Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/01/22 3:18 p.m.18 views

None in radareorg/radare2

Description This vulnerability is of type use-after-free. And after quick investigation I think it is very likely to be successfully exploited to remote code execution. The bug exists in latest stable release radare2-5.5.4 and lastest master branch ed2030b79e68986bf04f3a6279463ab989fe400f, update...

6.8CVSS8AI score0.01097EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/22 2:40 p.m.21 views

in radareorg/radare2

Description This vulnerability is of out-of-bound read which accesses the address beyond/past the buffer. The bug exists in latest stable release radare2-5.5.4 and lastest master branch ed2030b79e68986bf04f3a6279463ab989fe400f, updated in Jan 22, 2022. Specifically, the vulnerable code and the...

5.8CVSS6.4AI score0.00958EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/22 2:18 p.m.23 views

in radareorg/radare2

Description This vulnerability is of out-of-bound read which is caused by negative buffer index. The bug exists in latest stable release radare2-5.5.4 and lastest master branch ed2030b79e68986bf04f3a6279463ab989fe400f, updated in Jan 22, 2022. Specifically, the vulnerable code is highlighted out ...

5.8CVSS6.5AI score0.00958EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/22 12:13 p.m.6 views

Static Code Injection in gibbonedu/core

Description The file export.php accepts a directory in the q parameter. We can upload a txt file in the server with our php exploit on it and pass its location in the q parameter, then the php exploit in the uploaded txt file will be executed Proof of Concept 1. Upload a txt file. Inside the txt...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/01/22 11:45 a.m.7 views

Cross-site Scripting (XSS) - Reflected in gibbonedu/core

Description There's a reflected xss in the tab parameter in both the student dashboard and the staff dashboard Proof of Concept Visit http://localhost/gibon/index.php?tab=asd%3C/script%3E%3Csvg/onload=alert1%3E Impact This vulnerability is result to xss which then can be used to achieve more thin...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/01/22 9:17 a.m.19 views

Improper Authentication in liukuo362573/yishaadmin

Description Hi there yishaadmin maintainer, I would like to report an improper authentication vulnerability in yishaadmin source code. The link /admin/OrganizationManage/User/GetFormJson?id=user-id does not require any authentication and return sensitive user data for anyone like username, gender...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/01/22 9:10 a.m.15 views

Improper Authorization in liukuo362573/yishaadmin

Description Hi there yisshadmin team, I would like to report an improper authorization in yishaadmin source code. The link /admin/ToolManage/Server/ServerIndex requires no authorization and available for anyone to view server information like IP, RAM, CPU... Proof of Concept 1. Access the link...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/01/22 8:55 a.m.18 views

Improper Privilege Management in liukuo362573/yishaadmin

Description Hi there yishaadmin maintainer team, I would like to report an improper privilege management in yishaadmin source code. The link /admin/ToolManage/Server/GetServerJson requires no authentication and accessible for everyone, which returns server info like RAM, CPU usage. Proof of Conce...

0.9AI score
Exploits0
Huntr
Huntr
added 2022/01/22 6:14 a.m.20 views

Cross-site Scripting (XSS) - Stored in microweber/microweber

Description There is a persistent XSS Vulnerability exsists in the checkout page where we can able to execute any javascription in the last name field...

3.5CVSS2.7AI score0.00856EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/21 4:4 p.m.19 views

in jsdecena/laracom

Description Hi there, I would like to report a vulnerability that allows a hacker to upload dangerous file type in jsdecena/laracom. Attacker must have an account with permission to Edit Product E.g. Clerk role. Then, he can upload malcious file with extensions such as html, svg,... which leads t...

3.5CVSS5.8AI score0.00792EPSS
Exploits1
Huntr
Huntr
added 2022/01/21 10:24 a.m.10 views

Improper Privilege Management in heroiclabs/nakama

Description A predefined View Only user has access to the User Management function at the :7351//users endpoint. By default this is a predefined system administrator function, and no other users should be able to access this function. Proof of Concept - Create a View-only user with the...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/01/21 9:57 a.m.21 views

in heroiclabs/nakama

Description It is possible to enumerate usernames via the Log-In function. Proof of Concept The login response provides information, whether the username is registered or not in the application. If the user is registered, and wrong password provided, the following information being displayed:...

2.6AI score
Exploits0
Huntr
Huntr
added 2022/01/21 9:30 a.m.34 views

Cross-site Scripting (XSS) - Reflected in pimcore/data-hub

Description pimcore Datahub is vulnerable to Reflected XSS in the Path of Documents, Assets and Objects in the Security Definition tab Steps to reproduce 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In the left menu bar, click the Datahub icon and click on any existing configuration then ...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/01/21 8:59 a.m.16 views

Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Description Reflected cross site scripting vulnerability in pimpore/pimcore , it is in group field in Field collections and objectbricks in settings module. Proof of Concept 1 .Login to demo account 2 . Go to settings module --data objects --object bricks or Field collection -- edit any one and a...

