Lucene search
K

4072 matches found

Huntr
Huntr
added 2021/10/01 6:23 p.m.12 views

Cross-Site Request Forgery (CSRF) in collectiveaccess/pawtucket2

Description The following endpoints are vulnerable to CSRF attacks via GET requests even though they use AJAX: 1: Delete lightbox 2: Delete comments 3: Create comments 4: Create comments on objects 5: Add items into lightbox 6: Delete items from lightbox Proof of Concept Copy and paste the...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/10/01 5:5 p.m.9 views

Use of a Broken or Risky Cryptographic Algorithm in livehelperchat/livehelperchat

Description livehelperchat uses cryptographically insecure functions microtime, mtrand and even rand to generate sensitive information. Proof of Concept None provided, see the PHP documentation that specifies the cryptographic insecurity of the above functions. Impact This vulnerability is capabl...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/10/01 4:28 p.m.8 views

Use of a Broken or Risky Cryptographic Algorithm in froxlor/froxlor

Description Froxlor uses microtime to seed uniqid which is then hashed to produce a session token, microtime can be reasonably brute-forced/predicted, thus allowing for a relatively large-scale account-takeover attack or accurate targeted ones. Both microtime and uniqid are cryptographically...

3.5AI score
Exploits0
Huntr
Huntr
added 2021/10/01 8:43 a.m.25 views

in firefly-iii/firefly-iii

Description file upload vulnerability in application Proof of Concept step to reproduce 1login to application 2 goto https://demo.firefly-iii.org/create-from-bill/1 3 upload file any kind of file application accept Reference PoC 1 https://i.ibb.co/9wWRnsf/Screenshot-12.png...

6.5CVSS0.1AI score0.00754EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/01 7:55 a.m.8 views

Improper Access Control in collectiveaccess/pawtucket2

Description After the previous patch fix, users can join the Root group by specifying http://PAWTUCKET-URL/pawtucket/index.php/LoginReg/joinGroup/groupcode/ Proof of Concept http://PAWTUCKET-URL/pawtucket/index.php/LoginReg/joinGroup/groupcode/ Impact Attackers can join the Root group without bei...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/10/01 5:50 a.m.8 views

Cross-site Scripting (XSS) - Reflected in shannah/xataface

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.4AI score
Exploits0References2
Huntr
Huntr
added 2021/10/01 5:36 a.m.11 views

Cross-site Scripting (XSS) - Reflected in part-db/part-db

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.3AI score
Exploits0References2
Huntr
Huntr
added 2021/10/01 5:19 a.m.9 views

Cross-Site Request Forgery (CSRF) in craigk5n/webcalendar

Description Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/10/01 5:11 a.m.28 views

Cross-site Scripting (XSS) - Reflected in craigk5n/webcalendar

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.3AI score
Exploits0References2
Huntr
Huntr
added 2021/10/01 5:8 a.m.8 views

Cross-site Scripting (XSS) - Stored in craigk5n/webcalendar

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.3AI score
Exploits0References2
Huntr
Huntr
added 2021/10/01 5:0 a.m.17 views

Improper Input Validation in filebrowser/filebrowser

Description File Browser is a web-interface that allows you to manage and navigate through your files in a web browser. One of its features is to allow a user to run specific shell commands in the server, these commands are specified by users with administrator privileges, with an allow list. Thi...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/10/01 4:42 a.m.9 views

Type Confusion in craigk5n/webcalendar

Description During the comparisons of different variables, php will automatically convert the data into a common, comparable type. This leads to a variety of problems and might even cause security vulnerabilities. https://github.com/craigk5n/webcalendar has type juggling vulnerabilities that allo...

