Lucene search
K

4072 matches found

Huntr
Huntr
added 2021/11/15 6:30 p.m.13 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description More CSRFs, related to warnings feature this time 1: /warnings/id/deactivate 2: /warnings/username/mass-deactivate 3: /warnings/id/restore Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking users to deactivate / restore warnings...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/11/15 2:59 p.m.9 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description More unprotected CSRF endpoints that allows for state-changing operations. 1: GET /dashboard/moderation/1/approve 2: GET /requests/1/accept 3: GET /requests/1/reject 4: GET /requests/1/unclaim 5: GET /requests/1/reset Proof of Concept CLICK ME! Impact This vulnerability is capable of...

2AI score
Exploits0
Huntr
Huntr
added 2021/11/15 1:32 p.m.19 views

Open Redirect in star7th/showdoc

Description Open Redirect at login page due to unchecked "redirect" parameter. Vulnerable parameter redirect Payload /%09/google.com Proof of Concept Send users the following login link https://www.showdoc.com.cn/user/login?redirect=/%09/google.com After users use their registered account to logi...

5.8CVSS0.5AI score0.00761EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/15 7:43 a.m.13 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

Description CSRF in deleting invoice templates Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking admin user to delete invoice templates...

4.3CVSS0.9AI score0.00382EPSS
Exploits1
Huntr
Huntr
added 2021/11/15 6:18 a.m.11 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF to FlushOwnGhostPeers Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking users to perform unintended actions...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/11/15 5:47 a.m.14 views

in jitsi/jicofo

Description misconfigurations of nginx lead to a path traversal vulnerability. Proof of Concept according to https://github.com/jitsi/jicofo/blob/master/doc/shibboleth.md?plain=1L251 a request to /shibboleth-sp../ can get any file under /usr/share Impact An attacker can access files on the web...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/11/15 5:47 a.m.26 views

Cross-Site Request Forgery (CSRF) in pterodactyl/panel

Description Following state-changing endpoints are vulnerable to CSRF: 1: GET /admin/nodes/view/1/settings/token auto-generates token when token not generated yet 2: GET /admin/settings/mail/test The X-CSRF-Token header for the API request is not validated on backend, should be a POST request to...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/11/15 2:53 a.m.14 views

Path Traversal in welliamcao/opsmanage

漏洞 README.md文件中的nginx配置存在安全漏洞,导致恶意攻击者可以任意读取项目中的文件。 POC 对于github上的demo地址,一种可行的攻击方式为: http://42.194.214.22:8000/static../ 可以看到读取到整个项目的文件。如果用户对该项目进行过二开,并在init.sql,conf/中写入了一些敏感信息,可能造成较大危害 影响 攻击者可以读取项目目录下任意文件...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/11/15 2:49 a.m.15 views

Improper Access Control in janeczku/calibre-web

Description Although a user has no permissions about public shelves, he can create them. Proof of Concept The method createshelf at shelf.py does not check if the user has public shelf permissions for create it. @shelf.route"/shelf/create", methods="GET", "POST" @loginrequired def createshelf:...

0.3AI score0.00334EPSS
Exploits1
Huntr
Huntr
added 2021/11/15 2:3 a.m.16 views

Cross-site Scripting (XSS) - DOM in janeczku/calibre-web

Description It is possible to execute XSS payloads when editing book properties, such as uploading a cover or a format. Proof of Concept The file editbooks.js contains the following code: $"btn-upload-cover".on"change", function var filename = $this.val; if filename.substring3, 11 === "fakepath"...

1.5AI score0.00356EPSS
Exploits1
Huntr
Huntr
added 2021/11/15 1:20 a.m.45 views

in janeczku/calibre-web

Description A user can see the name of private shelves from other users when trying to remove a book of those shelves. Proof of Concept The file shelf.py in its line 221 exposes the name of the shelf when the user tries to remove a book from a shelf which is not his. log.warning"You are not allow...

