Lucene search
K

4072 matches found

Huntr
Huntr
added 2021/11/29 12:50 p.m.7 views

Open Redirect in ikus060/rdiffweb

Description ikus060/rdiffweb is vulnerable to open redirect at login page. Proof of Concept https://rdiffweb-demo.ikus-soft.com/login/?redirect=https://attacker.com after login to the above url it redirect to attacker .com Impact This vulnerability is capable of redirecting to malicious website...

1AI score
Exploits0
Huntr
Huntr
added 2021/11/29 9:49 a.m.19 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description Very low severity CSRF in /comments/thanks/id Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking users to send quick thanks. Can potentially trick users to infringe rate limits and get themselves banned via a repeated CSRF attack if admins choose to set...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/11/29 5:26 a.m.8 views

Cross-site Scripting (XSS) - Stored in krayin/laravel-crm

Description Stored XSS at Name of Tag Detail When rendering grid for Tag, Name value is not filtered before rendering which can trigger XSS Proof of Concept // PoC.req POST /admin/settings/tags/edit/1 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:95.0...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/11/28 3:48 a.m.15 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description coreBOS is vulnerable to Stored XSS via Entity Name in User Preferences. Steps to reproduce 1.After login, click on the avatar icon on the top right corner to go to My Preferences 2.Click Edit button 3.In Last Name field, input payload then click Save button 4.Now you will see that th...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/11/28 2:27 a.m.9 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/11/27 7:15 p.m.15 views

SQL Injection in wbce/wbce_cms

Description Plaintext administrator password recovery vulnerability due to SQL injection in password reset page. admin/login/forgot/index.php lines 33-34: php $sSql = "SELECT FROM TPusers WHERE email = '" . $email . "'"; $rRow = $database-query$sSql; Due to poor email validation attacker can inje...

7.5CVSS0.4AI score0.37824EPSS
Exploits4
Huntr
Huntr
added 2021/11/27 6:36 p.m.18 views

Improper Access Control in bookstackapp/bookstack

Description A user with API access can view any attachment which they do not have read access to because read permissions are not being checked at the API attachments read controller. Proof of Concept 1: From default installation give the "Public" role access to system API 2: Upload attachment...

4CVSS0.8AI score0.00922EPSS
Exploits1
Huntr
Huntr
added 2021/11/27 7:6 a.m.12 views

Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis

Description I found XSS in the file upload function of the message function. Proof of Concept Step 1.First, access the latest version of the demo environment. "Https://www.rosariosis.org/demonstration/index.php" 2.Then log in with your student account. Student: username and password “student“...

4.9CVSS5.7AI score0.00767EPSS
Exploits1References2
Huntr
Huntr
added 2021/11/25 10:58 p.m.28 views

Heap-based Buffer Overflow in allinurl/goaccess

Description Good evening and Happy Turkey Day! We are truly thankful for the Open Source Security community this year. Whilst testing goaccess built from commit 9774249, we discovered a crafted log which can trigger a heap-buffer-overflow during a memcmp operation on line 1525 of /src/parser.c...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/11/25 7:14 a.m.17 views

in combodo/itop

Proof of Concept Bellow request is vulnerable to csrf attack history.pushState'', '', '/' document.forms0.submit;...

7AI score
Exploits0
Huntr
Huntr
added 2021/11/25 7:9 a.m.9 views

in combodo/itop

Proof of Concept Bellow request is vulnerable to csrf attack history.pushState'', '', '/' document.forms0.submit;...

7AI score
Exploits0
Huntr
Huntr
added 2021/11/24 7:17 p.m.9 views

PHP Remote File Inclusion in combodo/itop

Description csrf bug Proof of Concept Bellow request is vulnerable to csrf attack history.pushState'', '', '/' input type="hidden" name="class" v...

7AI score
Exploits0
Huntr
Huntr
added 2021/11/24 7:13 p.m.8 views

in combodo/itop

Description csrf bug Proof of Concept bellow request is vulnerable to csrf attack history.pushState'', '', '/' document.forms0.submit;...

7AI score
Exploits0
Huntr
Huntr
added 2021/11/24 7:6 p.m.11 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description It's possible to inject the script on the field: First Name Which is permanently stored. It'll trigger each time refreshing or copying to the new tab. Proof of Concept POST /index.php HTTP/2 Host: demo.corebos.com Cookie: democoreboscom=2fadf4643e2c92731a5bea4397b2d08b;...

