Lucene search
K

4072 matches found

Huntr
Huntr
added 2021/10/13 10:43 p.m.5 views

Session Fixation in bytebase/bytebase

Description If admin deciding to deactivate a user and the user already logged in the system before then until user remain in the current session he/she can do anything that can do them before...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/10/13 10:35 p.m.9 views

Cross-Site Request Forgery (CSRF) in bytebase/bytebase

Description all part of application That use POST http method to change or create data are vulnerable to CSRF attacks. for example the PATCH methods are not vulnerable I will show just create a member POC for you and if you want to see other POCs of other endpoint just say me to provide them too ...

7.1AI score
Exploits0
Huntr
Huntr
added 2021/10/13 6:28 p.m.26 views

in flatcore/flatcore-cms

Title: race condition vs Temporary File Upload Description flatCore-CMS is vulnerable to Race condition while dealing uploading gallery Codes at https://github.com/flatCore/flatCore-CMS/blob/main/acp/core/files.uploadgallery.phpL31 php ifarraykeyexists'file',$FILES && $FILES'file''error' == 0...

6CVSS0.2AI score0.01075EPSS
Exploits1
Huntr
Huntr
added 2021/10/13 5:1 p.m.13 views

Code Injection in flatcore/flatcore-cms

Description Another code injection payload in linkname. Proof of Concept Insert into linkname $sleep 10 Go to http://FLATCORE-IP/flatCore-CMS/content/cache/cachelastedit.php and see that the page has stopped for 10 seconds. $ escapes the string, switches context to OS commands. Impact Blind RCE a...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/10/13 3:44 p.m.12 views

in mostafa-samir/zip-local

Description zip-local is vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. Proof of Concept // PoC.js var zipper = require'zip-local'; zipper.unzip"zipslip.zip", functionerror, unzipped if!error // extract to the current working directory unzipped.savenull, function ; var...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/10/13 3:38 p.m.15 views

in star7th/showdoc

Firstly, I would say to the dev, your application Showdoc is good to use, and I will keep an eye on it, continuously improving the safety of it. Then, I would also thank the staff in huntr.dev, your quick response impressed me a lot. ​ Good to work with you enthusiastic people. ​ Description ​...

7.4AI score
Exploits0References1
Huntr
Huntr
added 2021/10/13 2:30 p.m.11 views

Heap-based Buffer Overflow in hoene/libmysofa

Description system : ubuntu 20.04 build command cd libmysofa mkdir build cd build CC=clang CXX=clang++ CFLAGS="-fsanitize=address -g" CXXFLAGS="-fsanitize=address -g" cmake ../ make all repro ./mysofa2json -c ./libmyfofamysofacheck Proof of Concept...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/10/13 11:14 a.m.10 views

Cross-site Scripting (XSS) - Reflected in dmpop/mejiro

Description From OWASP : : Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script...

5.6AI score
Exploits0References2
Huntr
Huntr
added 2021/10/13 10:51 a.m.25 views

in star7th/showdoc

Description - CWE: CWE-288:Authentication Bypass Using an Alternate Path or Channel - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L , CVSS Score: 8.3High - Credit:Qianxin, Network Security Department, Product-Safety Team Unc1e In showdoc, there is a SSO process , DOC is shown in...

7AI score
Exploits0
Huntr
Huntr
added 2021/10/13 9:42 a.m.11 views

in fisharebest/webtrees

Description In fix commit https://github.com/fisharebest/webtrees/commit/fc904122e0c1b55f274bc4c8cd883c266176e34e, the fix was to set CSP to script-src in HTML files to none. Webtrees by default has X-Frame-Options headers to prevent clickjacking, but since X-Frame-Options: SAMEORIGIN, it is...

6.8AI score
Exploits0References1
Huntr
Huntr
added 2021/10/13 6:40 a.m.16 views

Cross-site Scripting (XSS) - Reflected in mariotti94/webrisc-v

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.5AI score
Exploits0References2
Huntr
Huntr
added 2021/10/13 6:38 a.m.6 views

Cross-Site Request Forgery (CSRF) in jspark311/buriedunderthenoisefloor

Description Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...

