Lucene search
K

4072 matches found

Huntr
Huntr
added 2022/01/07 11:1 a.m.23 views

None in vim/vim

Description A Heap-based Buffer Overflow has been found in vim commit a909c48 Proof of Concept base64 poc ZGVmIEZpcnN0RnVuY3Rpb24oKQogIGRlZiBTZWNvbmRGdW5jdGlvbihKICA9CiAgIyBOb2lzCiAg IyBvbmUKICAgCiAgIGVuZGRlZnxCQkJCCmVuZGRlZgojIENvbXBpbGUgYWxsIGZ1bmN0aW9ucwpk ZWZjb21waWxlCg==...

4.3CVSS6.4AI score0.01719EPSS
Exploits1
Huntr
Huntr
added 2022/01/07 9:26 a.m.31 views

Heap-based Buffer Overflow in vim/vim

Description A Heap-based Buffer Overflow has been found in vim commit 2f0936c Proof of Concept base64 poc ZGVmIEZpcnN0RnVuY3Rpb24oKQogIGRlZiBTZWNvbmRGdW5vbmUKJCAgCiAgIGVuZGRCQkJCCmVu ZGRlZgojIEN/////bGUgYWxsZWZ8QkJCQgplbmRkZWYKIyBDb21waWxlIGFsbCBmdW5jdGlvbnMK ZGVmY29tcGlsZQo=...

4.3CVSS5.4AI score0.01709EPSS
Exploits1
Huntr
Huntr
added 2022/01/07 8:53 a.m.16 views

Cross-Site Request Forgery (CSRF) in liukuo362573/yishaadmin

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/01/06 12:21 p.m.28 views

in lquixada/cross-fetch

BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...

4CVSS0.01153EPSS
Exploits1
Huntr
Huntr
added 2022/01/06 11:35 a.m.14 views

Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore

Description The application does not escape special characters before output to FE, lead to stored XSS. Proof of Concept Example of a case: 1. Go to Content Content Types /Admin/ContentTypes/List 2. Create or edit a type with XSS payload into Display Name field, e.g: Social Meta Settings Tick on...

3.5CVSS0.5AI score0.00634EPSS
Exploits1
Huntr
Huntr
added 2022/01/06 1:16 a.m.17 views

Improper Access Control in snipe/snipe-it

Description All bulk actions bulk-edit / bulk-delete / form info in asset models do not have access control checks Proof of concept 1: Grant view to Asset Models 2: UI for bulk-edit and bulk-delete is still enabled, proceed. 3: You may bulk-delete / edit any asset model Impact This vulnerability ...

4.9CVSS2.1AI score0.00639EPSS
Exploits1
Huntr
Huntr
added 2022/01/05 7:40 p.m.139 views

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...

5.8CVSS7.8AI score0.01646EPSS
Exploits1
Huntr
Huntr
added 2022/01/05 3:29 p.m.22 views

Insecure Temporary File in tensorflow/tensorflow

Description tensorflow package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...

3.3CVSS2.1AI score0.0011EPSS
Exploits0
Huntr
Huntr
added 2022/01/05 3:9 p.m.28 views

in follow-redirects/follow-redirects

BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...

4.3CVSS0.2AI score0.02426EPSS
Exploits2
Huntr
Huntr
added 2022/01/05 1:28 p.m.17 views

Path Traversal in konloch/bytecode-viewer

Description the.bytecode.club:Bytecode-Viewer is a lightweight user-friendly Java/Android Bytecode Viewer, Decompiler & More. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". The vulnerability is exploited using a specially crafted...

6.8CVSS1.6AI score0.02544EPSS
Exploits0
Huntr
Huntr
added 2022/01/05 10:39 a.m.23 views

Exposure of Sensitive Information to an Unauthorized Actor in scrapy/scrapy

BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============= When you crawling a site with cookie and it received Location header to redirect then scrappy send all cookie to this redirect url even if this is different domain . But every browser...

4CVSS0.01243EPSS
Exploits1
Huntr
Huntr
added 2022/01/05 9:30 a.m.15 views

Exposure of Sensitive Information to an Unauthorized Actor in axios/axios

BUG ====== Cookie header leaked to third party site and it allow to hijack victim account SUMMURY ============ When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to...

9.5AI score
Exploits0
Huntr
Huntr
added 2022/01/04 7:48 p.m.9 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description I can create links using the Web links feature. However, since the input value is not URL-encoded, the onfocus and autofocus properties can be used by escaping the properties of the "A" tag using double quotation marks ". Proof of Concept txt...

7.3AI score
Exploits0
Huntr
Huntr
added 2022/01/04 2:4 p.m.31 views

in vim/vim

Description A heap-based OOB read of size 1 occurs when a user tries to open a vim session file specified below. This happens regardless of any command line options that could be specified to restrict vim, such -Z and -m. This bug has been found on default vim build lastest commit hash...

