Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/01/29 6:53 a.m.32 views

Heap-based Buffer Overflow in vim/vim

Description Heap Overflow in exretab. This issue was created to separate the previous issue. This bug has already been fixed with patch 8.2.4245. Proof of Concept $ echo -ne "bm9ybTBvMDAwMDAwMDAwMDAwMDAwMDAwMDD/MJMwMDAKc2lsIW5vcm0WYxwwMAkwCmZ1IFJldGFi...

6.8CVSS0.3AI score0.01541EPSS
Exploits1
Huntr
Huntr
added 2022/01/28 7:34 p.m.28 views

in radareorg/radare2

NULL pointer dereference in loadbuffer radare2 suffers from a NULL pointer dereference error in loadbuffer of binxnukernelcache.c Environment date Fri Jan 28 11:03:53 PST 2022 uname -ms Linux x8664 ./radare2 -v radare2 5.5.5 27531 @ linux-x86-64 git.5.5.4 commit:...

4.3CVSS1.6AI score0.00935EPSS
Exploits1
Huntr
Huntr
added 2022/01/28 6:10 p.m.9 views

Cross-site Scripting (XSS) - Reflected in phpipam/phpipam

Description Reflected XSS attacks AKA non-persistent attacks when a malicious script is reflected off of a web application to the victim’s browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. The...

6.2AI score
Exploits0
Huntr
Huntr
added 2022/01/28 9:16 a.m.13 views

Business Logic Errors in dolibarr/dolibarr

Description Dolibarr is vulnerable to Business Logic Errors in the Weight, Length x Width x Height, Area, Volume fields of a Product since these values can be negative numbers. Proof of Concept 1.After login, in the top menu bar, click Products 2.In the left menu bar, click List to view the list ...

4CVSS1.1AI score0.00914EPSS
Exploits1
Huntr
Huntr
added 2022/01/28 8:42 a.m.9 views

Open Redirect in alanaktion/phproject

Description Open Redirect in Login page due to unchecked to parameter. Proof of Concept Send users the following link https://demo.phproject.org/login?to=//example.com After users use their registered account to login, they will be redirected to example.com Impact By modifying the URL value to a...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/01/28 5:51 a.m.14 views

Open Redirect in alanaktion/phproject

Description Bypass open redirect protection Proof of Concept patch for this report https://huntr.dev/bounties/1183df1a-5243-42f9-a263-267b92444b03/ easily can be bypassed Bypass url https://demo.phproject.org/login?to=//example.com...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/01/28 4:1 a.m.31 views

None in vim/vim

Description Use after free occurs in skipwhite function charset.c:1474. commit : 166788c657f4b1090a31ea37a023b1f2c78790c8 Proof of Concept $ echo -ne "ZnUgUmUwYTAoZyxuKQp+CnMvCnIwIzAKZW5kZgpzL1wlJykvXD1hMDAwKDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwLCBSZTBhMCgnJywwMDApMDA=" | base64 -d...

6.8CVSS1.3AI score0.01395EPSS
Exploits1
Huntr
Huntr
added 2022/01/27 6:59 p.m.35 views

Heap-based Buffer Overflow in vim/vim

Description Heap-buffer-overflow on read in yankcopyline This issue was created to separate this one and was fixed with Patch 8.2.4219. Proof of Concept Steps to reproduce: echo -n c2lsIW5vcm0wbxSA/zAWenk= | base64 -d heapowpoc3 vim -u NONE -i NONE -n -X -Z -e -m -s -S heapowpoc3 -c :qa! Sanitize...

6.8CVSS6.2AI score0.01161EPSS
Exploits1
Huntr
Huntr
added 2022/01/27 3:42 p.m.18 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Livehelperchat is vulnerable to stored cross site scripting. Proof of Concept 1 . Login to the demo account 2 . Go to settings -- Live help configuration --Visual settings for the visitor -- widget theme --new -- name field 3 . Add payload in name field and click save 4 . Go to settin...

3.5CVSS0.1AI score0.00547EPSS
Exploits1
Huntr
Huntr
added 2022/01/27 2:6 p.m.16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Stored XSS at the Name and Surname fields in the User account page. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to User account page https://demo.livehelperchat.com/siteadmin/user/account 2.In the Name and Surname fields,...

