Lucene search
K

4072 matches found

Huntr
Huntr
added 2021/12/29 2:30 p.m.28 views

in vim/vim

Description A heap-based OOB read of size 1 occurs when a user tries to open a vim session file specified below. This happens regardless of any command line options that could be specified to restrict vim, such -Z and -m. This bug has been found on default vim build version 8.2.3931, commit hash...

4.3CVSS7.8AI score0.01762EPSS
Exploits1
Huntr
Huntr
added 2021/12/29 2:6 p.m.27 views

None in vim/vim

Description A use after free vulnerability has been found in vim 8.2.3931 commit hash febb78fa1798e0f95983b3f7881419a754886df5. The bug has been reproduced on Ubuntu 20.04 with gcc 9.3.0. Proof of Concept After building vim with gcc and ASAN run vim with the following session file: $ echo -ne...

6.8CVSS7.1AI score0.01727EPSS
Exploits1
Huntr
Huntr
added 2021/12/29 12:37 p.m.16 views

Heap-based Buffer Overflow in mruby/mruby

Description Heap Base Buffer Overflow mrbirepcutref Proof of Concept a = a. nil too many irep references RuntimeError ================================================================= ==990==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000003a6 at pc 0x560e7e6acc2e bp...

7.5CVSS9AI score0.0141EPSS
Exploits1
Huntr
Huntr
added 2021/12/29 12:28 a.m.11 views

Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Description Hi there, another CSRF in clearing search items. Proof of Concept 1. Install a local instance of phpmyfaq. 2. Go to this link /phpmyfaq/admin/?action=truncatesearchterms 3. See that all search terms are deleted. Impact This vulnerability is capable of CSRF...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/12/28 7:53 p.m.21 views

Improper Access Control in bookstackapp/bookstack

Description parentChapter permissions are not enforced during sort. Users with only book-update permissions on their own page can move their pages into restricted chapters via modifying the parentChapter id in the sortmap. Users do not need to have access to restricted books / chapter in order to...

4CVSS2.9AI score0.00707EPSS
Exploits1
Huntr
Huntr
added 2021/12/28 2:19 p.m.10 views

Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Description Hi there, there is a CSRF in your logout function. This will force admin to logout if he/she clicks on the link attacker gives him. Proof of Concept 1. Install phpmyfaq on your system. 2. Login as admin 3. Open this link /admin/index.php?action=logout 4. See that you are logged out of...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/12/28 4:20 a.m.15 views

Cross-site Scripting (XSS) - Stored in convos-chat/convos

Description The Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload .html extension. This causes Stored XSS. Also, after uploading a file, it does not log in, and XSS occurs even if you connect. Proof of Conce...

3.5CVSS5.6AI score0.00831EPSS
Exploits1
Huntr
Huntr
added 2021/12/27 4:43 p.m.20 views

in mruby/mruby

Description A NULL Pointer Dereference was discovered in mrbclass. The vulnerability causes a segmentation fault and application crash. version 6de0fcb ./mruby -v mruby 3.0.0 2021-03-05 System information Ubuntu 20.04 focal, AMD EPYC 7742 64-Core @ 16x 2.25GHz Proof of Concept poc base64 poc...

5CVSS0.9AI score0.00856EPSS
Exploits1
Huntr
Huntr
added 2021/12/27 3:57 p.m.27 views

None in vim/vim

Description Hello there! Hope you are having an awesome day! 🤗 After I saw the last Rick de Jager's report, I decided to pick up their PoC as a valid input for fuzzing vim on its patch 8.2.3912, and ended up finding a new case of double-free! For testing, I compiled vim with GCC 9.3.0, and my O.S...

6.8CVSS7.9AI score0.01629EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/27 10:16 a.m.40 views

Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot

Steps To Reproduce: 1. 1. Navigate to the campaigns section 2. 2. Click on "Create a ongoing campaign" 3. 3. Fill title, message, inbox and URL 4. 4. Then click on "Create" and intercept it 5. 5. Change your url's value to javascript:alert1 for example "url" : "https://google.com" to "url" :...

4.3CVSS6AI score0.0085EPSS
Exploits1
Huntr
Huntr
added 2021/12/27 8:28 a.m.20 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description The livehelperchat is an open source live chat service. In this service, general users can chat 1:1 with administrators. When administrators send XSS PoC to general users, XSS occurs in general users' chat rooms. Since XSS PoC is saved in the chat room, XSS occurs even if you access t...