6.8CVSS8.7AI score0.01739EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/04 8:11 a.m.6 views

Type Confusion in lirantal/daloradius

Description During the comparisons of different variables, PHP will automatically convert the data into a common, comparable type. This makes it possible to compare the number 12 to the string '12' or check whether or not a string is empty by using a comparison like $string == True. This, however...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/01/04 1:0 a.m.19 views

Cross-site Scripting (XSS) - Stored in phoronix-test-suite/phoronix-test-suite

Description Hi there phoronix test suite maintainer team. There is a stored XSS in phoronix-test-suite source code. This is in group name. Proof of Concept 1. Install a local instance of phoronix test suite 2. Create an account and log in, then create a group with name . Note that you cannot crea...

3.5CVSS6.5AI score0.01081EPSS
Exploits1
Huntr
Huntr
added 2022/01/03 2:47 p.m.16 views

in slidevjs/slidev

Description Vulnerability: CSS injection and Limited XSS via postMessage While reading the code, I came across packages/client/iframes/monaco/index.ts file, where a message eventListener is being used. The callback function adds the content of message inside tag. This way, the attacker can post a...

0.6AI score
Exploits0
Huntr
Huntr
added 2022/01/03 1:37 p.m.38 views

Improper Authorization in saleor/saleor

Title GraphQL traversal due to missing permission checks Description orders and customers fields allow to access each other via nodes edges. However, connections don't check user's permissions, which allows, for instance, a staff with just Customers permissions get full information about the orde...

4CVSS0.4AI score0.00994EPSS
Exploits1
Huntr
Huntr
added 2022/01/03 7:55 a.m.23 views

Exposure of Sensitive Information to an Unauthorized Actor in hoppscotch/hoppscotch

Description Steal authorization token via xss and hijack attack Proof of Concept Using this attack , attacker can hijack account by stealing authorization header . I see there is team based collaboration exists ,so one user can hack other user account using this bug . STEP -------- First host...

6CVSS0.3AI score0.01199EPSS
Exploits1
Huntr
Huntr
added 2022/01/03 3:36 a.m.22 views

in livehelperchat/livehelperchat

Description When resetting your password, you're able to enumerate users based on the way that the server responds to your request. If you enter an email that doesn't exist for example: [email protected], then the server will respond with an HTTP 302 FOUND status response code indicated by line 97 o...

5CVSS5.6AI score0.00899EPSS
Exploits1
Huntr
Huntr
added 2022/01/03 2:30 a.m.9 views

in zikula/core

Description When sending test emails, you're able to spam a target email address with as many emails as an attacker wants to a victim's email address due to lack of rate limiting /mailer/config/test I've put together a simple Python script that exploits this and would allow you to send a custom...

7AI score
Exploits0
Huntr
Huntr
added 2022/01/02 10:1 p.m.20 views

Cross-site Scripting (XSS) - Stored in getgrav/grav

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. I used &58 instead of : in the href attribute of tag to bypass the xss...

3.5CVSS1.2AI score0.01416EPSS
Exploits1
Huntr
Huntr
added 2022/01/02 8:29 p.m.18 views

Exposure of Sensitive Information to an Unauthorized Actor in microweber/microweber

Description Any unauthorized/unauthenticated actor can find the PII data of all the users registered in the application. PII - Personally Identifiable Information leaked by this application is first name, last name, email id, picture, username, isadmin status Proof of Concept 1 Visit...

5CVSS1.3AI score0.1201EPSS
Exploits1
Huntr
Huntr
added 2022/01/02 5:38 p.m.13 views

Cross-Site Request Forgery (CSRF) in gunet/openeclass

Description No CSRF is provided when deleting messages. Proof of Concept The attacker could delete a specific message as they are generated consecutively and brute forcing it. history.pushState'', '', '/' or the could just delete all the messages: history.pushState'', '', '/' Impact Combining thi...

2.8AI score
Exploits0
Huntr
Huntr
added 2022/01/02 3:54 p.m.15 views

Improper Access Control in microweber/microweber

Description Access Controls are used in an application to restrict a user to access only intended functions. If the user is able to access any feature/function which is not allowed by the application and user gets successful in this attempt, then it will be considered as broken access control...

4CVSS0.4AI score0.01121EPSS
Exploits1
Huntr
Huntr
added 2022/01/02 2:51 p.m.15 views

Cross-site Scripting (XSS) - Stored in microweber/microweber

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. Proof of Concept 1 Visit "Contact Us" page and put in Message field. Cli...