0.1AI score
Exploits0References2
Huntr
Huntr
added 2021/10/13 6:37 a.m.13 views

Cross-site Scripting (XSS) - Stored in jspark311/buriedunderthenoisefloor

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

4.9AI score
Exploits0References2
Huntr
Huntr
added 2021/10/13 6:35 a.m.9 views

in jspark311/buriedunderthenoisefloor

Description Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. https://github.com/jspark311/BuriedUnderTheNoiseFloor/ is vulnerable to remo...

0.1AI score
Exploits0References2
Huntr
Huntr
added 2021/10/13 6:33 a.m.10 views

Cross-site Scripting (XSS) - Reflected in jspark311/buriedunderthenoisefloor

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.3AI score
Exploits0References2
Huntr
Huntr
added 2021/10/12 4:48 p.m.5 views

in publify/publify

Description There is not Rate limit protection bypass sent unlimited email victim who have account email address. Proof of Concept There is no rate limit users/password, attacker to send unlimited email who have account victim email address. POST /users/password HTTP/1.1 Host:...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/10/12 8:55 a.m.67 views

in dompdf/dompdf

Description Improper restriction of external entities XXE in DomPDF's SVG parser allows it to perform an SSRF even if isRemoteEnabled set to false or even cause a deserialization attack in the SVG parser this time. Proof of Concept Payload 1 - SSRF only allowurlfopen required This embeds Google...

0.9AI score0.00924EPSS
Exploits1
Huntr
Huntr
added 2021/10/12 6:44 a.m.14 views

in flatcore/flatcore-cms

Description Even with $fcuploadaddons = false, an attacker can still upload files by making the post request Proof of Concept 1 Enable $fcuploadaddons = true. 2 Upload a PHP file, but do not send. 3 Disable $fcuploadaddons = true. 4 Send the file upload request. See that the file is still being...

8.2AI score
Exploits0
Huntr
Huntr
added 2021/10/12 6:6 a.m.14 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

Description Multiple Stored XSS on featuers 'Milestones' , 'Research', 'Retrospective' at Leantime 2.1.8 Proof of Concept // PoC.req POST /leantime/public/tickets/editMilestone/ HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101 Firefox/94.0...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/10/11 10:54 p.m.19 views

in stanfordnlp/corenlp

Description The Stanford CoreNLP package provides a set of natural language analysis tools written in Java, is using a vulnerable XML External Entity XXE. An attacker that is able to provide a crafted XML file as input to the readDocument function in the "DomReader.java" file may allow an attacke...

7.5CVSS0.01826EPSS
Exploits1
Huntr
Huntr
added 2021/10/11 9:30 p.m.18 views

Cross-Site Request Forgery (CSRF) in pimcore/demo

Description Pimcore is vulnerable to Cross-site request forgery. It is possible to add arbitrary products to the victim's cart. Proof of Concept 1: Open https://demo.pimcore.fun/en/cart/add-to-cart?id=12 on a browser. 2: Check out the cart with Jaguar E-Type product. Impact Attackers might fool...

2.3AI score
Exploits0References1
Huntr
Huntr
added 2021/10/11 8:35 p.m.16 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in siwapp/siwapp

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1IOglL2LBh8CnvJUI0tRJw2wCJ8ugnws/view Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The...

Exploits0References1
Huntr
Huntr
added 2021/10/11 8:28 p.m.7 views

Cross-site Scripting (XSS) - Stored in siwapp/siwapp

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content. Proof ...

5AI score
Exploits0References1
Huntr
Huntr
added 2021/10/11 5:56 p.m.9 views

in flatcore/flatcore-cms

Description Attackers can trick admin users into performing actions because there is no X-Frame-Options: DENY header set by the application. This header is important because it prevents other websites from Iframing the website. If the website can be iframed, then the attacker can host a malicious...

2.4AI score
Exploits0References1
Huntr
Huntr
added 2021/10/11 5:20 p.m.17 views

Path Traversal in yuda-lyu/w-zip

Description w-zip is vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. Proof of Concept // PoC.js var wz = require'w-zip'; let fpUnzip = './testData/outputZip' let fpUnzipExtract = fpUnzip + '/extract' let fpZip1 = fpUnzip + '/zipslip.zip' async function checkzipslip //unzip...