3.5CVSS1.3AI score0.0046EPSS
Exploits1
Huntr
Huntr
added 2021/12/27 8:18 a.m.10 views

Cross-Site Request Forgery (CSRF) in zikula-modules/content

Description There is no csrf protection for content page duplicate functionality. Proof of Concept document.forms0.submit; Impact This vulnerability is capable of creating more number of duplicates by clicking malicious links...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/12/27 7:18 a.m.4 views

Cross-site Scripting (XSS) - Stored in livehelperchat/fbmessenger

Description The application does not escape special characters. The $item-bbcode or $item-name variables can lead to stored XSS Proof of Concept Go to Facebook BBCode List https://demo.livehelperchat.com/siteadmin/fbmessenger/newbbcode and add an item with XSS payload into name or bbcode fields,...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/12/27 4:50 a.m.19 views

Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat

Description The application does not escape special characters, and the $msgPArent or $Result'additionalpostmessage' variables can lead to reflected XSS Proof of Concept https://demo.livehelperchat.com/chat/chatwidgetchat/444/123/theme/1/cstarted/123";;alert'xss';" Impact XSS can have huge...

4.3CVSS1.3AI score0.00785EPSS
Exploits1
Huntr
Huntr
added 2021/12/27 3:26 a.m.11 views

Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Description Hi there phpmyfaq team, I would like to report a Cross site request Forgery in phpmyfaq. It is in publishing question. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2021/12/27 2:42 a.m.16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description The Mobile Options settings does not sanitise and escape the $mboptions'fcmkey' parameter lead to stored XSS Proof of Concept Go to Mobile settings, fill XSS payload into FCM Key field kind of: somekey" Impact XSS can have huge implications for a web application and its users. User...

3.5CVSS0.5AI score0.00531EPSS
Exploits1
Huntr
Huntr
added 2021/12/26 10:36 p.m.11 views

in livehelperchat/livehelperchat

Description When updating the geolocation detection configuration, we're given the option to specify a file location of a city database file, this can be used to determine if files exist or not. We are not able to see the contents of the file, but we are indeed able to determine if the file exist...

5CVSS4.8AI score0.00924EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/26 4:49 p.m.27 views

Improper Privilege Management in shelljs/shelljs

Details If ShellJS scripts running locally are using ShellJS exec function, local users on the filesystem can read the stdout of the running ShellJS process to disclose sensitive information present in the privileged process. This may leak sensitive information present in the privileged process...

3.6CVSS1.5AI score0.00427EPSS
Exploits1
Huntr
Huntr
added 2021/12/26 3:45 p.m.10 views

Prototype Pollution in egorovsa/json-unflat

Description Versions 2.0.0 of json-unflat are vulnerable to prototype pollution. The function unflat does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. JsonUnFlat.unflat = function json var...

2.3AI score
Exploits0References1
Huntr
Huntr
added 2021/12/26 1:9 p.m.19 views

Data Source Name Injection

Description TiDB Importer uses Go MySQL Driver for connecting to MySQL servers. This driver utilizes Data Source Name DSN strings for describing database connections with the following format: username:password@protocoladdress/dbname?param=value The driver has a built-in protection against LOCAL...

7.5CVSS0.00562EPSS
Exploits0References1
Huntr
Huntr
added 2021/12/26 12:23 p.m.24 views

Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot

Title XSS in markdown link-maker Description While chatting with a client, both sides may use markdown. However, neither client's nor Chatwoot inner user's input is verified. Steps to reproduce. Note: this works in Safari and Firefox, not Chrome. I will use Telegram bot. 1. 1. Start a conversatio...

5.8CVSS0.2AI score0.00788EPSS
Exploits1
Huntr
Huntr
added 2021/12/26 10:55 a.m.20 views

Cross-site Scripting (XSS) - Stored in star7th/showdoc

Description Stored XSS via upload attachment with format .svg in File Library. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept PoC.svg var...

3.5CVSS0.2AI score0.00642EPSS
Exploits1
Huntr
Huntr
added 2021/12/26 2:54 a.m.11 views

Cross-Site Request Forgery (CSRF) in pheditor/pheditor

Description Hi there, there is a minor CSRF problem in your logout function, this will force the user to logout without their consent. Proof of Concept 1. Install phpeditor on your system 2. Login as admin 3. Go to this link /pheditor/pheditor.php?logout=1 4. See that you are logged out of...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/12/25 11:29 a.m.8 views

Cross-Site Request Forgery (CSRF) in e107inc/e107

Description Hi there, there is a Cross Site Request Forgery in e107 that allows an attacker to force admin user to repair a plugin. Proof of Concept 1. Install e107 in your system 2. Log in as adminstrator 3. Copy this link and paste to your browser:...