6.6AI score
Exploits0References1
Huntr
Huntr
added 2021/11/24 1:39 p.m.10 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

Description I found Stored XSS in the title of the content. Proof of Concept Step 1.First of all, build the environment with Docker and create an administrator user. 2.Next, create a new "To -DO" from "Project Dashboard" in the left menu. / 3.Next, create an account for the role of "Team Member"...

6.4AI score
Exploits0References1
Huntr
Huntr
added 2021/11/23 10:16 p.m.38 views

Heap-based Buffer Overflow in vim/vim

✍️ Description When fuzzing vim commit 3c19b5050 works with latest build and latest commit 65259b5c6 per this time of this report v8.2.3635 with clang 12 and ASan, I discovered a heap buffer overflow. Proof of Concept Here is the poc download link bash...

6.8CVSS7.3AI score0.01792EPSS
Exploits1
Huntr
Huntr
added 2021/11/23 12:59 p.m.17 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Description CSRF in switching transactions link Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking users to switch transaction links...

4.3CVSS1.4AI score0.00429EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/23 11:55 a.m.11 views

Cross-Site Request Forgery (CSRF) in zmister2016/mrdoc

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

Exploits0
Huntr
Huntr
added 2021/11/23 11:17 a.m.7 views

Cross-Site Request Forgery (CSRF) in kunstmaan/kunstmaanbundlescms

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/11/23 9:11 a.m.15 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Description CSRF to disable 2FA Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking users to disable 2FA...

4.3CVSS0.9AI score0.00429EPSS
Exploits1
Huntr
Huntr
added 2021/11/23 3:46 a.m.49 views

Heap-based Buffer Overflow in allinurl/goaccess

Description Good evening, I hope you're doing well during these challenging times. During recent research, we discovered a heap-buffer-overflow vulnerability impacting countinvalid on line 555 of src/gstorage.c. It appears that this is caused by an excessive number of invalid log strings combined...

Exploits0
Huntr
Huntr
added 2021/11/22 6:28 p.m.20 views

Cross-site Scripting (XSS) - Stored in meetecho/janus-gateway

Description an user can enter a text room in janus gateway with a malicious name that contains a xss payload and could poison other users on the room Proof of Concept just go to https://janus.conf.meetecho.com/textroomtest.html this is provided by github repo as a demo then enter in the name POC...

3.5CVSS5.7AI score0.00818EPSS
Exploits1
Huntr
Huntr
added 2021/11/21 1:32 p.m.23 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept // PoC.js Steps to reproduce : 1-- Go over settings -- Data Objects -- Objectbricks. 2-- Click Add or Edit a previous one . 3-...

4.3CVSS6.2AI score0.0156EPSS
Exploits1
Huntr
Huntr
added 2021/11/21 1:18 p.m.18 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

Description You set the strict flag only for one of your cookies named cookietoken but in Team management attacker still can delete or add teams with CSRF vulnerability as the cookie with name PHPSESSID don't have strict flag. Proof of Concept 1.replace 38046 with the team id 2.open poc.html and...

4.3CVSS1.3AI score0.00505EPSS
Exploits1
Huntr
Huntr
added 2021/11/21 6:42 a.m.18 views

Cross-site Scripting (XSS) - Stored in snipe/snipe-it

Description Cross site scripting vulnerability in checkout page in notes field Proof of Concept 1.Login to the demo page. 2. Go to accessories , select any product and add payload in the checkout notes 3. click save and open the product xss will trigger payload = " Impact This vulnerability is...

3.5CVSS1AI score0.00635EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/21 3:44 a.m.19 views

Cross-Site Request Forgery (CSRF) in star7th/showdoc

Description An attacker is able to create a new group for any item if users visit the attacker's website. Furthermore, the user-id "uid" is also exposed via the JSON response. We can bypass the CSRF Protection if we put our payload on an iframe or an HTML file and then send them to the victim...