7.5AI score
Exploits0References1
Huntr
Huntr
added 2021/09/30 11:57 p.m.136 views

Exposure of Sensitive Information to an Unauthorized Actor in blair2004/nexopos-4x

Description Exposure of server side sensitive information due to unhandled exception in handling request method. Proof of Concept 1. Go to this link http://v4.nexopos.com/api/nexopos/v4/crud/ns.payments-types/4 2. See that the page returns with sensitive server side data. Here is a sample...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/09/30 3:47 p.m.15 views

Cross-site Scripting (XSS) - Stored in fisharebest/webtrees

Description Multiple Stored XSS when Add new record at features Add a source citation, Add a shared note Proof of Concept // PoC.req POST /demo-stable/index.php?route=%2Fdemo-stable%2Ftree%2Fdemo%2Fcreate-source HTTP/2 Host: dev.webtrees.net Cookie: Secure-WT-ID=35jvr7cdk25bf0s6k0e1r91c3e...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/09/30 3:10 p.m.12 views

Code Injection in yogeshojha/rengine

Description RCE via the YAML configuration of reNgine. In this configuration, the settings of the tools used in scans can be adapted. This functionality can be abused to executy arbitrary code. PoC In the yaml configuration of reNgine, edit the extensions field of dirfilesearch to make it look li...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/09/30 11:2 a.m.7 views

in opensourcepos/opensourcepos

Description The use == and != of might cause type juggling at the affected code if $row-hashversion == 1. Proof of Concept If the md5 sum of users password starts with 0e, then any input with md5 sum starting with 0e will result in true at statement $row-password == md5$password Impact This...

2AI score
Exploits0References1
Huntr
Huntr
added 2021/09/30 7:57 a.m.17 views

Static Code Injection in collectiveaccess/pawtucket2

Description This is with reference to another SSRF report I made https://huntr.dev/bounties/43505ece-7d5e-44b8-a7a3-69bd42d0ad02/ in which the fix was to filter external src from images. Pawtucket2 makes use of the same code as Providence to filter HTML, however it does not include the new fix...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/09/30 6:51 a.m.7 views

in youzan/vant

✍️ Description The @vant/cli package is vulnerable to Regular Expression Denial of Service ReDoS. An attacker that is able to provide a crafted string as the input to the decamelize function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/09/30 5:22 a.m.14 views

Improper Access Control in collectiveaccess/pawtucket2

Description An attacker can join any user group in the Pawtucket2 interface as the URLs are not being randomised Proof of Concept Any attacker can join the Administrator group using: http://PAWTUCKETURL/pawtucket/index.php/LoginReg/joinGroup/groupid/2 An attacker can join any group by incrementin...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/09/29 8:40 p.m.106 views

in dbeaver/dbeaver

✍️ Description The dbeaver is vulnerable to XML External Entity XXE. An attacker that is able to provide a crafted XML file as input to the parseDocument function in the "XMLUtils.java" file may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files...

4.3CVSS0.7AI score0.00902EPSS
Exploits1
Huntr
Huntr
added 2021/09/29 8:6 p.m.15 views

Open Redirect in sbrl/pepperminty-wiki

Description I saw this report https://huntr.dev/bounties/89f222e4-2aaa-44f8-8b24-657d3a0e741f/ and this fix commit : https://github.com/sbrl/Pepperminty-Wiki/blob/f59e68127cb4147e49f9453e1f657cc24972fda5/modules/page-login.phpL167 and I find out that you never use the new $returntoredirect...

7.3AI score
Exploits0
Huntr
Huntr
added 2021/09/29 7:34 p.m.21 views

in stanfordnlp/corenlp

✍️ Description The Stanford CoreNLP package provides a set of natural language analysis tools written in Java, is using a vulnerable XML External Entity XXE. An attacker that is able to provide a crafted XML file as input to the getTextContentFromTagsFromFile function in the "XMLUtils.java" file...

5CVSS0.7AI score0.01317EPSS
Exploits1
Huntr
Huntr
added 2021/09/29 7:27 p.m.5 views

in khodakhah/nodcms

Description There is no rate limit sent unlimited email victim or any email address Proof of Concept There is no rate limit return-password , attacker to send unlimited email to victim or any email address. POST /en/return-password HTTP/1.1 Host: demo.nodcms.com User-Agent: Mozilla/5.0 Windows NT...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/09/29 7:26 p.m.4 views

Open Redirect in fisharebest/webtrees

Description I saw this report : https://huntr.dev/bounties/ad4278af-52b7-4c34-8d43-9b829105d499/ and Also your fix commit https://www.github.com/fisharebest/webtrees/commit/551ad4afbcef2a72a6cf6461f1747762180b12c5 then I should say that the fix can be bypassed with such payloads : If the baseurl ...