2AI score
Exploits0
Huntr
Huntr
added 2021/12/25 11:24 a.m.8 views

Cross-Site Request Forgery (CSRF) in e107inc/e107

Description Hi e107 team, I would like to report a CSRF in e107 source code. This is in install plugin feature Proof of Concept 1. Install a local instance of e107 2. Login as admin and access this link /e107admin/plugin.php?mode=installed&action=install&path=chatboxmenu 3. See that the pluglin...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2021/12/25 10:47 a.m.27 views

None in vim/vim

Description intro While fuzzing, I found an edge case in the vim9 compiler for nested functions. It seems like you can make the compiler use the same line twice, by adding another command directly after an enddef token using the | operator. Depending on the inner functions body, this either resul...

6.8CVSS0.1AI score0.01621EPSS
Exploits1
Huntr
Huntr
added 2021/12/25 7:53 a.m.43 views

Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot

Title Stored XSS in customattributes Description Relying on frontend URI check without verifying it on the backend allows to inject arbitrary JS code. Steps to reproduce 1. 1. Create a custom attribute, set its type to Link 2. 2. Navigate to any conversation, click on the right sidebar. 3. 3...

4.3CVSS0.9AI score0.00856EPSS
Exploits1
Huntr
Huntr
added 2021/12/25 3:10 a.m.32 views

Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat

Description The htmlspecialchars function does not escape special characters like single quote, and the $prefix parameter can lead to reflected XSS Proof of Concept https://demo.livehelperchat.com/siteadmin/user/avatarbuilder/1?=1640314779051&prefix=123%27;;%20alert%27xss%27;// Impact XSS can hav...

4.3CVSS1.6AI score0.00948EPSS
Exploits1
Huntr
Huntr
added 2021/12/24 11:24 p.m.25 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you change the rule name in the admin dev page. Proof of Concept txt XSS POC : 1. Open the...

3.5CVSS0.2AI score0.01456EPSS
Exploits1
Huntr
Huntr
added 2021/12/24 8:2 p.m.16 views

Business Logic Errors in janeczku/calibre-web

Description There is a possibility to create 2 public phasing shelfs that have the same name, which is a business logic error. Steps To Reproduce 1. Create a shelf with empty name 2. Tick the share with everyone box 3. Create another shelf with empty name 4. Tick the share with everyone box, it...

7.5CVSS8.6AI score0.01375EPSS
Exploits1
Huntr
Huntr
added 2021/12/24 11:16 a.m.19 views

in polonel/trudesk

Description When logging in, the login page will tell you whether or not a username exists which is a vulnerability since it can be paired with the lack of rate limitation when logging in in order to help an attacker find out which accounts exist & then brute force those accounts' login...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/12/24 8:30 a.m.24 views

Cross-Site Request Forgery (CSRF) in yourls/yourls

Description 1. Hi there YOURLS team, I would like to report a Cross Site Request forgery vulenrability on YOURLS. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows ...

4.3CVSS1.1AI score0.01994EPSS
Exploits5References1
Huntr
Huntr
added 2021/12/23 9:17 p.m.8 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description The lack of a CSRF token and validation of the request method gives the attacker the ability to delete DeleteReportFolder Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact The attacker has the ability to delete arbitrary report folders on behalf of the victi...

3.6AI score
Exploits0
Huntr
Huntr
added 2021/12/23 4:32 p.m.36 views

in vim/vim

Description A heap-based OOB read of size 4 occurs when a user tries to open a vim session file specified below. This happens regarless of any command line options that could be specified to restrict vim, such -Z and -m. This bug has been found on default vim build in Ubuntu 20.04 for x8664/amd64...

5.8CVSS8.8AI score0.01586EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/23 11:15 a.m.14 views

Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework

Description Stored cross site scripting vulnerability in pimcore app, name and description field field is vulnerable to xss in customer automation rules. Proof of Concept 1 .login to the account 2 .go to customers -- customer automation rules -- Add payload in name field. 3 .payload " Impact This...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/12/23 7:7 a.m.12 views

Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Description CSRF on logout functionality. Attacker able to logout the user by sending malicious link Proof of Concept Impact This vulnerability is capable of logout the user session Note This is not an attack, it is a kind of annoyance to the user , though it is a valid csrf . By Using post metho...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/12/23 12:30 a.m.15 views

Improper Privilege Management in rhizome-conifer/conifer

Description Hi there, I would like to report an improper privilege escalation in conifer. Any user can view all recordings of other users. Proof of Concept 1. Go to https://conifer.rhizome.org/ and register 2 accounts, let's call it user1 and user2 2. Use user1 and create a collection, let's name...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/12/22 6:17 p.m.18 views

Inefficient Regular Expression Complexity in idank/explainshell

Description In the latest version of explainshell ebc5e9f2 I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service Proof of Concept PoC based on code in explainshell/options.py Python import logging import re if name == "main":...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/12/22 3:53 p.m.8 views

Inefficient Regular Expression Complexity in python/cpython

Description In recent cpython version 31ff9671 I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. Vulnerability exists in EntryPoint class which is used to parse package/module entry-points. Proof of Concept Simplified PoC based on init.py Python...

