Lucene search
K

4072 matches found

Huntr
Huntr
โ€ขadded 2021/12/10 6:23 p.m.โ€ข28 views

in dotcms/core

Description Hello, dotCMS has an XXE vulnerability in the template design page. To exploit this flaw, a attacker needs the permission to edit and preview templates, and this can be abused to read internal files Video Poc This section of the documentation explain how to use the XMLTool in the...

0.4AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/10 1:43 p.m.โ€ข5 views

Cross-site Scripting (XSS) - Stored in openwhyd/openwhyd

Description openwhyd is vulnerable to Stored XSS at the Name field in User Profile. Payload " Steps to reproduce 1.After login, click on the username to go to the Profile page 2.Click Edit Profile button - choose Edit Profile Info 3.In the Name field, input payload "then click Save button 4.Reloa...

6.1AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/10 1:1 p.m.โ€ข21 views

in mruby/mruby

Description NULL Pointer Dereference in mrbfullgc Proof of Concept a = a. nil AddressSanitizer:DEADLYSIGNAL ================================================================= ==21352==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 pc 0x556b44382444 bp 0x7fff4e9961d0 sp...

5CVSS1.3AI score0.01621EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/10 7:1 a.m.โ€ข18 views

Cross-site Scripting (XSS) - Stored in vanessa219/vditor

Description the editor has XSS vulnerability Proof of Concept payload: Open the editorhttps://ld246.com/guide/markdown, enter the payload, and trigger the XSS vulnerability demo pic : https://drive.google.com/file/d/1fl07CUXSS0DyvjtuftslMnyr2uGZ8F7/view?usp=sharing Impact This vulnerability has t...

3.5CVSS0.8AI score0.00664EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/10 4:6 a.m.โ€ข12 views

in humhub/humhub

Description Hello guys, hope you are having an awesome day! ๐Ÿค— HumHub has a functionality for spaces where you define that only invited users will be able to join a space. Private spaces come with this option but you can also define it for public ones. While a user is creating a space, this user i...

6.7AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/10 2:21 a.m.โ€ข23 views

Cross-Site Request Forgery (CSRF) in patrowl/patrowlmanager

Description Hi there, there is a CSRF in duplicating rule due to the usage of GET method. Proof of Concept 1. Install a local instance of PatrowlManager 2. Go to list rule and create a new rule 3. Access this link http://localhost:8083/rules/api/v1/alerting/duplicate/1 and see that the rule is...

0.3AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/09 7:42 p.m.โ€ข25 views

Business Logic Errors in pimcore/pimcore

Description The application is vulnerable to Business Logic error through negative cart amount. Proof of Concept Step 1: Login to the application https://10.x-dev.pimcore.fun/admin/login?perspective= Step 2: Navigate to Online shop - Pricing Rules - Voucher Discount - Actions Step 3: Enter Negati...

4CVSS1.2AI score0.008EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/09 7:7 p.m.โ€ข10 views

Inclusion of Sensitive Information in Source Code in pimcore/demo

Description API Keys is hard coded in the application source code. The use of a hard-coded API Key has many negative implications. Proof of Concept "security" = "method" = "datahubapikey", "apikey" = "6332aa5e6d3d6c0be31da2a8b3442113", "skipPermissionCheck" = FALSE...

0.8AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/09 3:15 p.m.โ€ข21 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET ANY. To expand: One way GET could be...

4.3CVSS4.3AI score0.00357EPSS
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/09 2:24 p.m.โ€ข4 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Proof of Concept https://demo.corebos.com/index.php?module=Users&action=index&parenttab=Settin...

0.1AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/12/09 11:14 a.m.โ€ข37 views

Cross-site Scripting (XSS) - Generic in bigbluebutton/bigbluebutton

Description Shared notes panel is vulnerable to XSS when rendering a new note, due to missing username sanitization. Proof of Concept 1. 1.Start a new web conference and share the link with other people 2. 2.A malicious user joins the conference with the following username: 3. 3.As soon as the...

4.3CVSS2.2AI score0.0089EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2021/12/09 4:42 a.m.โ€ข31 views

Improper Access Control in snipe/snipe-it

Description Regular users with DENY set to all models permissions can still view model information via the /models/id/clone endpoint due to no authorize'view' permission being set. Proof of Concept 1: Create regular user and set DENY to all permissions in asset models. 2: Login as the user 3:...

