: Go to...

6.4CVSS0.1AI score0.00837EPSS
Exploits1
Huntr
Huntr
added 2022/02/11 3:7 a.m.27 views

Heap-based Buffer Overflow in vim/vim

Description Heap overflow occurs in exretab. commit : 414acd342f4a66d930da34d419929985b48bd301 Proof of Concept $ echo -ne "ZnUgUihiLG4pCmxldCBvbGRfdGFic3RvcD0mdGFic3RvcApleGUicmV0ImE6bgppZiBhOm4KZXhl J3NlIHRhYnN0b3A9Jy5vbGRfdGFic3RvcAplbApjYWwgbCgiIixSKCcnLDQpCmNhbCBsKCIiLFIo...

6.8CVSS1.7AI score0.26583EPSS
Exploits1
Huntr
Huntr
added 2022/02/10 10:32 p.m.30 views

in gravitl/netmaker

Description Netmaker is an applicaton that enable easly deployment of a mesh vpn based on Wiregaurd. To authenticate and manage users throughout the application, it is used JWT tokens. The secret key used to sign these tokens is hard-coded in the code, which means they can be faked. So, an attack...

10CVSS9.4AI score0.01674EPSS
Exploits1
Huntr
Huntr
added 2022/02/10 9:3 p.m.29 views

Exposure of Sensitive Information to an Unauthorized Actor in fgribreau/node-request-retry

Exposure of Sensitive Information to an Unauthorized Actor in FGRibreau/node-request-retry Reported on Feb 10 2022 | Timothee Desurmont Vulnerability type: CWE-200 Bug Cookies are leaked to external sites. Description js request$mysite/redirect.php?url=$attacker/, options When fetching a Redirect...

5CVSS8AI score0.01401EPSS
Exploits1
Huntr
Huntr
added 2022/02/10 8:39 p.m.9 views

Inefficient Regular Expression Complexity in gitpython-developers/gitpython

Description In the latest version of GitPython cd29f07b I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service Proof of Concept PoC based on code in git/remote.py Python import logging import re logging.basicConfigformat='%asctimes - %levelnames:...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2022/02/10 5:4 p.m.11 views

in snipe/snipe-it

Description unprivileged user can get supplier Proof of Concept 1. Create regular user and set DENY to all permissions in asset and supplier models.\ 2. Login as the user and sent bellow request to get supplier await fetch"https://demo.snipeitapp.com/api/v1/suppliers/selectlist?page=1",...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/02/10 4:27 p.m.23 views

Improper Access Control in publify/publify

Description Article in draft mode can only be accessed by admins who have permission to manage article. Anonymous users can't view but can leave comments on article in draft mode. The cause of the vulnerability is that the draft article is setting to comment enabled and createcomment function onl...

6.4CVSS0.3AI score0.00787EPSS
Exploits1
Huntr
Huntr
added 2022/02/10 3:54 p.m.22 views

Improper Privilege Management in snipe/snipe-it

Description Unprivilege user can create maintainance for asset Proof of Concept 1. Create regular user and set DENY to all permissions in asset models.\ 2. Login as the user and sent bellow request to create maintainance for asset await fetch"https://demo.snipeitapp.com/hardware/maintenances",...

6.5CVSS1AI score0.01182EPSS
Exploits1
Huntr
Huntr
added 2022/02/10 9:24 a.m.33 views

Path Traversal in pimcore/pimcore

Description The application doesn't perform a check/filter against the value of "importFile" parameter at endpoint "/admin/translation/import". After the API is executed, PHP unlink function will proceed to delete the file. Proof of Concept - Step 1: Login as admin at...

5.5CVSS5.7AI score0.01483EPSS
Exploits1
Total number of security vulnerabilities4072