3.5CVSS0.0064EPSS
Exploits1
Huntr
Huntr
added 2022/01/27 5:24 a.m.28 views

Business Logic Errors in crater-invoice/crater

Description It is found that comapny currency can not be changed since the field is disabled as shown in the screenshot but it can be changed by tampering the parameter. Proof of Concept Actual Request POST /api/v1/company/settings HTTP/1.1 Host: demo.craterapp.com User-Agent: Mozilla/5.0 Windows...

4CVSS6.4AI score0.00942EPSS
Exploits1
Huntr
Huntr
added 2022/01/27 5:4 a.m.23 views

Cross-site Scripting (XSS) - Stored in microweber/microweber

Description Stored XSS occurs when changing a user's profile Proof of Concept txt XSS POC : "alertdocument.domain 1. Open the https://demo.microweber.org/demo/admin 2. Go to "Users" "Edit profile" 3. Change the value of "First Name" to XSS PoC 4. Refresh Impact Through this vulnerability, an...

3.5CVSS0.4AI score0.00631EPSS
Exploits1
Huntr
Huntr
added 2022/01/27 4:28 a.m.7 views

in delgan/loguru

Description Loguru is vulnerable to log injection on all logging methods as it is possible to inject newlines "\n" which will create a new log entry in the logfile. This can lead to attackers tampering with logs and a loss of integrity of the log files as a result Proof of Concept from loguru...

2AI score0.01268EPSS
Exploits1References2
Huntr
Huntr
added 2022/01/27 4:7 a.m.44 views

Cross-Site Request Forgery (CSRF) in crater-invoice/crater

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

4.3CVSS4.3AI score0.00422EPSS
Exploits1
Huntr
Huntr
added 2022/01/27 2:45 a.m.12 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS is found in SettingsLive help configurationDepartments-Departments groups-edit When a user creates a new webhook under the NAME field and puts a payload constructor.constructor'alert1', the input gets stored, at user edit groupname , the payload gets executed. Proof of...

3.5CVSS0.00634EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/27 12:46 a.m.36 views

Stack-based Buffer Overflow in vim/vim

Description Stack overflow occurs in spellsuggest.c. commit : 44db8213d38c39877d2148eff6a72f4beccfb94e Proof of Concept $ echo -ne "bm9ybRZzMDAwRzAw/TAwMDAwMDAwMDAwMApzaWwwbm9ybS4udnpHLi4uLi4uLi4uLi4uLi4uLnZ2 ekcwICAgICB2IHo9" | base64 -d minimizedpoc Valgrind $ ./vg-in-place -s...

6.8CVSS8.2AI score0.01505EPSS
Exploits1
Huntr
Huntr
added 2022/01/26 9:42 p.m.11 views

Use of a Broken or Risky Cryptographic Algorithm in x360ce/x360ce

Description The password-generation algorithm used in the function NewPassword simply adds bias to the output password instead of making it easier to remember. Proof of Concept - Use the NewPassword function a large amount of times and store the output. - Look at the frequency of each character o...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/01/26 9:33 p.m.10 views

in x360ce/x360ce

Description x360ce uses the .NET Random and Guid classes to generate random numbers/bytes that are used for sensitive purposes . Proof of Concept None provided. Impact This vulnerability is capable of allowing attackers to predict sensitive information on x360ce's backend see the 'occurances'...

3.6AI score
Exploits0
Huntr
Huntr
added 2022/01/26 3:40 p.m.221 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Vuln : Stored XSS Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you change the value of name at "Setinngs" = "Website Settings" in the pimcore service. Proof of Concept...

3.5CVSS0.1AI score0.01438EPSS
Exploits1
Huntr
Huntr
added 2022/01/26 8:16 a.m.20 views

Cross-site Scripting (XSS) - DOM in tastyigniter/tastyigniter

Description TastyIgniter provides a professional and reliable platform for restaurants wanting to offer online food ordering and table reservation to their customers. this is vulnerable for stored xss Proof of Concept Impact This vulnerability is capable of Stored XSS...