1AI score0.00358EPSS
Exploits1
Huntr
Huntr
added 2021/11/13 7:8 p.m.11 views

SQL Injection in cacti/cacti

Description SQL Injection vulnerability occurs because the input taken from parameters is not sanitized for SQL Injection statement in useradmin.php useradmin.php:84 updatepolicies function contains sql injection vulnerability getnfilterrequestvar function takes get/post parameter without...

3.8AI score
Exploits0
Huntr
Huntr
added 2021/11/13 2:2 p.m.13 views

SQL Injection in glpi-project/glpi

Description A user with only the following rights on a sub-entity: - Setup General setup Read + Update - Administration Entity Read + Update is authorized to update "UI options" field from "UI customization" tab of an entity's configuration. This customization option is not correctly escaped,...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/11/12 9:47 p.m.37 views

Heap-based Buffer Overflow in vim/vim

Description Greetings, A Heap-based Buffer Overflow issue was discovered in Vim. The POC file is reduced to the absolute minimum to reproduce the problem. Please see sanitizer output and the "trimmed" POC file link below. System info OS version : Ubuntu 20.04.2 LTS + Clang 12 with ASan Vim Versio...

9.3CVSS7.5AI score0.01669EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/12 1:20 a.m.22 views

in elgg/elgg

Hello there! Hope you're having an awesome day :D Actually, it's been a few months since I found this bug, but I had no success in trying to contact you guys, and now I discovered that you're on Huntr. So now I'm sending my report from here : Summary During this week, I was participating at a bug...

4.3CVSS4.9AI score0.00779EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/11 2:18 p.m.24 views

Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk

Description Stored XSS via upload 'Attachments' with format .svg or .html Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept // PoC.svg...

3.5CVSS0.9AI score0.00778EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/11 8:8 a.m.19 views

Cross-site Scripting (XSS) - Stored in snipe/snipe-it

Description Multiple Stored XSS at 'snipeitram3' and 'snipeitcpu4' in the multipart message of POST request when creating a new Asset or editing an existed Asset. Proof of Concept POST /hardware HTTP/1.1 Host: develop.snipeitapp.com Connection: close Content-Length: 2560 Cache-Control: max-age=0...

3.5CVSS5.6AI score0.00731EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/10 7:47 p.m.12 views

in cortezaproject/corteza-server

Description Hey, when I attempt to change the password after creating an account I noticed that you haven't kept any password boundary. You need to limit password length. Hashing a large amount of data can cause significant resource consumption on behalf of the server and would be an easy target...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2021/11/10 9:2 a.m.29 views

Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack

Description Login CSRF via /register/confirm/token endpoint. Proof of Concept 1: Register account with the same username as our victim, an email confirmation will take place 2: Retrieve token from email. 3: Send a link http://BOOKSTACKAPPURL/register/confirm/token to user. 4: When the user clicks...

4CVSS0.1AI score0.00621EPSS
Exploits1
Huntr
Huntr
added 2021/11/10 4:0 a.m.11 views

Cross-site Scripting (XSS) - Stored in eventum/eventum

Description Multiple Stored XSS in Administration at eventum 3.10.8 Proof of Concept // PoC.payload " Step to Reproduct Goto Administration Areas and choose to feature below Manage News Input payload into fieldTitle Manage Status Input payload into fieldTitle Manage Projects Input payload into...

6AI score
Exploits0References1
Huntr
Huntr
added 2021/11/09 12:53 p.m.11 views

Cross-Site Request Forgery (CSRF) in code16/sharp

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

6.7AI score
Exploits0
Huntr
Huntr
added 2021/11/08 7:29 p.m.17 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

Description cross site request forgery vulnerability is present in delete functionality of doctor feature. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of delete the existing logs...

4.3CVSS2.1AI score0.00371EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/08 5:40 p.m.10 views

SQL Injection in galette/galette

Description Hi, I could find a SQL Injection when adding a user. From OWASP : A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify...

1.6AI score
Exploits0References1
Huntr
Huntr
added 2021/11/08 1:16 p.m.14 views

Cross-site Scripting (XSS) - Stored in patrowl/patrowlmanager

Description PatrOwl is vulnerable to stored XSS. Proof of Concept Impact This vulnerability permit to an authenticate user to execute JavaScript on other users Web Browser...