7.1AI score
Exploits0
Huntr
Huntr
added 2021/09/29 4:16 p.m.10 views

Cross-site Scripting (XSS) - Reflected in collectiveaccess/providence

Description: Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC.js POC --...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2021/09/29 3:4 p.m.10 views

in fisharebest/webtrees

Description There is not rate limit protection , Rate limit bypass sent unlimited email victim or any email address. Proof of Concept There is no rate limit password-request , attacker to send unlimited email to victim or any email address. POST...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/09/29 10:42 a.m.13 views

Cross-Site Request Forgery (CSRF) in gunet/openeclass

Description Missing CSRF Token at all form POST action in on Application Proof of Concept // CSRF PoC history.pushState'', '', '/' Impact With CSRF attack, the attacker can perform operations to add, edit, and delete data on the application through the victim...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/09/29 10:24 a.m.8 views

Session Fixation in gunet/openeclass

Description The Cookie before & after user login doesn't change Proof of Concept // PoC.js 1 Load website in a new browser 2 Get cookie before login 3 Login to website 4 Get cookie after login Compare those 2 values Impact Through other attack methods such as XSS, the attacker can store the user'...

2.4AI score
Exploits0
Huntr
Huntr
added 2021/09/29 1:17 a.m.12 views

Exposure of Sensitive Information to an Unauthorized Actor in blair2004/nexopos-4x

Description Unhandled exception leads to exposure of server side and sql query information. Proof of Concept 1. Go to demo page http://v4.nexopos.com and login using demo account 2. Go to Customer - Create coupon and try to create a coupon without entering coupon code leave it empty 3. See that t...

7.3AI score
Exploits0
Huntr
Huntr
added 2021/09/29 1:10 a.m.14 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in blair2004/nexopos-4x

Description Session cookie nexopossession is not marked as Secure Proof of Concept 1. Open demo page https://v4.nexopos.com/sign-in using firefox; login using demo account 2. Go to Developer tool - Storage - Cookie and see that nexopossession has Secure = False...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2021/09/29 1:6 a.m.6 views

Improper Authorization in blair2004/nexopos-4x

Description No authorization in downloading customer export file. Proof of Concept 1. Access this link in browser without logging in: http://v4.nexopos.com/export/customers-list.csv 2. See that you can download customer list file without logging in. Impact This vulnerability is capable of exposur...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/09/28 9:3 p.m.8 views

Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Description in some delete actions I change the HTTP request method to GET and Also remove the CSRF token from request and then I able to Bypass your CSRF protection...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/09/28 5:4 p.m.37 views

in dompdf/dompdf

Description The Scenario 3 you described in this report https://huntr.dev/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e/ actually opens up the ability to bypass chroot checks. Proof of Concept 1: Make sure you install Dompdf from GitHub https://github.com/dompdf/dompdf/ and include the following...

5CVSS5.4AI score0.00913EPSS
Exploits1
Huntr
Huntr
added 2021/09/28 4:2 p.m.11 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description Stored XSS in parameter 'msgbody' at 'Write e-mail' allows for the arbitrary execution of JavaScript Proof of Concept // PoC.req POST /demo/admprogram/modules/messages/messagessend.php HTTP/2 Host: www.admidio.org Cookie:...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/09/28 1:54 p.m.4 views

in kcal-app/kcal

Description There isn't any proper authorization for delete goal action that lead to IDOR vulnerability...

2.6AI score
Exploits0
Huntr
Huntr
added 2021/09/28 1:38 p.m.12 views

Open Redirect in fisharebest/webtrees

Description OpenRedirect at login with parameter &url= Proof of Concept // PoC.request POST /demo-stable/index.php?route=%2Fdemo-stable%2Flogin%2Fdemo HTTP/2 Host: dev.webtrees.net Cookie: Secure-WT-ID=ekks8678620p55do7do21jd4p1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...

Exploits0
Huntr
Huntr
added 2021/09/28 10:36 a.m.38 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in openfun/openedx-docker

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/10vEIf77qf1ejR14lL5GZCMn9bZmmbIBd/view?usp=sharing Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP...