6.8CVSS0.6AI score0.00596EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/21 3:17 a.m.6 views

Open Redirect in collectiveaccess/providence

Description I found a new way to bypass the Open Redirect with the "redirect" parameter on the login page. Vulnerable parameter redirect Payload https://demo.collectiveaccess.org.example.com Proof of Concept Send users the following login link...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/11/21 12:27 a.m.9 views

Cross-Site Request Forgery (CSRF) in bytefury/crater

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

6.8AI score
Exploits0
Huntr
Huntr
added 2021/11/20 1:39 p.m.15 views

Open Redirect in star7th/showdoc

Description I found a new way to exploit Open Redirect at the "redirect" parameter on the login page by using the Chinese dot %E3%80%82 to bypass the dot . filter. Vulnerable parameter redirect Payload /%09/google%E3%80%82com Proof of Concept Send users the following login link...

5.8CVSS0.3AI score0.00822EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/20 12:39 p.m.42 views

Cross-site Scripting (XSS) - Stored in kunstmaan/kunstmaanbundlescms

Description In kunstmaan / kunstmaanbundlescms, menu form slug field is vulnerable to cross site scripting Proof of Concept 1. login to demo page 2. go to pages, open any page 3. go to menu , in slug feild place the payload and save, it will trigger. payload : " Impact This vulnerability is capab...

1AI score
Exploits0References1
Huntr
Huntr
added 2021/11/20 11:15 a.m.12 views

Cross-site Scripting (XSS) - Reflected in kunstmaan/kunstmaanbundlescms

Description In kunstmaan / kunstmaanbundlescms ,extra metadata in seo form is vulnerable to reflected cross site scripting. Proof of Concept 1. login to the demo account 2. go to pages --select any page to edit -- go to SEO --- 3. Add payload to extra meta data and click save and see the preview ...

1AI score
Exploits0
Huntr
Huntr
added 2021/11/20 6:56 a.m.15 views

Improper Access Control in kevinpapst/kimai2

Description Authenticated users can preview invoices which they do not have read access to Proof of Concept To demonstrate this vulnerability, we will use tonyteamlead on the demo site. 1: Login as tonyteamlead. 2: Go to Invoices page, see that there is no Haley-Jaskolski invoice document present...

4CVSS2.8AI score0.01031EPSS
Exploits1
Huntr
Huntr
added 2021/11/20 5:53 a.m.16 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

CSRF Set 1 modify invoice status Medium severity Description CSRF in saving invoices / modifying status of invoices pending and cancel only Proof of Concept The following state-changing endpoints are vulnerable to CSRF GET...

4.3CVSS3.5AI score0.00505EPSS
Exploits1
Huntr
Huntr
added 2021/11/19 8:53 p.m.15 views

Improper Authorization in dolibarr/dolibarr

Description I found an IDOR in Dolibarr In preview2.dolibarr.org login with demo:demo then open Agenda section first, I Change all permissions of demo user in Reception to None second, I can't see the Receptions List in Products at all But I am able to see following Reception...

1.5AI score0.00309EPSS
Exploits0
Huntr
Huntr
added 2021/11/19 4:20 p.m.12 views

in chatwoot/chatwoot

I'll explain it briefly: A contact is created with the email address "[email protected]" and we are writing about sensitive information. userIdentifer is required to be validated with hmac. Now a human, on the other side of the world, comes into the chat and is asked by the bot for his email...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/11/19 8:54 a.m.7 views

Open Redirect in collectiveaccess/providence

Description I find a way to bypass the Open Redirect at the login page with the "redirect" parameter. Vulnerable parameter redirect Payload https://[email protected] Proof of Concept Send users the following login link...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/11/19 3:45 a.m.19 views

CRLF Injection in phpservermon/phpservermon

Description misconfig of nginx lead to crlf injection In nginx, $uri is url decoded, which will decode %0d%0a to CRLF. code: return 301 http://$uri; Proof of Concept A request to: http://www.test.com/%0d%0afakeheader:123%0d%0a%0d%0afakecontent Impact CRLF Injection allows an attacker to inject...

5.8CVSS0.8AI score0.00843EPSS
Exploits1
Huntr
Huntr
added 2021/11/19 2:14 a.m.12 views

Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk

Description Stored XSS via Markdown at Description or Comment of Ticket Detail When rendering to Markdown, the application does not filter and check the properties are valid, so when the user enters XSS it will render as XSS . Proof of Concept // PoC.req POST /tickets/submit/ HTTP/1.1 Host:...

6.8CVSS0.01354EPSS
Exploits1
Huntr
Huntr
added 2021/11/18 5:49 p.m.34 views

Heap-based Buffer Overflow in vim/vim

Description Greetings, A Heap-based Buffer Overflow issue was discovered in Vim. The POC file is reduced to the absolute minimum to reproduce the problem. Please see sanitizer output and the "trimmed" POC file link below. System info OS version : Ubuntu 20.04.2 LTS + Clang 12 with ASan Vim Versio...