7.5CVSS0.2AI score0.01623EPSS
Exploits1
Huntr
Huntr
added 2021/10/11 5:9 p.m.8 views

Code Injection in flatcore/flatcore-cms

Description Bypass of remote code execution in https://github.com/flatCore/flatCore-CMS/issues/59 The following payload uses . for concatenation and to execute system commands. Proof of Concept 1 Insert the following as Permalink value lol".whoamipwned.txt." 2 Go to...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/10/11 4:34 p.m.10 views

Cross-Site Request Forgery (CSRF) in flatcore/flatcore-cms

Description 1 Missing CSRF token in delete posts and delete folder in the frontend 2 Missing backend CSRF validation in 1 removing and enabling fix status and 2 deleting posts, and 3 delete folder and 4 delexclude in the indexing page see Permalinks 3 Delete cache Proof of Concept Open in...

2.4AI score
Exploits0
Huntr
Huntr
added 2021/10/11 4:25 p.m.46 views

Cross-site Scripting (XSS) - Stored in snipe/snipe-it

Description Multiple Stored XSS at parameter 'name' when creating a record at features 'Custom Fields', 'Asset Models', 'Suppliers', 'Locations', at Snipe-It 5.2.0 Proof of Concept // PoC.req POST /snipe-it/public/fields HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X...

3.5CVSS5.5AI score0.00803EPSS
Exploits1
Huntr
Huntr
added 2021/10/11 2:30 p.m.7 views

in bytebase/bytebase

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes Impact it is...

1.5AI score
Exploits0References1
Huntr
Huntr
added 2021/10/11 2:26 p.m.7 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in bytebase/bytebase

Description Session cookie is not marked with 'Secure' Proof of Concept Login to demo page https://demo.bytebase.com/ Open Firefox developer option - storage - check secure option Below link shows POC https://i.ibb.co/DLG1pyt/Screenshot-48.png...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/10/11 9:10 a.m.10 views

Improper Authorization in publify/publify

Description I found an IDOR in publify But I don't know this is intended or not ? If we assume that admins or publishers want to upload a media file and don't want to publish it and keep it private until the publish date there is a IDOR vulnerability here. for example I upload a .gif file and thi...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/10/11 6:37 a.m.47 views

Improper Authorization in collectiveaccess/pawtucket2

Description Users without any readaccess to a lightbox can still view its contents via incrementing the id Proof of Concept ... http://10.0.2.15/pawtucket/index.php/Lightbox/Present/setid/1 http://10.0.2.15/pawtucket/index.php/Lightbox/Present/setid/2...

3.3AI score
Exploits0
Huntr
Huntr
added 2021/10/11 6:15 a.m.5 views

Cross-Site Request Forgery (CSRF) in collectiveaccess/providence

Description More AJAX endpoints vulnerable to CSRF. 1: GET http://10.0.2.15/providence/index.php/find/BrowseObjects/createSetFromResult 2: POST http://10.0.2.15/providence/index.php/find/SearchObjects/saveResultsEditorData Proof of Concept 1:...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/10/10 7:20 p.m.9 views

Heap-based Buffer Overflow in timetoogo/ff-proxy

Description Heap based buffer overflow in ffclientsendrequest. Can be triggered if the buffer size is more than FFCLIENTMAXPACKETLENGTH Proof of Concept z3phyr@ubuntu:/ff-proxy$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.3 LTS Release: 20.04...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/10/10 6:51 p.m.6 views

Cross-site Scripting (XSS) - Reflected in pkp/omp

✍️ Description i was able to perform a Reflected XSS against your website/repository. The Reflected XSS vulnerability occurs when the data provided by the attacker is not sanitized by the server, and then reflected "normal" pages returned to other users in the course of regular browsing. Proof of...

3.9AI score
Exploits0
Huntr
Huntr
added 2021/10/10 5:35 p.m.12 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

Description Several endpoints are vulnerable to CSRF 1: module install /index.php?route=/panel/core/modules/&action=install 2: clear template cache /index.php?route=/panel/core/paneltemplates/&action=clearcache 3: install templates, activate template, deactivate template, delete template,...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/10/09 7:27 p.m.12 views

in pixelfed/pixelfed

Description: There is no rate limit sent unlimited email victim or any email address. Proof of Concept: There is no rate limit return-password , attacker to send unlimited email to victim or any email address. Impact: Attacker can sent unlimited email to any mail address . Solution: Add 'throttle...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/10/09 7:15 p.m.11 views