3.5CVSS2.6AI score0.00708EPSS
Exploits1
Huntr
Huntr
added 2022/01/26 7:57 a.m.16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Stored XSS at the Name field in the Admin themes of System configuration. Payload constructor.constructor'alert1' Steps to reproduce 1.Login then go to Setting - Live help configuration tab 2.Click on Admin themes in Visual settings for the admin sectio...

3.5CVSS0.2AI score0.007EPSS
Exploits1
Huntr
Huntr
added 2022/01/26 7:20 a.m.15 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS is found in ModuleFormsList of formsNew. Use payload constructor.constructor'alert1' while creating form, and you will see that the input gets stored, and every time the user visits, the payload gets executed. Proof of Concept Impact Through this vulnerability, an attacker ...

3.5CVSS1.2AI score0.00687EPSS
Exploits1
Huntr
Huntr
added 2022/01/26 5:17 a.m.37 views

Path Traversal in gruntjs/grunt

Description Grunt is a JavaScript task runner, a tool used to automatically perform frequent tasks such as minification, compilation, unit testing, and linting. In GruntJS, file.copy operations in GruntJS are not protected against symlink traversal for both source and destination directories...

2.1CVSS0.4AI score0.00571EPSS
Exploits1
Huntr
Huntr
added 2022/01/25 5:25 p.m.27 views

in vim/vim

Description Out of bound 1 byte read in vim. commit : 06b77229ca704d00c4f138ed0377556e54d5851f Proof of Concept $ echo -ne "c2lsMG5vcm0WcTAHMA==" | base64 -d minimizedpoc valgrind $ ./vg-in-place -s ./vim -u NONE -i NONE -n -X -Z -e -s -S ./minimizedpoc -c ":qa!" ==3442167== Invalid read of size ...

5.8CVSS7.1AI score0.01393EPSS
Exploits1
Huntr
Huntr
added 2022/01/25 12:30 p.m.38 views

Heap-based Buffer Overflow in vim/vim

Description Heap-buffer-overflow on write in vim This issue was created to separate this one and was fixed with Patch 8.2.4218. Proof of Concept Steps to reproduce: echo -n bm9ybTBRgFBTMP8wMDCysDAwMDAwMDAwMDAwMDAw/zD/g7IwMDAwMDAwMDAwjjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAD | base64 -d heapowpoc2 vim ...

6.8CVSS8.2AI score0.01514EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/25 11:49 a.m.15 views

SQL Injection in star7th/showdoc

Description The uid parameter does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection. Proof of Concept Time based: POST /server/index.php?s=/api/adminUser/addUser HTTP/1.1 Content-Type: application/x-www-form-urlencoded Accept:...

7.5CVSS0.6AI score0.01439EPSS
Exploits1
Huntr
Huntr
added 2022/01/25 10:28 a.m.5 views

Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework

Description stored xss vulnerability occurs when you change the value of Description at "Customer Management Framework" = "Customer automation rules" = "New Customers" = "Description" in the pimcore service. Proof of Concept txt XSS POC : 1. Open the https://10.x-dev.pimcore.fun/admin/ 2. After...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/01/25 8:57 a.m.38 views

Improper Authorization in janeczku/calibre-web

Description With default settings, low-level users will not have permission to edit the sort order of books in private shelf of another user. However, due to incorrect checking, the application does not work as intended. Proof of Concept - Step 1: Login with admin account and go to...

4CVSS0.00653EPSS
Exploits1
Huntr
Huntr
added 2022/01/25 8:37 a.m.7 views

Cross-site Scripting (XSS) - Stored in pimcore/data-hub

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you change the value of Group at "Datahub" in the pimcore service. Proof of Concept XSS POC : " txt 1. Open the...

Exploits0
Huntr
Huntr
added 2022/01/25 5:18 a.m.18 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS is found in SettingsLive help configurationPersonal Themestatic content. Under the NAME field put a payload constructor.constructor'alert1' while creating content, and you will see that the input gets stored, and every time the user visits, the payload gets executed. Proof ...

3.5CVSS1AI score0.00766EPSS
Exploits1
Huntr
Huntr
added 2022/01/25 4:14 a.m.73 views

in star7th/showdoc

Description There is a filter to prevent upload php, HTML, svg filetype in the code snippet from line 115 to line 122 in AttachmentController.class.php: if strstrstriptagsstrtolower$uploadFile'name', ".php" || strstrstriptagsstrtolower$uploadFile'name', ".htm" ||...