3AI score
Exploits0References1
Huntr
Huntr
added 2021/11/08 10:34 a.m.8 views

in cortezaproject/corteza-server

Description There's no bound limit to the number of "characters/special characters" in the name field of the user. Vulnerable Field: Full Name By sending a very long string it’s possible to cause a denial a service attack on the server. This may lead to the website becoming unavailable or...

Exploits0
Huntr
Huntr
added 2021/11/08 5:4 a.m.8 views

Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/11/07 7:27 p.m.21 views

in v2fly/v2ray-core

Description Good afternoon. While looking at your code, we discovered an off-by-one index comparison against length may lead to out-of-bounds read flaw in your v2ray-core repository. Indexing operations on arrays, slices or strings should use an index at most one less than the length. If the inde...

6.4CVSS1.2AI score0.00844EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/07 6:51 p.m.10 views

Cross-site Scripting (XSS) - Stored in galette/galette

Description Hi, By reviewing your project I've found multiples stored cross-site scripting. From OWASP : Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/11/07 6:32 p.m.35 views

Heap-based Buffer Overflow in vim/vim

Description Team, trust you are doing well. As part of continues fuzzing VIM v8.2.3582 15d9890eee53afc61eb0a03b878a19cb5672f732 in persistence mode, I found a heap use-after-free mlappendint. Proof of Concept Affected version: v8.2.3582 Tested on: Linux s157903 4.15.0-106-generic 107-Ubuntu SMP T...

8.5CVSS8AI score0.02075EPSS
Exploits1
Huntr
Huntr
added 2021/11/07 6:27 p.m.9 views

Cross-Site Request Forgery (CSRF) in galette/galette

Description Hello, Looking at the Galette application, I could observe that it is not protected against CSRF Cross-Site Request Forgery From OWASP : Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2021/11/07 11:37 a.m.6 views

Cross-Site Request Forgery (CSRF) in baijunyao/laravel-bjyblog

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/11/06 8:39 p.m.12 views

Code Injection in tsolucio/corebos

Description The user can control a point and infuse arbitrary HTML code into a vulnerable web page. This vulnerability can have numerous results, like disclosure of a user’s session treats that might be utilized to impersonate the victim, or, more generally, it can permit the aggressor to alter t...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/11/06 4:14 p.m.13 views

Cross-Site Request Forgery (CSRF) in snipe/snipe-it

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/11/05 4:49 a.m.21 views

Cross-site Scripting (XSS) - Generic in snipe/snipe-it

Description XSS in bulk audit function via the asset tag parameter Proof of Concept 1: Go to http:///hardware/bulkaudit feature 2: Use alertdocument.domain as "Asset Tag" parameter 3: Click "Audit", the XSS should be triggered via the message Asset Tag ASSETTAG not found. Impact This vulnerabilit...

3.5CVSS0.3AI score0.00521EPSS
Exploits1
Huntr
Huntr
added 2021/11/04 2:1 p.m.17 views

Cross-Site Request Forgery (CSRF) in snipe/snipe-it

Description CSRF in custom field settings Proof of Concept /fields/1/fieldset/1/disassociate" /fields/required/3/3" /fields/optional/3/3" Impact This vulnerability is capable of trick admin user to modify custom forms...

4.3CVSS0.4AI score0.00429EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/03 7:36 p.m.12 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept Step to Reproduce: 1 Go to http://demo.corebos.com/index.php?module=Users&action=DetailView&record=1&modechk=prefview 2 add the...

6.2AI score
Exploits0
Huntr
Huntr
added 2021/11/03 5:51 p.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in getgrav/grav

✍️ Description The secure flag is not set for session cookies in the application. 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an...

0.2AI score0.01624EPSS
Exploits0References1
Huntr
Huntr
added 2021/11/03 3:59 p.m.11 views

Heap-based Buffer Overflow in zyantific/zydis

As discussed in the report at https://www.huntr.dev/bounties/96b0a482-7041-45b1-9327-c6a4a8f32d3a/, I am re-opening the report here for proper tracking. Description Hello, we hope you're doing well during these challenging times. Whilst testing zydis built from commit 077b185 with Clang12 + ASan ...

