Lucene search
K

4072 matches found

Huntr
Huntr
added 2021/10/18 2:14 p.m.8 views

in appendium/flatpack

Description The flatpack vulnerable to XML External Entity XXE. An attacker that is able to provide a crafted XML file as input to the parse function in the MapParser.java file may allow an attacker to execute XML External Entities XXE. Proof of Concept import java.io.File; import...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/10/18 12:19 p.m.10 views

Heap-based Buffer Overflow in hoene/libmysofa

Description system : ubuntu 20.04 build command cd libmysofa mkdir build cd build CC=clang CXX=clang++ CFLAGS="-fsanitize=address -g" CXXFLAGS="-fsanitize=address -g" cmake ../ make all Proof of Concept https://drive.google.com/file/d/1JbQAECcj5-SDRZVUsRWiaBgJQZ0nMiK/view?usp=sharing repro...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/10/18 11:50 a.m.6 views

Session Fixation in tsolucio/corebos

Description I created a user with username test then I log in with test in the same time on another session I delete the user test as an admin. but the user test that already logged in before that admin delete it is able to do anything that he could do before. you should kick out the users after...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/10/18 11:38 a.m.8 views

in tsolucio/corebos

Description Just like last report of mine there is another improper privilege management that test user can see other users special workflow contents like Tasks just go to this link that belong to admin from another users account...

2.7AI score
Exploits0
Huntr
Huntr
added 2021/10/18 11:25 a.m.7 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description There is one more low level CSRF : make on/off a task of workflow history.pushState'', '', '/' document.forms0.submit;...

2.7AI score
Exploits0
Huntr
Huntr
added 2021/10/18 11:16 a.m.23 views

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description Hey Corebos team An attacker able to delete a workFlow as there isn't exist any CSRF token for it. //PoC.html history.pushState'', '', '/' document.forms0.submit; after that you open the PoC.html file the workflow with id equal to 27 will be deleted...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/10/18 10:51 a.m.9 views

Cross-site Scripting (XSS) - Reflected in tsolucio/corebos

Description Reflected XSS via upload of malicious SVG file. Proof of Concep 1: Upload SVG file via /corebos/index.php?module=Documents&action=DetailView&viewname=0&start=&record=8460& alertdocument.location; 2: Trigger the reflected XSS by visiting the malicious SVG file stored in the storage...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/10/18 6:50 a.m.8 views

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description Have reviewed your fix for double URL encoding here: https://github.com/Admidio/admidio/commit/6b3820a574dc5f52243fbaafdb7089560c99d949 But it can easily be bypassed by triple URL encoding. Note: apparently after applying the above fix from Github on the machine, I cannot use the...

6.4AI score
Exploits0
Huntr
Huntr
added 2021/10/18 5:18 a.m.7 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in tsolucio/corebos

Description Session cookie is not marked with 'Secure' Proof of Concept Login to demo page http://demo.corebos.com/index.php?action=index&module=Home Open Firefox developer option - storage - check secure option...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/10/18 4:56 a.m.12 views

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description Possible to perform reflected XSS by using double URL encoding when retrieving files Proof of Concept Trigger XSS via...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/10/17 11:48 p.m.8 views

Open Redirect in forkcms/forkcms

Description When a user, who has access to admin page and who is not logged in, opens a page like http://forkcms.site/private/de/authentication?querystring=//google.de/ and the user enters their credentials, the user is redirected to https://google.de. When a user, who has access to admin page an...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2021/10/17 8:59 p.m.9 views

Cross-site Scripting (XSS) - Stored in opensourcepos/opensourcepos

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept // PoC.js 1-- Just got https://demo.opensourcepos.org/messages 2-- send a payload on number phone field . 3-- you will get an...