6.8CVSS7.8AI score0.01461EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/18 3:49 p.m.18 views

in star7th/showdoc

Description Logged in by LDAP will lead to a weak-password initialization, php isExist$username ; if!$userInfo D"User"-register$ldapuser,$ldapuser.time; //【register with a weak password, such as : tom/tom1637248826】 $rs2=ldapbind$ldapconn, $dn , $password;//【when the LDAP password is WRONG,no...

4.3CVSS0.3AI score0.00863EPSS
Exploits1References2
Huntr
Huntr
added 2021/11/18 2:59 p.m.10 views

Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2

Description Cross site scripting vulnerability in name field on customer edit form Proof of Concept place this payload in customer name field and save " Impact This vulnerability is capable of stolen the user session...

4.3CVSS0.8AI score0.00764EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/18 2:44 p.m.16 views

in elgg/elgg

Hello Elgg Team, hope you are having an awesome day : Just found an issue on the latest version of Elgg, and apparently the previous versions also have the same flaw. Description There is this endpoint, which is: http://elgg-example-here.com/ajax/form/admin/user/changeemail This endpoint is...

5CVSS6.5AI score0.01547EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/18 6:29 a.m.11 views

in tsolucio/corebos

Description There's no bound limit to the number of characters/special characters in "Add Module - Window Title" Add window -- Modules. javascript:chooseType'Module';fnRemoveWindow;setFilterdocument.getElementById'selmoduleid' Steps to reproduce Step 1. Goto -...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/11/17 5:55 p.m.16 views

Cross-site Scripting (XSS) - Stored in invoiceninja/invoiceninja

Description In recent InvoiceNinja version 9d7145c in /documents it is possible to store svg file with html/js content, which later can be used to phish other users Proof of Concept POST /documents HTTP/1.1 Host: 172.17.0.1:8888 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:95.0 Gecko/20100101...

3.5CVSS5.4AI score0.00592EPSS
Exploits1
Huntr
Huntr
added 2021/11/17 6:37 a.m.16 views

Improper Authorization in hdinnovations/unit3d-community-edition

Description 2FA bypass in in chat functions. The "twostep" middleware is not implemented under the vue.php routing. Proof of Concept 1: Login into account with 2FA. Do not complete the 2FA process. 2: See all chat messages at https://UNIT3D-URL/api/chat/messages/1 3: If the CSRF token does not...

0.9AI score0.05701EPSS
Exploits0References1
Huntr
Huntr
added 2021/11/16 8:17 p.m.8 views

in janeczku/calibre-web

Description A user with no permissions about public shelves can edit his own private shelf making it public. This vulnerability is called Mass Assignment. Proof of Concept The file shelf.py at line 247 sets as public every shelf to be edited, so if the user injects the parameter ispublic=on in th...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/11/16 4:31 p.m.15 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF to delete chat messages POC CLICK ME! Impact This vulnerability is capable of tricking users to delete messages. This is probably the last state-changing endpoint in your application which is unprotected from CSRF...

2.7AI score
Exploits0
Huntr
Huntr
added 2021/11/16 11:35 a.m.20 views

Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2

Description Stored XSS via Markdown at the comment in Project Proof of Concept // PoC.req POST /kimai2/public/en/admin/project/3/commentadd HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:95.0 Gecko/20100101 Firefox/95.0 Accept:...

6CVSS0.7AI score0.01216EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/16 10:26 a.m.19 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

Description CSRF related to duplicate action. the duplication occurs first before redirecting to edit form Proof of Concept GET /en/admin/teams/id/duplicate GET /en/admin/project/id/duplicate Impact This vulnerability is capable of tricking admin users to duplicate teams Note This is probably all...

4.3CVSS2.3AI score0.00386EPSS
Exploits1
Huntr
Huntr
added 2021/11/16 3:57 a.m.15 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF related to Torrents section. 6 actions recorded 1: /id/torrentfl 2: /id/torrentdoubleup 3: /id/bumpTorrent 4: /id/torrentsticky 5: /id/reseed 6: /id/freeleechtoken Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking admin users to reseed / use freeleech...

0.2AI score
Exploits0
Total number of security vulnerabilities4072