3.5CVSS0.9AI score0.00718EPSS
Exploits1
Huntr
Huntr
added 2022/01/21 5:11 a.m.4 views

Prototype Pollution in domcloud/dom-portal

Prototype Pollution in dom-portal Reported on Jan 20th 2022 | Timothee Desurmont Description The function unflatten located in domainbio.php could potentially leed to prototype pollution and givie an attacker unprivilladge access to sensitive information. Proof of Concept Create a file called...

Exploits0References2
Huntr
Huntr
added 2022/01/20 7:9 p.m.10 views

Cross-site Scripting (XSS) - Reflected in mermaid-js/mermaid-live-editor

Description There is a reflected XSS vulnerability in Mermaid v8.13.9 Live Editor. It is fixed in Mermaid develop Branch - Proof of Concept Open following link: \ \ \ \ Or copy & paste following in Mermaid v8.13.9 Live Editor: classDiagram class Duck +String beakColor +swim +quack Impact Execute...

6AI score
Exploits0
Huntr
Huntr
added 2022/01/20 3:34 p.m.10 views

in mastodon/mastodon

Description The message event listener in embed.js does not check the origin of postMessage before changing the height of the embedded toots. The vulnerable code allows any origin to postMessage on the browser window and feeds attacker's input id and height to code and now attacker is able to...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/01/20 3:7 p.m.20 views

Prototype Pollution in mastodon/mastodon

Description Javascript is "prototype" language which means when a new "object" is created, it carries the predefined properties and methods of an "object" with itself like toString, constructor etc. By using prototype-pollution vulnerability, an attacker can overwrite/create the property of that...

4.3CVSS0.04465EPSS
Exploits1
Huntr
Huntr
added 2022/01/20 2:2 p.m.33 views

Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore

Description XSS Proof of Concept Previous bug https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6/ is not properly fixed. it can be bypassed using with event handler . https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911 its only checking...

5CVSS6.8AI score0.01102EPSS
Exploits1
Huntr
Huntr
added 2022/01/20 10:31 a.m.8 views

Heap-based Buffer Overflow in gpac/gpac

Description When fuzzing gpac with clang 10 I found a heap overflow. Proof of Concept pocgffprintf Crash stack trace aldo@vps:/gpac/bin/gcc$ ASANOPTIONS=symbolize=1 ASANSYMBOLIZERPATH=/usr/bin/llvm-symbolizer ./MP4Box -disox -ttxt -2 -dump-chap-ogg -dump-cover -drtp -bt -out /dev/null...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/01/20 8:15 a.m.8 views

None in gpac/gpac

Description Use After Free in gpac Proof of Concept MP4Box -bt POC4 MP4Box -bt POC5 POC4 is here. POC5 is here. ASAN ==414586==ERROR: AddressSanitizer: heap-use-after-free on address 0x6100000007fc at pc 0x7f7926081250 bp 0x7ffd2e84f4a0 sp 0x7ffd2e84f490 READ of size 4 at 0x6100000007fc thread T0...

7.1AI score
Exploits0
Huntr
Huntr
added 2022/01/20 7:37 a.m.10 views

None in gpac/gpac

Description Use After Free in gpac Proof of Concept Version: MP4Box - GPAC version 1.1.0-DEV-rev1647-gb6f68145e-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

Exploits0
Huntr
Huntr
added 2022/01/20 7:33 a.m.9 views

Classic Buffer Overflow in gpac/gpac

Description Buffer Overflow in gpac Proof of Concept Version: MP4Box - GPAC version 1.1.0-DEV-rev1647-gb6f68145e-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/01/20 6:50 a.m.11 views

Stack-based Buffer Overflow in gpac/gpac

Description Stack-based Buffer Overflow in gpac Proof of Concept MP4Box -bt POC3 POC3is here gdb Program received signal SIGABRT, Aborted. 0x0000000000b68d4b in raise LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/01/20 5:22 a.m.10 views

Cross-Site Request Forgery (CSRF) in requarks/wiki

Description CSRF to upload and overwrite files Proof of Concept Open this HTML as a logged-in user var xhr = new XMLHttpRequest; xhr.open"POST", "http://127.0.0.1:3000/u", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...