6.3AI score
Exploits0
Huntr
Huntr
added 2021/10/17 6:55 p.m.14 views

Cross-Site Request Forgery (CSRF) in kunstmaan/kunstmaanbundlescms

Description There is exist multiple high impact CSRF that attacker can delete many part of applications contents. I provide the full list of CSRFs vulnerable endpoints for you. because the number of endpoints are too many I don't put the PoC.html of all of the vulnerable endpoints...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/10/17 4:35 p.m.37 views

in chatwoot/chatwoot

Description chatwoot failed to validate the original email when a user changing his/her email address in Profile Setting, An attacker may use the mechanism to forge arbitrary email(especially in trusted domain) Proof of Concept my original email is:[email protected], and I had confirmed it b...

2AI score
Exploits0
Huntr
Huntr
added 2021/10/17 2:18 p.m.4 views

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description Am still able to reproduce the SVG-XSS vulnerability here https://huntr.dev/bounties/96221dff-0d40-4326-9a9e-f66608307980/ on my local system just downloaded the latest release on the website. Think you may have accidentally included SVG files into the whitelist. Proof of Concept POST...

5.9AI score
Exploits0
Huntr
Huntr
added 2021/10/17 12:57 p.m.15 views

Session Fixation in admidio/admidio

Description admin create a membermember role user named B then B log in to the Admidio after that user B already logged into the Admidio, Admin decide to delete all Roles of user B but user B can do anything that he/she can do before...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/10/17 11:22 a.m.12 views

in microweber/microweber

Description For comments when the captcha is enable, the attacker can send many spam comments only with first correct captcha code, this means attacker only one time enter the captcha and then can use it for many many times and make damage on availability of system...

2.5AI score
Exploits0
Huntr
Huntr
added 2021/10/17 10:57 a.m.4 views

in microweber/microweber

Description I create a coupon only for one user and also is one-time use coupon. then create two user and both of them can use the coupon but only one of them should able to use the coupon...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/10/17 10:25 a.m.7 views

Session Fixation in microweber/microweber

Description If a usernot admin already logged in the system and then admin inactivated the user, user remain active until he/she logged into the system...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/10/17 7:20 a.m.7 views

in mruby/mruby

Description SEGV on mrbarypush Proof of Concept 1.times 0 0,o:0 = and 0 Result /asan/mruby/bin/mruby crash.rb AddressSanitizer:DEADLYSIGNAL ================================================================= ==68494==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000011 pc 0x560ae5baa377 ...

2.2AI score
Exploits0
Huntr
Huntr
added 2021/10/17 1:8 a.m.12 views

Cross-site Scripting (XSS) - Stored in openwhyd/openwhyd

Overview The openwhyd open-source application and openwhyd.org are vulnerable to a stored cross-site scripting vulnerability via user profiles. Malicious users can inject arbitrary javascript into the username setting on their profiles which, when visited by external users, would execute javascri...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/10/16 7:53 p.m.12 views

in admidio/admidio

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes Impact it is...

1.5AI score
Exploits0References1
Huntr
Huntr
added 2021/10/16 7:19 p.m.13 views

in zmister2016/mrdoc

description Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in Mrdoc allows an attacker to reset arbitrary user‘s password 1、/admin/sendemailvcode/,check email & generate email & send mail def sendemailvcoderequest: if request.method == 'POST': email = request.POST.get'email',No...

Exploits0References2
Huntr
Huntr
added 2021/10/16 6:40 p.m.7 views

Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

✍️ Description The persistent or stored XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular...

4.6AI score
Exploits0
Huntr
Huntr
added 2021/10/16 6:16 p.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq

✍️ Description The secure flag is not set for session cookie in the application. Proof of Concept Check this for POC: Image Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/10/16 6:15 p.m.16 views

in zmister2016/mrdoc

Description When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication. Proof of Concept https://github.com/zmister2016/MrDoc/blob/master/appadmin/views.pyL985 普通用户修改密码 @loginrequired @logger.catch def...