6.8CVSS0.5AI score0.00928EPSS
Exploits1
Huntr
Huntr
added 2022/01/24 4:2 p.m.15 views

Cross-Site Request Forgery (CSRF) in requarks/wiki

Note: Not a vulnerability in ExpressJS Description Fix can by bypassed. Express treats routes as case insensitive while req.path is case sensitive. The fix in the previous report was to check if req.path === "/u"...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/01/24 2:53 p.m.33 views

in vim/vim

Description A heap-based OOB read of size 4 occurs when a user tries to open a vim session file specified below. This happens regardless of any command line options that could be specified to restrict vim, such -Z and -m. This bug has been found on default vim build lastest commit hash...

6.8CVSS8.1AI score0.01521EPSS
Exploits1
Huntr
Huntr
added 2022/01/24 11:41 a.m.17 views

Improper Authorization in liukuo362573/yishaadmin

Description When downloading files using the /admin/File/DownloadFile?filePath= URI, you're able to download any file you want, as long as you know the path of the file, even as an unauthenticated user. This means that an unauthenticated user could download the /etc/passwd/ file or any file that...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/01/24 10:8 a.m.39 views

Heap-based Buffer Overflow in vim/vim

Description 2 Heap-buffer-overflow on write in vim 1 Heap-buffer-overflow on read in vim Heap-buffer-overflow on write in vim 1 Proof of Concept Steps to reproduce: echo -n cmV0ODAwCnMvXHYvCQpzZSBhaQpzaWwwbm9ybTppDQ== | base64 -d heapowpoc1 vim -u NONE -i NONE -n -X -Z -e -m -s -S heapowpoc1 -c...

6.8CVSS8.3AI score0.01339EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/24 9:21 a.m.32 views

Heap-based Buffer Overflow in vim/vim

Description - Heap Overflow and arbitrary 41 bytes write. - Unsorted bin doubly linked list corruption. - commit hash : 058ee7c5699ef551be5aa04c66b3cffc436e9b08 Proof of Concept $ echo -ne "bm9ybTBv7wX//wUwIDUwMDAwMDAwezAtMDAwMP/yAAD6MDAwMDAwMDAwMDQwKSkpMDAQMDAwMDAw...

6.8CVSS0.1AI score0.01566EPSS
Exploits1
Huntr
Huntr
added 2022/01/24 8:36 a.m.23 views

Exposure of Sensitive Information to an Unauthorized Actor in httpie/httpie

Description All cookies saved to session storage are supercookies. Proof of Concept in /etc/hosts 127.0.0.1 host1.example.com 127.0.0.1 host2.example.net headers-helper.rpy; run with twist web --resource-script= and it'll run on 8080 from pprint import pformat from twisted.web.resource import...

5CVSS4.5AI score0.01272EPSS
Exploits1
Huntr
Huntr
added 2022/01/24 7:55 a.m.39 views

Improper Authentication in liukuo362573/yishaadmin

Description Hi, I would like to report an improper authentication vulnerability in https://www.github.com/liukuo362573/yishaadmin. Endpoint "/admin/OrganizationManage/User/ExportUserJson" does not require any authentication and return xls file contain users data like username, fullname, email,...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/01/24 5:18 a.m.12 views

Heap-based Buffer Overflow in gpac/gpac

Description Heap-based Buffer Overflow in gpac Proof of Concept Version: MP4Box - GPAC version 1.1.0-DEV-rev1659-g7d3281e88-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929...

Exploits0
Huntr
Huntr
added 2022/01/24 4:38 a.m.22 views

Improper Access Control in liukuo362573/yishaadmin

Description YiShaAdmin is vulnerable to Improper Access Control via the /admin/SystemManage/LogApi/GetPageListJson endpoint. Anyone can view the Log API of the YiShaAdmin without any authentication. This API contains the sensitive information include: ExecuteURL, ExecuteParam, ExecuteTime,...