1AI score
Exploits0
Huntr
Huntr
added 2022/01/20 5:9 a.m.10 views

Heap-based Buffer Overflow in gpac/gpac

Description Heap-based Buffer Overflow in gpac Proof of Concept Version: MP4Box - GPAC version 1.1.0-DEV-rev1646-gddd7990bb-master c 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929...

Exploits0
Huntr
Huntr
added 2022/01/19 7:49 p.m.20 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Pimcore settings module is vulnerable to stored cross site scripting Proof of Concept 1 . Login to dev demo account. https://10.x-dev.pimcore.fun/ 2 . Goto settings --data objects --Add a new class -- add payload in icon field 3 . Click save and close and open that class alert will...

3.5CVSS0.1AI score0.00619EPSS
Exploits1
Huntr
Huntr
added 2022/01/19 11:56 a.m.29 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

Description CSRF issues deleting the content of the website since it is having no CSRF token validation. Request POST /demo/api/content/delete HTTP/1.1 Host: demo.microweber.org User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:96.0 Gecko/20100101 Firefox/96.0 Accept: / Accept-Language:...

4.3CVSS0.8AI score0.00679EPSS
Exploits1
Huntr
Huntr
added 2022/01/19 11:48 a.m.31 views

in microweber/microweber

Description Sensitive information as part of the error is getting disclosed during the upload of an unrestricted file. Steps to Reproduce Instance 1 1. Log in to the application https://demo.microweber.org 2. Add a new post and upload an SVG file and you will see an error message getting Popped o...

4CVSS6.6AI score0.01151EPSS
Exploits1
Huntr
Huntr
added 2022/01/19 3:4 a.m.22 views

None in bobthecow/mustache.php

Description In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strictcallables is true when section value is controllable. Proof of Concept './cache', 'strictcallables'=true ; echo $m-render' repo phpinfo;// No repos : / repo phpinfo;// ',...

6.5CVSS2.4AI score0.00691EPSS
Exploits1
Huntr
Huntr
added 2022/01/18 4:59 p.m.29 views

in vim/vim

Description A heap-based OOB read of size 4 occurs when a user tries to open a vim session file specified below. This happens regardless of any command line options that could be specified to restrict vim, such -Z and -m. This bug has been found on default vim build lastest commit hash...

4.3CVSS7.6AI score0.0144EPSS
Exploits1
Huntr
Huntr
added 2022/01/18 7:23 a.m.47 views

Heap-based Buffer Overflow in vim/vim

Description Heap-buffer-overflow in vim Proof of Concept ./vim -u NONE -X -Z -e -s -S poc3 -c :qa! POC3 is here. Bt ==728741==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000025500 at pc 0x0000008961b2 bp 0x7ffca76ad0b0 sp 0x7ffca76ad0a8 READ of size 1 at 0x621000025500 thread T0...

7.5CVSS8AI score0.02086EPSS
Exploits1
Huntr
Huntr
added 2022/01/18 5:49 a.m.16 views

in gpac/gpac

Description Null Pointer Dereference in gfdumpvrmlfield.isra Proof of Concept MP4Box -bt POC2 POC2 is here. Bt Program received signal SIGSEGV, Segmentation fault. 0x0000000000644ca4 in gfdumpvrmlfield.isra LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/01/18 4:11 a.m.25 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description stored xss vulnerability occurs when you change the value of Group at "Settings" = "Thumbnalis" = "Video Thumbnails" in the pimcore service. Proof of Concept txt XSS POC : " 1. Open the https://10.x-dev.pimcore.fun/admin/login?perspective= 2. After login, Go to "Settings" = "Thumbnali...

3.5CVSS5.4AI score0.01456EPSS
Exploits1
Huntr
Huntr
added 2022/01/17 3:20 p.m.21 views

in pimcore/pimcore

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS and digital commerce services. You can upload an infinite number of dangerous SVG files in "Settings" = "System Settings" = "Appearance and Branding" of the pimcore service. Then why is it...

4.6CVSS6.9AI score0.01115EPSS
Exploits1
Huntr
Huntr
added 2022/01/17 3:5 p.m.31 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you add media query at "Settings" = "Thumbnails" = "Video Thumbnails" in the pimcore service. Proof of Concept txt XSS POC...

4.3CVSS0.2AI score0.0154EPSS
Exploits1
Huntr
Huntr
added 2022/01/17 1:59 p.m.33 views

in mruby/mruby

Description There is a NULL Pointer Dereference in ivfree src/variable.c:232:20. This bug has been found on mruby lastest commit hash 31fa3304049fc406a201a72293cce140f0557dca on Ubuntu 20.04 for x8664/amd64. Proof of Concept 6.times3.times%until-break b= 0,m:0 s=0 Steps to reproduce 1- Clone repo...