6.3AI score
Exploits0References1
Huntr
Huntr
added 2021/10/16 5:36 p.m.10 views

in zmister2016/mrdoc

Description ● Arbitrary file upload at /uploaddocimg/ ● An attacker could abuse this vuln ○ For a html , could do phishing ○ For a py, may lead to Remote Code Execution(by overwrting the existing Django py files, not proved yet) Proof of Concept Arbitrary file upload, HTML for instance POST...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2021/10/16 5:2 p.m.11 views

Server-Side Request Forgery (SSRF) in zmister2016/mrdoc

Description ● SSRF in /uploaddocimg/, an attacker could abuse url to visit any intranet in the envioronment of MrDoc server, casuing breaking the border of network. ● Depending on the different env, it could leak sensitive meta-data,according to...

0.1AI score
Exploits0References2
Huntr
Huntr
added 2021/10/16 3:16 p.m.7 views

in mruby/mruby

Description Please enter a description of the vulnerability. Proof of Concept super super Result /asan/mruby/bin/mruby /crash.rb AddressSanitizer:DEADLYSIGNAL ================================================================= ==18265==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/10/16 1:20 p.m.11 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

Description More CSRF endpoints in delete webhooks Proof of Concept /index.php?route=/panel/core/hooks/&action=delete&id=2 Impact This vulnerability is capable of tricking admin users to deleting webhooks...

2.5AI score
Exploits0
Huntr
Huntr
added 2021/10/16 1:12 p.m.14 views

Inefficient Regular Expression Complexity in stylelint/stylelint

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in stylelint. It allows causing a denial of service when calling function isKeyframeSelector. Proof of Concept // PoC.js var isKeyframeSelector = require"stylelint/lib/utils/isKeyframeSelector" forvar i ...

2.9AI score
Exploits0
Huntr
Huntr
added 2021/10/16 1:12 p.m.11 views

in robotichead/nearbeach

Description Sensitive data on the application can be exposed after the user logout Proof of Concept 1 Login to the application https://demo.nearbeach.app/ 2 Goto page like My Account , or Any other page 3 Click logout 4 Click browser back button Impact When a user logs out without closing the...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2021/10/16 10:51 a.m.12 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

Description kevinpapst / kimai delete functionality is vulnerable to Cross site request forgery csrf attack Proof of Concept // PoC.js 1. login to admin account https://www.kimai.org/demo/ 2. goto invoice -- go down to preview invoices -- click save all it will redirect to this page -...

1.3AI score
Exploits0References1
Huntr
Huntr
added 2021/10/16 6:12 a.m.15 views

Cross-Site Request Forgery (CSRF) in pkp/ojs

Description No CSRF token in DataCite save settings plugin OJS only POC document.forms0.submit; Impact This vulnerability is capable of tricking admins to change settings for OJS DataCite plugin...

2.2AI score
Exploits0
Huntr
Huntr
added 2021/10/16 4:57 a.m.9 views

Cross-Site Request Forgery (CSRF) in pkp/pkp-lib

Description No CSRF in upload profile too: /index.php/e/$$$call$$$/tab/user/profile-tab/upload-profile-image. More endpoints: Reordering data: /index.php/e/$$$call$$$/grid/settings/submission-checklist/submission-checklist-grid/save-sequence...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/10/15 1:46 p.m.8 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description Hi, By continuing to look at the project I was able to find a new XSS stored. Although it seems to be filtered in some parts of the site, when sending a photo as a greeting card, it is possible to include an arbitrary payload in the text field leading to a stored XSS. From OWASP :...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2021/10/15 7:3 a.m.16 views

SQL Injection in ampache/ampache

Description The application does not validate and escape the client parameter before using it in a SQL statement at getbookmark function in Repository/Model/Bookmark.php file, leading to a SQL Injection The function named getbookmark which called by in 3 functions: bookmarkcreate, bookmarkedit an...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2021/10/15 4:36 a.m.7 views

Sensitive Cookie Without 'HttpOnly' Flag in craigk5n/webcalendar

✍️ Description HTTPOnly attribute is not set for session cookies in the application 💥 Impact When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session cookies that can make it easier to...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/10/15 4:28 a.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in craigk5n/webcalendar

Description Session cookie is not marked with 'Secure' Proof of Concept Login to demo page http://webcalendar.sourceforge.net/demo/ Open Firefox developer option - storage - check secure option...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/10/14 7:12 p.m.5 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in frontaccountingerp/fa

✍️ Description The secure flag is not set for session cookie "PHPSESSID" in the application. Proof of Concept Check this for POC: Image Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/10/14 6:44 p.m.8 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description Hello, Looking at your project, I saw in the commits several anti-CSRF token addition but also a commit to not allow SVG file upload. However a blacklist in general is a bad idea, for example php, php3, ... are blocked but it is always possible to send a .php7 or .phps file ... Among...