1.1AI score
Exploits0
Huntr
Huntr
added 2022/01/24 4:11 a.m.34 views

Cross-site Scripting (XSS) - Stored in vanessa219/vditor

Description The Vanessa219/vditor is a markdown editor supported by browsers. If the user passes javascript:alertdocument.domain as the URL value when creating a link using the markdown syntax, there is no sanitizing process and the link is created as it is. Proof of Concept txt XSS PoC : xss 1...

3.5CVSS5.5AI score0.00538EPSS
Exploits1
Huntr
Huntr
added 2022/01/24 3:47 a.m.14 views

Improper Authentication in liukuo362573/yishaadmin

Description Hi there, there is another improper authorization at /admin/SystemManage/LogOperate/GetFormJson, this will allow anyone to view yishaadmin log without logging in. Proof of Concept 1. Access the link http://106.14.124.170/admin/SystemManage/LogOperate/GetFormJson?id=405689053455847424...

1AI score
Exploits0
Huntr
Huntr
added 2022/01/24 3:41 a.m.17 views

Improper Privilege Management in liukuo362573/yishaadmin

Description Hi there, there is another improper privilege management in /admin/OrganizationManage/Position/GetFormJson Proof of Concept 1. Access the link http://106.14.124.170:80/admin/OrganizationManage/Position/GetFormJson?id=16508640061130139 2. See that the page return with position data...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/01/24 3:30 a.m.15 views

Improper Authorization in liukuo362573/yishaadmin

Description Hi there, there is another Improper authorization in /admin/OrganizationManage/Department/GetFormJson Proof of Concept 1. Open link http://106.14.124.170/admin/OrganizationManage/Department/GetFormJson?id=16508640061124402 without logging in demo page. 2. See that department data is...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/01/24 3:16 a.m.36 views

Improper Access Control in janeczku/calibre-web

Description With default settings, low-level users will not have permission to read name of private shelf shelf create by another user and not in public mode. However, due to incorrect HTML render, the application does not work as intended. Proof of Concept - Step 1: Login with admin account and ...

4CVSS0.00747EPSS
Exploits1
Huntr
Huntr
added 2022/01/23 5:21 p.m.31 views

in vim/vim

Description Stack Pointer $RSP is corrupted at function eval7t in eval.c during calling eval3, eval4, eval5, eval6, eval7... continuously while parsing too many brackets. vim version : 8.2.4195 latest commit hash : 79a6e25b79cdb35e00d8b364516103eb358d8cc7 Proof of Concept $ echo -ne...

4.6CVSS9.3AI score0.00609EPSS
Exploits1
Huntr
Huntr
added 2022/01/23 3:24 a.m.23 views

Cross-site Scripting (XSS) - Stored in vanessa219/vditor

Description The Vanessa219/vditor is a markdown editor supported by browsers. When a user creates a link using the markdown syntax, the server does not URL-encode the double-quotes, so the user can escape the href attribute and trigger XSS using the on attribute. Proof of Concept txt XSS PoC : xs...

3.5CVSS0.5AI score0.00464EPSS
Exploits1
Huntr
Huntr
added 2022/01/23 3:4 a.m.25 views

Heap-based Buffer Overflow in radareorg/radare2

Description This vulnerability is of out-of-bound read which accesses the address beyond/past the buffer. The bug exists in latest stable release radare2-5.5.4 and lastest master branch ed2030b79e68986bf04f3a6279463ab989fe400f, updated in Jan 22, 2022. Specifically, the vulnerable code is located...

5.8CVSS6.5AI score0.01005EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/23 2:52 a.m.26 views

None in radareorg/radare2

Description This vulnerability is of type Expired Pointer Dereference or specifically, use-after-free. The bug exists in latest stable release radare2-5.5.4 and lastest master branch ed2030b79e68986bf04f3a6279463ab989fe400f, updated in Jan 22, 2022. Specifically, the vulnerable code located at...

6.8CVSS7.8AI score0.01097EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/22 3:30 p.m.20 views

in radareorg/radare2

Description This vulnerability is of out-of-bound read which accesses the address beyond/past the buffer. The bug exists in latest stable release radare2-5.5.4 and lastest master branch ed2030b79e68986bf04f3a6279463ab989fe400f, updated in Jan 22, 2022. Specifically, the vulnerable code and the...

5.8CVSS6.5AI score0.00954EPSS
Exploits1References1
Total number of security vulnerabilities4072