4CVSS2.3AI score0.00697EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/09 2:53 a.m.โ€ข19 views

Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

4.3CVSS0.7AI score0.00382EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/08 4:21 p.m.โ€ข10 views

Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki

Description Another low-severity CSRF last one, I think. identified on styling page Proof of Concept Requests to the following endpoint used by admins to edit template styling settings do not contain sectok CSRF token POST /doku.php?id=start&do=admin&page=styling Impact This vulnerability is...

2.6AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/08 10:18 a.m.โ€ข13 views

Code Injection in quickbox/qb

Description While this is a theoretical finding the code seems to be vulnerable to Remote Code Execution Proof of Concept Description At line 406 you can see the following code: $process = $GET'serviceenable'; This means we can do /dashboard/inc/config.php?serviceenable=ourvalue Now between line...

1.9AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/12/08 7:21 a.m.โ€ข70 views

Cross-site Scripting (XSS) - Reflected in gnuboard/gnuboard5

Description The reflected XSS vulnerability occurs to a flaw in the cleanxsstags function called in memo.php of Gnuboard 5. This cleanxsstags is a Sanitizer that removes XSS-vulnerable tags and attributes. However, it can bypass Sanitizer by using a newline character. %0A, %0D, ETC Proof of Conce...

4.3CVSS1.2AI score0.01812EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/08 4:25 a.m.โ€ข6 views

Session Fixation in admidio/admidio

Description Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn't assign a new session...

0.5AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/08 4:18 a.m.โ€ข13 views

Cross-site Scripting (XSS) - Stored in patrowl/patrowlmanager

Description PatrOwl is vulnerable to stored XSS in asset group name. The payload will be triggered when someone try to delete the asset group. Proof of Concept https://drive.google.com/file/d/1F7m9g7s6xp-L5QKy5ACOvndWAj8g20s/view?usp=sharing Impact This vulnerability permit to an authenticate use...

0.3AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/12/07 12:51 p.m.โ€ข20 views

Inefficient Regular Expression Complexity in nltk/nltk

Description nltk is vulnerable to ReDoS attack because of ^-?0-9+.0-9+?$ regex. If attacker succeeds to use malicious payload against RegexpTagger used in function getpostagger and maltregextagger, it will cause a nasty DoS. Proof of Concept // PoC.py import re, time pattern =...

5CVSS2.5AI score0.01461EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/07 8:26 a.m.โ€ข24 views

Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Description pimcore is vulnerable to Reflected XSS via the Search function for Document, Assets and Data Objects. Steps to reproduce 1.Login to pimcore admin. 2.In the left menu bar, click the Search icon then choose Documents, the Search Documents tab will display. 3.Input payload " into the...

4.3CVSS1.4AI score0.00755EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/07 4:26 a.m.โ€ข19 views

Cross-Site Request Forgery (CSRF) in pimcore/pimcore

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

4.3CVSS0.7AI score0.00429EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/07 4:14 a.m.โ€ข6 views

Session Fixation in tsolucio/corebos

Description Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn't assign a new session...

0.5AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/06 9:10 p.m.โ€ข7 views

Cross-Site Request Forgery (CSRF) in yeswiki/yeswiki

Description Hey all, so i found that YesWiki doesn't implement any sort of anti-csrf mechanism, i found that the change email function is vulnerable to CSRF attacks which leads to Account Takeover. Proof of Concept Exploitation Scenario: - An attacker sends the above PoC to the victim. - rather...

1.9AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/06 6:22 p.m.โ€ข12 views

Denial of Service in chatwoot/chatwoot

The extractreply function https://github.com/chatwoot/chatwoot/blob/a0ffefad717b632269883863c27242bb97d3b66d/app/presenters/mailpresenter.rbL105 is highly inefficient on HTML emails. A legitimate LinkedIn email has 20kb of HTML content which takes a minute or two to process through that function,...

6.6AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/06 6:8 p.m.โ€ข11 views

Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki

Description DokuWiki is vulnerable to CSRF in enabling / disabling plugin due to missing CSRF token sectok Proof of Concept If a logged-in admin user visits an attacker's website with the following HTML code the LDAP plugin, for example, will be disabled Impact This vulnerability is capable of...

0.7AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/06 2:25 p.m.โ€ข12 views

Cross-site Scripting (XSS) - DOM in emoncms/emoncms

Description EmonCMS 10.9.19 has a DOM-XSS vulnerability that is executed when javascript code is injected as imported data. Proof of Concept 1 - login into the app and browse to the section Feeds Import Data 2 - add alert1,a or 1638807909,alert2 in the CSV area. Then click on one of the empty fie...