3.5CVSS2.4AI score0.00728EPSS
Exploits1
Huntr
Huntr
added 2022/01/02 12:30 p.m.38 views

Code Injection in microweber/microweber

Description HTML Injection is a vulnerability in which the attacker can inject malicious html content in the webpage. Proof of Concept 1 Admin has enabled Comments module, so that people can comment on a blog post. 2 Attacker post the following comment: SOMETHING+SOMETHING Now, observe the change...

5CVSS1.4AI score0.01555EPSS
Exploits1
Huntr
Huntr
added 2022/01/02 12:1 p.m.26 views

Cross-site Scripting (XSS) - Reflected in microweber/microweber

Description XSS - Cross-Site Scripting is vulnerability which allows attackers to execute arbitrary javascript code in the browser of victim. PAYLOAD for firefox: a' onafterscriptexecute=alertdocument.domain c='a requires NO user-interaction PAYLOAD for all major browsers: a'...

4.3CVSS1.4AI score0.03866EPSS
Exploits1
Huntr
Huntr
added 2022/01/02 10:31 a.m.33 views

Open Redirect in microweber/microweber

Description An Open Redirect vulnerability enables attacker to redirect the victims/users to malicious websites. Proof of Concept 1. Visit https://demo.microweber.org/demo/api/logout?redirectto=https://example.com It will redirect you to example.com Impact Attackers can use it in phishing campaig...

5.8CVSS1.6AI score0.01036EPSS
Exploits1
Huntr
Huntr
added 2022/01/02 5:58 a.m.33 views

Server-Side Request Forgery (SSRF) in dompdf/dompdf

Description DomPDF uses filegetcontents to obtain HTTP files when allowurlfopen is "On". On default contexts, filegetcontents will redirect whenever served with a 302 response. When developers use DomPDF with isRemoteEnabled set to "true" and allowurlfopen set to "true", but restrict IP addresses...

4.3CVSS4.6AI score0.00953EPSS
Exploits1
Huntr
Huntr
added 2022/01/01 6:36 p.m.9 views

Heap-based Buffer Overflow in neomutt/neomutt

Description When connected through imap/imaps with a server, neomutt is prone to a heap buffer overflow when using the auto completion feature. Proof of Concept Prepare client configuration which connects to 127.0.0.1:14300 cat muttrc imap.txt.b64 EOF...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2022/01/01 12:37 p.m.9 views

Cross-site Scripting (XSS) - Stored in cacti/cacti

Description Hi there cacti maintainer team, I would like to report a stored XSS in cacti source code. It is due to unsanitized error message in synchronizing aggregates for color. Proof of Concept 1. Install a cacti instance in your local 2. Go to Color and create a color with name 3. Back to col...

Exploits0References1
Huntr
Huntr
added 2021/12/31 7:54 p.m.13 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description When editing your profile, you can create social media links. However, the stored XSS vulnerability using the autofocus and onfocus attributes occurs because the double-quote is not URL-encoded in the input value of the social media link. Proof of Concept txt 1. Open the...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/12/31 9:36 a.m.17 views

Improper Access Control in chocobozzz/peertube

Description Unauthenticated users can obtain the caption of private videos Proof of Concept 1: First, create a private video and upload a caption 2: As an unauthenticated user, logout and visit the /api/v1/videos/1/captions 3: The response should return a lazy-static URL...

5CVSS2.3AI score0.01213EPSS
Exploits1
Huntr
Huntr
added 2021/12/31 5:42 a.m.4 views

Cross-site Scripting (XSS) - Stored in erudika/scoold

Description The Schold is a Q&A/knowledge base platform written in Java. When writing a Q&A, you can use the markdown editor. So I tried to exploit the syntax to try an XSS attack. It seemed to validate javascript: on the backend. So I couldn't use it. However, according to RFC3986, the scheme ca...

6.4AI score
Exploits0
Huntr
Huntr
added 2021/12/31 5:9 a.m.19 views

Exposure of Sensitive Information to an Unauthorized Actor in polonel/trudesk

Description When you delete a conversation, the server responds with sensitive data including user IDs and emails among other data. The endpoint that's contacted in order to delete a conversation is /api/v1/messages/conversation/. A user with low level privileges such as a customer account could...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/12/30 11:24 p.m.8 views

Cross-site Scripting (XSS) - Stored in zikula/core

Description When inputting a name for a module category whether editing an existing one or adding a new one, you're able to inject your own Javascript, leading to it being executed. An example payload that you can enter is: xss and then each time that you click the category to expand it, your...

Exploits0
Huntr
Huntr
added 2021/12/30 5:40 p.m.28 views

in star7th/showdoc

Description In the recent Showdoc application 925970e7 tag:v2.9.15 I have discovered possibility to enumerate registered users in the system. Proof of Concept Request: POST /server/index.php?s=/api/user/register HTTP/1.1 Host: 172.17.0.3 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:96.0...