1.4AI score
Exploits0References2
Huntr
Huntr
added 2021/12/22 6:32 a.m.12 views

Cross-Site Request Forgery (CSRF) in archivy/archivy

Title Missing CSRF token validation leads to note deletion. Summary Route /dataobj/delete/ is responsible for note deletion. Instead of POST it accepts GET and DELETE methods. @app.route"/dataobj/delete/", methods="DELETE", "GET" def deletedatadataobjid: try: data.deleteitemdataobjid except...

4.3CVSS1.6AI score0.00382EPSS
Exploits1
Huntr
Huntr
added 2021/12/22 5:27 a.m.21 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Stored cross site scripting vulnerability in report class field on custom report feature. Proof of Concept 1 . Login to dev account https://10.x-dev.pimcore.fun/admin/ 2 . Go to marketing -- custom reports -- Report class :field in left navigation menu 3 . Add payload " in report clas...

3.5CVSS5.1AI score0.00642EPSS
Exploits1
Huntr
Huntr
added 2021/12/22 12:58 a.m.9 views

Open Redirect in erudika/scoold

Description Hi erudika scoold team, there is an Open redirect in your source code at question url Proof of Concept 1. Go to this link https://pro.scoold.com/questions/space?returnto=https://google.com 2. Observe that you are redirected to google.com Impact This vulnerability is capable of Open...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/12/22 12:51 a.m.12 views

Cross-Site Request Forgery (CSRF) in erudika/scoold

Description Hi there, I would like to report a CSRF vulnerability in erudika/scoold. This allows an attacker to change the current user question space or add them to default space against their will. Proof of Concept 1. Access scoold demo at https://pro.scoold.com/ and log in 2. Access this link...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/12/21 4:16 p.m.25 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description pimcore is vulnerable to Stored Cross-Site Scripting in the name field via the import functionality. Steps to reproduce: 1. Navigate to settings -- Data Objects -- Objectbricks 2. ave the following data as JSON file and import it: json "classDefinitions": , "key": null, "parentClass":...

3.5CVSS0.3AI score0.00705EPSS
Exploits1
Huntr
Huntr
added 2021/12/21 5:58 a.m.20 views

Cross-Site Request Forgery (CSRF) in polonel/trudesk

Description There is a CSRF vulnerability which would allow an attacker to restart the server by simply having a victim with the appropriate privileges visit an attacker's crafted webpage. The vulnerability exists when performing a GET request to the /api/v1/admin/restart endpoint There is also...

1AI score
Exploits0
Huntr
Huntr
added 2021/12/21 4:59 a.m.13 views

in gpac/gpac

Description A null pointer dereference was discovered in BDCheckSFTimeOffset. The vulnerability causes a segmentation fault and application crash. Version: ./MP4Box -version MP4Box - GPAC version 1.1.0-DEV-revUNKNOWNREV c 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Pleas...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/12/21 4:25 a.m.5 views

in vim/vim

Description Untrusted Pointer Dereference leading to a segmentation fault Segmentation fault in vimregexecmulti at regexp.c:2896 Proof of Concept ./vim -u NONE -X -Z -e -s -S POC1 -c ':qa! POC1https://drive.google.com/file/d/1VOS93VSakO96z2rnvIdWDYRM9KAEIgC/view?usp=sharing bt Program received...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/12/20 11:48 p.m.7 views

in michaelrsweet/htmldoc

Description In gifreadimage, in image.cxx, gifreadlzw might return a value greater than 255, which results in an out of bounds read, leading to denial of service. c typedef uchar gifcmapt2563; / ... / static int / I - 0 = success, -1 = failure / gifreadimageFILE fp, / I - Input file / imaget img,...

6.8AI score
Exploits0
Huntr
Huntr
added 2021/12/20 10:0 p.m.6 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description When adding a menu after logging in with an administrator account, there is no verification of the URL value, so the XSS payload is stored in the DB. After that, when you click the saved menu, XSS is triggered. If an administrator adds a menu, normal users can click it too. Proof of...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/12/20 8:43 p.m.40 views

Command Injection in parse-community/parse-server

Description This is a Remote Code Execution vulnerability in the Parse Server. This vulnerability affects the Parse Server in the default configuration with MongoDB, probably a similar attack can affect the PostgreSQL storage as well. The main weakness that leads to RCE is the Prototype Pollution...

7.5CVSS0.2AI score0.49081EPSS
Exploits1References3
Total number of security vulnerabilities4072