1.8AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/06 1:43 p.m.โ€ข15 views

Cross-site Scripting (XSS) - Generic in uiwjs/react-md-editor

Description XSS vulnerability through the markdown editor Proof of Concept Steps to Reproduce Visit the demo page. Past the payload in the markdown editor. Impact - Steal a user's token - Session hijacking...

1.2AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/12/06 1:30 p.m.โ€ข19 views

Improper Privilege Management in dotcms/core

Description Hello team, I found a SSTI that allow me to get Full Privilege Escalation system user 1. While editing a template we have total access to the User and UserModel classes via $user 2. One of the UserModel methods is called setUserId 3. If we call setUserId and pass "system" as parameter...

0.9AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/06 12:52 p.m.โ€ข10 views

Cross-site Scripting (XSS) - Reflected in emoncms/emoncms

Description EmonCMS 10.9.19 has 2 reflected XSS vulnerabilities: 1 - one that is executed when a user tries to generate a new app whose name contains javascript code. The vulnerability leverages the default option of displayerrors within the processsettings.php file which produce unsanitized erro...

1.1AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/12/06 12:43 p.m.โ€ข8 views

Cross-site Scripting (XSS) - Reflected in tsolucio/corebos

Description Please enter a description of the vulnerability. coreBOS is vulnerable to Reflected XSS via activitytype in index Proof of Concept 1.After login, click poc url 2.select Activity Type // PoC.js...

1AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/12/05 6:0 p.m.โ€ข24 views

Server-Side Request Forgery (SSRF) in snipe/snipe-it

Description Admin users on the external network can perform blind POST-based SSRF issue requests on behalf of the server into the internal network via the Slack Integration Performing portscans 1: Go to Slack Integrations 2: Use http://127.0.0.1:1337 as the Slack Endpoint. See the error message:...

6.5CVSS5.2AI score0.00893EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2021/12/05 9:22 a.m.โ€ข18 views

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Using javascript: throws an error in parsing the url. But I bypassed it using javascript://%0A. Proof of Concept txt 1. Open the...

4.3CVSS1.4AI score0.05784EPSS
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/05 8:28 a.m.โ€ข16 views

Improper Authorization in openwhyd/openwhyd

Description This Account Takeover via Dom XSS vulnerability occurs because the backend does not check the value of the redirect parameter in the login logic. javascript if form.fbUid userModel.updatedbUser.id, $set: fbId: form.fbUid, fbTok: form.fbTok, // access token provided on last facebook...

4.3CVSS6.5AI score0.00522EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/05 8:0 a.m.โ€ข13 views

Open Redirect in openwhyd/openwhyd

Description This vulnerability was discovered in Here by @mdakh404. However, it is not patched properly and I bypassed with a simple trick. diff r.html = mainTemplate.renderWhydPager; // call the adequate renderer - if r.redirect response.redirectr.redirect; + if r.redirect...

5.8CVSS6.3AI score0.00836EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/05 4:0 a.m.โ€ข9 views

Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/04 9:14 p.m.โ€ข26 views

Cross-site Scripting (XSS) - Stored in elgg/elgg

Analysis Hello guys, how are doing? Hope you're having an awesome day ๐Ÿค— Elgg has a functionality for any authenticated user to report pages to the administrators whenever they think that there's something wrong going on with this page. This functionality has an issue, because in order to create a...

3.5CVSS5.8AI score0.00697EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/04 1:56 p.m.โ€ข11 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description Stored XSS via upload File with format .svg when creating Document. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept PoC.svg var...

0.2AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/03 10:57 p.m.โ€ข12 views

PHP Remote File Inclusion in crater-invoice/crater

Description No mime type restriction on file uploads, allowing an attacker to upload and execute arbitrary PHP code. Proof of Concept Login to the dashboard, preferably using your own localhost install. Go to "Expenses", "Settings Account" or "Settings Company". Upload any PHP file you want. Impa...

4.1AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/12/03 10:41 p.m.โ€ข37 views

None in vim/vim

โœ๏ธ Description When fuzzing vim commit 021ef351c works with latest build and latest commit 04b7b4b per this time of this report v8.2.3728, I discovered a use after free. This crash triggered with only clang 10 and ASan. And I'm testing with clang 13 it doesn't crash so I assume this crash doesn't...