Exploits0References1
Huntr
Huntr
added 2021/09/28 9:50 a.m.13 views

Open Redirect in blogifierdotnet/blogifier

Description Open redirect at login page due to unchecked "returnUrl" param Proof of Concept 1. Go to demo page link http://demo.blogifier.net/admin/login/?returnUrl=https://google.com 2. Login using demo account and see that you are redirected to google.com Impact This vulnerability is capable of...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2021/09/28 9:37 a.m.27 views

in osticket/osticket

Description The forgot password can be abused to leak possible usernames due to different responses returned when a user exists or a user does not. Proof of Concept 1. Go to http://OSTICKET-SERVER/htdocs/osticket/scp/pwreset.php 2. Key in a user which does not exist, the response is: "Unable to...

7AI score
Exploits0
Huntr
Huntr
added 2021/09/28 6:15 a.m.10 views

in zikula/core

Description Sensitive data on the application can be exposed after the user logs Proof of Concept // PoC 1 Login to the application 2 Goto page like My Account 3 Click logout 4 Click browser back button Impact When a user logs out without closing the browser someone can view the information insid...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/09/27 1:4 p.m.35 views

Heap-based Buffer Overflow in hoene/libmysofa

Description There are some heap-buffer-overflows in mysofa2json of libmysofa. They are in function loudness, mysofacheck and readOHDRHeaderMessageDataLayout. System info Ubuntu 20.04.3 LTS clang 12.0.1 libmysofa github master branch commit 0cb89cb Command to Reproduce build libmysofa with...

7.5CVSS1.5AI score0.01035EPSS
Exploits1
Huntr
Huntr
added 2021/09/27 12:12 p.m.9 views

Exposure of Sensitive Information to an Unauthorized Actor in kcal-app/kcal

Description An attacker can view the foods and other informations in the application through direct call to api functions without any authenication Proof of Concept Step 1 Go to http://demo.kcal.cooking/api/v1/foods?pagenumber=1&pagesize=12...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/09/27 8:13 a.m.11 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in netdisco/netdisco

Description Session cookie dancer.session is not marked with 'Secure' Proof of Concept 1. Go to demo page https://netdisco2-demo.herokuapp.com, the page will automatically logs in as guest 2. Open Firefox developer and see that the cookie dancer.session is not marked with 'Secure'...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2021/09/27 8:12 a.m.37 views

Sensitive Cookie Without 'HttpOnly' Flag in filegator/filegator

Description HTTPOnly attribute is not set for session cookies in the application. Proof of Concept https://ibb.co/R950Vxj Impact When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2021/09/27 8:10 a.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in filegator/filegator

Description Secure flag is not implemented on the application Proof of Concept https://ibb.co/nLTbftm Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies...

Exploits0References1
Huntr
Huntr
added 2021/09/27 7:39 a.m.12 views

in kcal-app/kcal

Description Sensitive Data can be exposed even after logouting the application due to ui wrong action Proof of Concept 1 login to the application dashboard http://demo.kcal.cooking/ 2 Goto Any pages recipes,foods 3 Click logout 4 Click browser back button Application structure exposed we can stil...

Exploits0
Huntr
Huntr
added 2021/09/27 6:45 a.m.14 views

in flarum/framework

Description Sensitive Data can be exposed even after logouting the application due to ui wrong action Proof of Concept 1 login to the application dashboard as admin https://demo.flarum.site/admin/ 2 Goto Any pages dashboard,permissions etc 3 Click logout 4 Click browser back button 5 Will Re-ente...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/09/27 5:4 a.m.13 views

in collectiveaccess/providence

Description Sensitive Data can be exposed even after logouting the application due to ui wrong action Proof of Concept 1 login to the application dashboard https://demo.collectiveaccess.org 2 Goto Any pages dashboard,administrations etc 3 Click logout 4 Click browser back button Impact Any other...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/09/27 1:46 a.m.7 views

Cross-site Scripting (XSS) - Stored in jonschoning/espial

Description Stored XSS in url link Proof of Concept // PoC reqest POST /api/add HTTP/2 Host: esp.ae8.org Cookie:...

5.9AI score
Exploits0
Huntr
Huntr
added 2021/09/26 9:33 p.m.31 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in khodakhah/nodcms

Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...

Exploits0References1
Total number of security vulnerabilities4072