in thedevdojo/wave

Description: There is no rate limit sent unlimited email victim or any email address. Proof of Concept: There is no rate limit return-password , attacker to send unlimited email to victim or any email address. Impact: Attacker can sent unlimited email to any mail address . Solution: Add 'throttle...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/10/09 7:11 p.m.44 views

in attendize/attendize

Description: There is no rate limit sent unlimited email victim or any email address. Proof of Concept: There is no rate limit return-password , attacker to send unlimited email to victim or any email address. Impact: Attacker can sent unlimited email to any mail address . Solution: Add 'throttle...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/10/09 5:8 p.m.28 views

in bookstackapp/bookstack

Description The dompdf chroot option in Bookstack App is set to basepath, which is the Laravel root folder /var/www/bookstack. An attacker can hence load any image file in the Laravel folder /var/www/bookstack or its subdirectories via PDF exports. Proof of Concept 1: Place an image file in...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/10/09 10:14 a.m.8 views

Cross-Site Request Forgery (CSRF) in publify/publify

Description An attacker is able to craft an URL with special parameters, what contains the theme switching command. Upon sending the malicious link to a logged-in administrator, the theme is being changed. Proof of Concept With an admin user, simply open the following URL please replace the...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/10/09 8:44 a.m.9 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description There is a CSRF vulnerability on Empty Inbox in Private Messages inbox. Proof of Concept //POC.html history.pushState'', '', '/'...

2.5AI score
Exploits0
Huntr
Huntr
added 2021/10/09 7:34 a.m.7 views

in fisharebest/webtrees

Description The program allows to upload files with dangerous file types in the media upload section, leading to XSS and other exploits like shell uploads, HTML injection leading to Social Engineering attacks, etc ..., I have demonstrated HTML file upload leading to XSS here. Proof of Concept mov...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/10/08 6:18 p.m.15 views

in squell/id3

Description Hello, I hope you're doing well. Whilst testing id3 built from commit 896d42a, we discovered crafted input which triggers a negative-size-param size=-1 error when when calling memcpy, causing the software to crash. Proof of Concept First... Second... echo...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/10/08 4:12 p.m.8 views

in publify/publify

Description publify does not use secure Cache-Control headers. Proof of Concept 1: Login to application 2: click on admin link https://demo-publify.herokuapp.com/admin 3: Logout 4: Press the back button of the opened tab to still see that you can view the information . Impact This issue is capabl...

Exploits0References1
Huntr
Huntr
added 2021/10/08 4:6 p.m.6 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in publify/publify

Description Session cookie publifyblogsession is not marked with 'Secure' Proof of Concept Login to demo page https://demo-publify.herokuapp.com/ Open Firefox developer option - storage - check secure option Below link shows POC https://i.ibb.co/j3K5YDg/Screenshot-45.png...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/10/08 11:49 a.m.14 views

Cross-site Scripting (XSS) - Stored in fisharebest/webtrees

Description Stored XSS via upload file .svg allows for arbitrary execution of JavaScript Proof of Concept // PoC.req POST /demo-dev/tree/demo/add-media-file/X9222 HTTP/2 Host: dev.webtrees.net Cookie: Secure-WT-ID=63trarcpiic93psog3t8okts4h User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15;...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/10/08 11:6 a.m.8 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description Stored XSS via upload file .svg allows for arbitrary execution of JavaScript Proof of Concept // PoC.req POST /demoen/admprogram/system/fileupload.php?module=documentsfiles&mode=uploadfiles&id=1 HTTP/2 Host: www.admidio.org Cookie:...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/10/08 10:38 a.m.11 views

Cross-Site Request Forgery (CSRF) in i-love-flamingo/flamingo-commerce

Description CSRF in cart related endpoints. This include: - Adding items to cart - Clean cart - Delete item from cart - Update cart This happens because the system use GET request for these actions and thus allows CSRF attacks. Proof of Concept 1. Access this link in a browser...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2021/10/08 4:19 a.m.14 views

Cross-Site Request Forgery (CSRF) in kunstmaan/kunstmaanbundlescms

Description Cross site request forgery in Kunstmaan/KunstmaanBundlesCMS Proof of Concept 1. Delete function in "redirects" feature -- vulnarebility is in parameter id document.forms0.submit; Impact In a successful CSRF attack, the attacker causes the victim user to carry out an action...

0.6AI score
Exploits0References1
Total number of security vulnerabilities4072