6.8CVSS7.3AI score0.01293EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/03 10:1 p.m.โ€ข14 views

in crater-invoice/crater

Description In recent Crater version ed6268aa tag: 5.0.3 lowest privileged user can upload PHP file instead of avatar. Proof of Concept POST /api/v1/me/upload-avatar HTTP/1.1 Host: 172.17.0.1:8888 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:95.0 Gecko/20100101 Firefox/95.0 Accept: /...

6.5CVSS0.5AI score0.01474EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2021/12/02 9:15 a.m.โ€ข16 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS via upload Photo avatar with format .svg in Account data. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept PoC.svg va...

4.3CVSS0.4AI score0.0085EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2021/12/02 8:49 a.m.โ€ข13 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

4.3CVSS0.7AI score0.00427EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/02 5:58 a.m.โ€ข4 views

in qmpaas/leadshop

Description The vulnerability is in the api/ImageController.php file. When $type is 2, it will enter the logic for uploading video files. However, the function $upload-video that handles video uploads does not detect the file suffix name. This results in arbitrary file uploads. Proof of Concept...

7.2AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/12/02 12:36 a.m.โ€ข100 views

Open Redirect in gnuboard/gnuboard5

Description php ?php includeonce'./common.php'; $g5'title' = "๋กœ๊ทธ์ธ ๊ฒ€์‚ฌ"; $mbid = isset$POST'mbid' ? trim$POST'mbid' : ''; $mbpassword = isset$POST'mbpassword' ? trim$POST'mbpassword' : ''; runevent'memberlogincheckbefore', $mbid; if !$mbid || !$mbpassword alert'ํšŒ์›์•„์ด๋””๋‚˜ ๋น„๋ฐ€๋ฒˆํ˜ธ๊ฐ€ ๊ณต๋ฐฑ์ด๋ฉด ์•ˆ๋ฉ๋‹ˆ๋‹ค.'; $mb =...

6.3AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/11/30 2:34 p.m.โ€ข24 views

Server-Side Request Forgery (SSRF) in dotcms/core

Description Hi team, I found a SSRF that allow me to access the elasticsearch API and get full response from the querys - As can be read in the following link dotCMS uses elastisearch, with this SSRF we can direct access the elastisearch REST API, - In a cloud environment, it can be possible to...

1.1AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/11/30 12:11 p.m.โ€ข15 views

Prototype Pollution in fabiocaccamo/utils.js

Summary I discovered a prototype pollution vulnerability via utils.js method analysis. javascript set: functionobj, path, value var keys = path.split'.'; var key; var cursor = obj; for var i = 0, j = keys.length; i j; i++ key = keysi; if !TypeUtil.isObjectcursorkey cursorkey = ; if i j - 1 cursor...

7.5CVSS0.9AI score0.00843EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2021/11/29 3:25 p.m.โ€ข8 views

Cross-site Scripting (XSS) - Generic in zikula/core

Description In zikula/core cross site scripting vulnerability is present in block module description field Proof of Concept 1. login to the demo account 2. go to blocks https://demo.ziku.la/blocks/admin/view 3. Add payload in title field and save 4 payload = " Impact This vulnerability is capable...

Exploits0
Huntr
Huntr
โ€ขadded 2021/11/29 3:25 p.m.โ€ข12 views

Cross-site Scripting (XSS) - Stored in zikula/core

Description In zikula/core cross site scripting vulnerability is present in block module title field Proof of Concept 1. login to the demo account 2. go to blocks https://demo.ziku.la/blocks/admin/view 3. Add payload in title field and save 4 payload = " Impact This vulnerability is capable of...

6.4AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/11/29 3:7 p.m.โ€ข8 views

Cross-site Scripting (XSS) - Reflected in zikula/core

Description In zikula/core cross site scripting vulnerability in extension list name field. Proof of Concept 1. login to the demo account 2. go to extensions https://demo.ziku.la/extensions/module/modify/3 3. Add payload in displayname field payload " Impact This vulnerability is capable of stole...

0.4AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/11/29 2:7 p.m.โ€ข9 views

None in fcambus/logswan

Description Good morning, I hope you're doing well today. Whilst testing logswan built with Clang12 + ASan on Ubuntu 20.04.3 LTS from commit bcfd41, we discovered a heap-use-after-free situation during a strcmp operation on line 259 of logswan/src/logswan.c. Proof of Concept First... echo...

0.3AI score
Exploits0
Total number of security vulnerabilities4072