0.4AI score
Exploits0References2
Huntr
Huntr
added 2021/10/14 4:45 p.m.10 views

in forkcms/forkcms

Description Insufficient Session expiration even after Credential like password of the account is being updated. Proof of Concept open the same account in multiple browsers. change the password in one Browser. Reload the other one. as a result we can see the account on the other browser is not...

3.7AI score
Exploits0
Huntr
Huntr
added 2021/10/14 4:24 p.m.9 views

Cross-site Scripting (XSS) - Stored in ampache/ampache

Description ampache has a stored XSS in the View Existing User , an attacker could exploit with the Website attribute to steal the other users' cookie Proof of Concept 1 Visit http://ampache//index.phppreferences.php?tab=account set the Website attribut toe: foo" onmouseover=alertdocument.cookie ...

0.2AI score
Exploits0References2
Huntr
Huntr
added 2021/10/14 3:25 p.m.4 views

Cross-Site Request Forgery (CSRF) in pkp/omp

✍️ Description Attacker or malicious user is able to delete any user profile photo if a logged in user visits attacker website. because lack of CSRF token 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally your profile photo deleted...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/10/14 2:53 p.m.8 views

in namelessmc/nameless

Description Nameless is vulnerable to clickjacking because it does not have the X-Frame-Options header set to DENY or SAMEORIGIN only nginx proxy has it. This header is important because it prevents other websites from Iframing the website. If the website can be iframed, then the attacker can hos...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/10/14 1:34 p.m.10 views

SQL Injection in flatcore/flatcore-cms

Pre-Auth SQL injection Description flatCore-CMS is vulnerable to variable-overwritten vulnerability, leading to a Pre-Auth SQL injection in index.php ​ source code 1 at index.phpL41 php $fcprefs = fcgetpreferences; $languagePack = $fcprefs'prefsdefaultlanguage'; $SESSION'fcadminhelpers' = array; ...

Exploits0References1
Huntr
Huntr
added 2021/10/14 10:38 a.m.11 views

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in mineweb/minewebcms

Description Hello, In the password reset it is possible to perform a Host Header Injection, so the victim will receive an email pointing to a third party site. By clicking, the attacker will be able to retrieve the victim's account reset token and use it to access his account. From Portswigger :...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2021/10/14 9:54 a.m.15 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

Description More instances of CSRF Proof of Concept /index.php?route=/panel/users/reports/&action=close&id=1 /index.php?route=/panel/users/reports/&action=open&id=1 /index.php?route=/panel/core/emails/errors/&do=delete&id=2 /index.php?route=/panel/core/emails/errors/&do=purge...

2.4AI score
Exploits0
Huntr
Huntr
added 2021/10/14 6:16 a.m.11 views

in flatcore/flatcore-cms

Description The Cookie before & after user login doesn't change. Proof of Concept // PoC 1 Load new website in a new browser 2 Get cookie before login 3 Login to website 4 Get cookie after login Compare those 2 values Impact Through other attack methods such as XSS, the attacker can store the...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/10/14 4:41 a.m.7 views

in flatcore/flatcore-cms

Description Use of incorrect operator == and != for pagepsw Proof of Concept If my actual page password is 240610708 then an attacker can key in QLTHNDT because: md5240610708 = 0e462097431906509019562988736854 md5QLTHNDT = 0e405967825401955372549139051580 And PHP will evaluate...

1.1AI score
Exploits0References1
Total number of security vulnerabilities4072