5CVSS5.2AI score0.00969EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/30 5:0 p.m.14 views

Server-Side Request Forgery (SSRF) in transloadit/uppy

Description Uppy is vulnerable to SSRF through IPv4-mapped IPv6 addresses - https://www.ibm.com/docs/en/zos/2.1.0?topic=addresses-ipv4-mapped-ipv6 The report at https://hackerone.com/reports/786956 does not fix it because it uses a easily bypassable deny list in...

7.5CVSS9AI score0.01207EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/30 4:29 p.m.20 views

Cross-site Scripting (XSS) - Reflected in keystonejs/keystone

Description On Login Page, There Is A "from=" parameter in URL which is vulnerable to open redirect and which can be escalated to reflected XSS. Proof of Concept 1. Install Keystone 6 On Your System. 2. Go To http://localhost:3000/signin?from=http://evil.com And Login And You'll Be Redirected To...

4.3CVSS0.03982EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/30 3:31 p.m.25 views

None in radareorg/radare2

Description This vulnerability is of use-after-free. The bug exists in latest stable release radare2-5.5.4. Specifically, the vulnerable code is picked out as follows libr/io/iobank.c: // ./libr/io/iobank.c line 229 // the entry-data is a freed pointer address while entry && riosubmapto RIOSubMap...

7.5CVSS8.2AI score0.01227EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/30 1:0 p.m.17 views

Server-Side Request Forgery (SSRF) in rodber/chevereto-free

Description There was some hardening done previously against private IP addresses in the SSRF vulnerability I disclosed in the previous report https://github.com/rodber/chevereto-free/. However the checks can be bypassed by URL redirection. Proof of Concept If http://example.com resolves to a...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/12/30 12:32 p.m.26 views

in radareorg/radare2

Description This vulnerability is of out-of-bound read. The bug exists in latest stable release radare2-5.5.4. Specifically, the vulnerable code is picked out as follows: // libr/util/buf.c line 631 RAPI void rbuffiniRBuffer b ... // the pointer address of b-methods is broken if...

4.3CVSS2.5AI score0.01105EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/30 10:41 a.m.34 views

Server-Side Request Forgery (SSRF) in chocobozzz/peertube

Description There is an SSRF vulnerability in PeerTube, registered users outside of the external network can issue GET requests into the internal network via the Import With URL option. Proof of Concept Setting a Python3 server on 8080 python3 -m http.server 8080 And importing this URL...

5CVSS0.4AI score0.00914EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/30 9:35 a.m.14 views

Cross-site Scripting (XSS) - Stored in convos-chat/convos

Description I found a way to bypass the Stored XSS via uploading File with format .svg when chatting in private conversation. Since you have filtered the content of the svg file as below: state $RULES = svg = qr Steps to Reproduce 1.After login, go to any private conversation. 2.In the chat bar,...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/12/30 9:33 a.m.12 views

Heap-based Buffer Overflow in gpac/gpac

Description Heap-based Buffer Overflow SFSAddString at bifs/scriptdec.c:76 Proof of Concept POC1 is here. Result MP4Box -disox -ttxt -2 -dump-chap-ogg -dump-cover -drtp -bt -out /dev/null POC1 ··· 5 538135 abort ./source/gpac/bin/gcc/MP4Box -disox -ttxt -2 -dump-chap-ogg -dump-cover -drtp Bt...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/12/30 5:45 a.m.9 views

in gpac/gpac

Description Null Pointer Dereference in gfutf8wcslen Proof of Concept POC is here. bt Program received signal SIGSEGV, Segmentation fault. ----------------------------------registers----------------------------------- RAX: 0x24 '$' RBX: 0x5555555e2870 -- 0x5555555e2840 -- 0x2000000020000000 '' RC...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/12/30 12:39 a.m.6 views

Cross-Site Request Forgery (CSRF) in e107inc/e107

Description Hi there e107 team, there is another CSRF on your downloading plugins feature Proof of Concept 1. Install a local instance of e107. 2. Log in as admin 3. Access this link...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/12/29 7:43 p.m.14 views

Improper Access Control in crater-invoice/crater

Description In recent Crater version faf1ef09 tag: 5.0.6 I discovered, that not authenticated user can download all expense receipts uploaded to any company. Proof of Concept Python import requests for i in range1, 100: r = requests.getf'http://172.17.0.1:8080/expenses/i/download-receipt' if...

5CVSS5.5AI score0.01213EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/29 3:53 p.m.15 views

Cross-site Scripting (XSS) - Stored in convos-chat/convos

Description The Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quarter does not exist. Proof ...

3.5CVSS5.6AI score0.00932EPSS
Exploits1
Total number of security vulnerabilities4072