4.3CVSS0.3AI score0.0081EPSS
Exploits1
Huntr
Huntr
added 2022/01/17 1:13 p.m.9 views

Cross-Site Request Forgery (CSRF) in liangliangyy/djangoblog

Description Hi there, I would like to report a Cross Site Request Forgery in djangoblog source code. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker t...

1.1AI score
Exploits0References1
Huntr
Huntr
added 2022/01/17 10:9 a.m.20 views

Improper Access Control in janeczku/calibre-web

Description With default settings, low-level users will not have permission to create new shelf with public mode. However, due to incorrect checking, the function does not work as intended. Steps To Reproduce - Step 1: Login with admin account and go to http://hostname:8083/admin/user/new. Create...

4CVSS5.2AI score0.0067EPSS
Exploits1
Huntr
Huntr
added 2022/01/17 8:54 a.m.23 views

in livehelperchat/livehelperchat

Description LiveHelperChat is vulnerable to Insecure Direct Object Reference / IDOR vulnerability. The system's authorization functionality does not prevent one user from deleting another user by modifying the userid identifying the user. Each user has a userid 1,2,3,.... A malicious authorized...

6CVSS0.01086EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/17 7:30 a.m.28 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS is found in SettingsLive help configurationIncoming Webhooks. When a user creates a new webhook under the NAME field and puts a payload constructor.constructor'alert1', the input gets stored, and every time the user visits, the payload gets executed. Proof of Concept...

3.5CVSS0.4AI score0.00813EPSS
Exploits1
Huntr
Huntr
added 2022/01/17 4:52 a.m.9 views

Cross-site Scripting (XSS) - Stored in zikula/core

Description In zikula/core cross site scripting vulnerability is present in block modules block list description field. This commit e453ad not properly santize the input. Proof of Concept login to the demo account go to blocks https://demo.ziku.la/blocks/admin/view Add payload in block list...

6.3AI score
Exploits0
Huntr
Huntr
added 2022/01/17 3:3 a.m.17 views

Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web

Description There is a reflected XSS vulnerability on the site calibre-web. Proof of Concept 1. go to the calibre e-book management 2. create a new book give the title name 3. and give the title sort name 4. save and go to the website 5.go to Author 6.press one of the books 7. then right click an...

4.3CVSS1.1AI score0.00853EPSS
Exploits1
Huntr
Huntr
added 2022/01/16 11:58 p.m.19 views

Cross-site Scripting (XSS) - Stored in crater-invoice/crater

Description There is a vulnerability in the upload avatar functionality of crater invoice which would allow an attacker to upload malicious .SVG files in order to execute Javascript. All that is required is that the victim browse to the link location of the .SVG file Proof of Concept xss.svg:...

3.5CVSS0.00613EPSS
Exploits1
Huntr
Huntr
added 2022/01/16 10:5 p.m.15 views

Inefficient Regular Expression Complexity in parallax/jspdf

Description The jspdf package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the setZoomMode functionality may cause an application to consume an excessive amount of CPU. Proof of Concept // PoC.js var jsPDF = require"jspdf".jsPDF...

2.4AI score
Exploits0
Huntr
Huntr
added 2022/01/16 8:0 p.m.40 views

Static Code Injection in playframework/play-samples

Description "play-samples" project uses the vulnerable log4j library 2.17.0. This can cause potential RCE vulnerability on the project. Vulnerability: CVE-2021-44832 Remote Code Execution. Another reference from Apache for CVE-2021-44832. You should upgrade the log4j library to latest version...

3.8AI score0.97906EPSS
Exploits9
Huntr
Huntr
added 2022/01/16 5:57 p.m.8 views

in livehelperchat/livehelperchat

Lack of server side validation An admin can delete his/her account by bypassing client side validation 1.Login in application as admin. 2.Nagiate to settings and create another user. 3.Now see the list of user, an admin can only delete other user account rather than his/her. 4.Click on delete and...

0.8AI score
Exploits0
Huntr
Huntr
added 2022/01/16 6:39 a.m.23 views

in detekt/detekt

Description The read function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

7.5CVSS1.4AI score0.01376EPSS
Exploits1
Huntr
Huntr
added 2022/01/16 5:54 a.m.53 views

in liquibase/liquibase

Description The XMLChangeLogSAXParser function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

7.5CVSS0.8AI score0.02921EPSS
Exploits1
Huntr
Huntr
added 2022/01/16 5:46 a.m.7 views

in jesusfreke/smali

Description The loadResourceIds function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

1AI score
Exploits0
Total number of security vulnerabilities4072