7.5AI score
Exploits0References1
Huntr
Huntr
added 2021/11/03 7:33 a.m.20 views

Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk

Description Stored XSS via parameter title when create new ticket Details At the table tickets in admin, when rendering data for column Ticket it allows for arbitrary execution of JavaScript Vulnerability code data: "ticket", render: function data, type, row, meta if type === 'display' data = '' ...

4.3CVSS0.4AI score0.0098EPSS
Exploits1References1
Huntr
Huntr
added 2021/11/02 2:6 a.m.40 views

OS Command Injection in ohmyzsh/ohmyzsh

Description In Oh My Zsh, there is a function called omzurldecode, which is used to decode URLs. Since this function is using eval with user inputs without any sanitization, it's possible to inject arbitrary commands into the eval context, which allows an attacker to achieve the command injection...

5.1CVSS0.4AI score0.00598EPSS
Exploits0
Huntr
Huntr
added 2021/11/01 1:56 p.m.21 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET/ANY. To expand: One way GET/ANY could be...

4.3CVSS0.4AI score0.00429EPSS
Exploits1
Huntr
Huntr
added 2021/11/01 8:44 a.m.10 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

Description Stored XSS via filename when upload file Proof of Concept // PoC.req POST /leantime/public//projects/showProject/3 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101 Firefox/94.0 Accept:...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/11/01 7:37 a.m.15 views

in sebastienheyd/boilerplate-media-manager

Description RCE via 'Rename Media' after upload media on boilerplate-media-manager 7.1.3 Proof of Concept // PoC.req upload media POST /admin/medias/ajax/upload HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101 Firefox/94.0 Accept:...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/11/01 7:17 a.m.6 views

Heap-based Buffer Overflow in hoene/libmysofa

Description The variable st-filtlen in the function speexresamplerresetmem is not checked to see if it is 0 before it is used, and after subtracting one, it becomes 0xffffffff, causing heap overflow Proof of Concept src/mysofa2json -c poc ==30201==ERROR: AddressSanitizer: heap-buffer-overflow on...

7.1AI score
Exploits0
Huntr
Huntr
added 2021/10/31 8:46 p.m.14 views

Cross-site Scripting (XSS) - Reflected in tsolucio/corebos

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept. // PoC.js Link --...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/10/31 6:11 p.m.12 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description Hey corebos team, in the meanwhile I find another low level CSRF. attacker can activate/deactivate a Task of workflow with CSRF attack. Proof of Concept // PoC.html history.pushState'', '', '/'...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/10/31 3:41 p.m.23 views

PHP Remote File Inclusion in tsolucio/corebos

Description An attacker can use Local File Inclusion LFI to trick the web application into exposing or running files on the web server. An LFI attack may lead to information disclosure, remote code execution, or even Cross-site Scripting XSS. Proof of Concept // PoC.js Link --...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/10/30 10:52 p.m.27 views

SQL Injection in forkcms/forkcms

Description When deleting submissions which belong to a formular made with module FormBuilder, the parameter id is vulnerable for SQL injection. Proof of Concept - Call the URL...

4.3CVSS0.4AI score0.01111EPSS
Exploits1
Huntr
Huntr
added 2021/10/30 8:26 p.m.17 views

Path Traversal in bookstackapp/bookstack

Description During reading recent BookStack source code 85dc8d I discovered path traversal vulnerability. Authenticated user can have access to all files stored in storage directory. Proof of Concept GET /uploads/images/..%2f/..%2f/logs/laravel.log HTTP/1.1 Host: 172.17.0.1:8888 User-Agent:...

4CVSS1.2AI score0.01202EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/29 3:45 p.m.12 views

Business Logic Errors in pimcore/demo

Description There is no check over the number of items that a user can add to the cart. Adding a huge amount of items when updating the cart, causes the server to fail returning a 500 Internal Server Error. Proof of Concept Below POST request causes the server to fail adding 900000000 items of th...

7.1AI score
Exploits0References1
Total number of security vulnerabilities4072