Lucene search
K

4072 matches found

Huntr
Huntr
•added 2023/10/13 6:39 a.m.•47 views

Cross-Site Request Forgery Vulnerability in Logout Functionality

Description Logout CSRF is a security vulnerability where an attacker forces a user to unknowingly log out of their session by tricking them into triggering a logout request through a malicious website or link. GET http://localhost:8080/logout Proof of Concept history.pushState'', '', '/'...

6.8CVSS6.9AI score0.00318EPSS
Exploits1References1
Huntr
Huntr
•added 2023/10/12 6:56 p.m.•23 views

Store XSS when Add Reviewer

Description Store XSS when Add Reviewer Proof of Concept Payload: TESTalertdocument.domain Video Poc https://drive.google.com/file/d/16o4w6V-uCpkshFXYBb-pZRflpl7N3Sy4/view?usp=sharing...

6.3AI score0.00404EPSS
Exploits1
Huntr
Huntr
•added 2023/10/12 6:39 p.m.•13 views

CSRF in Cancel Reviewer and Reinstate Reviewer

Description CSRF in Cancel Reviewer and Reinstate Reviewer Proof of Concept Link Poc I attach the Poc link below. Thank You. https://drive.google.com/drive/folders/1QA5Kz6w2AgYdFDoDX2hHWK0zHAPoWt?usp=sharing...

7.2AI score0.00264EPSS
Exploits1
Huntr
Huntr
•added 2023/10/12 6:25 p.m.•21 views

CSRF in Review Details

Description CSRF in Review Details Proof of Concept 1 . Attacker send form fake to user history.pushState'', '', '/'; document.forms0.submit; 2 .User click, changed unwanted Recommendation and Reviewer rating changes Video Poc...

7.1AI score0.00264EPSS
Exploits1
Huntr
Huntr
•added 2023/10/11 5:1 p.m.•11 views

heap-use-after-free in MP4Box

Description heap-use-after-free in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Asan 33mTTML...

7AI score
Exploits0
Huntr
Huntr
•added 2023/10/11 4:58 p.m.•8 views

2 FPE in MP4Box

Description 2 FPE in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Reproduce ./MP4Box -dash 100...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/10/11 4:53 p.m.•13 views

memcpy-param-overlap in MP4Box

Description memcpy-param-overlap in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Asan 32mDashe...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/10/11 4:49 p.m.•12 views

4 heap-buffer-overflow in MP4Box

Description 4 heap-buffer-overflow in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Reproduce...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/10/11 4:41 p.m.•17 views

2 stack-buffer-overflow in MP4Box

Description 2 stack-buffer-overflow in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Reproduce...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/10/11 4:32 p.m.•27 views

3 SEGV in MP4Box

Description 3 SEGV in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Reproduce ./MP4Box -dash...

1.9CVSS6.9AI score0.00293EPSS
Exploits1
Huntr
Huntr
•added 2023/10/11 10:42 a.m.•27 views

NULL Pointer Dereference in function gf_filter_pck_new_alloc_internal

Description NULL Pointer Dereference in function gffilterpcknewallocinternal at filtercore/filterpck.c:108. Version git log commit 5692dc729491805e0e5f55c21d50ba1e6b19e88e HEAD - master, origin/master, origin/HEAD Author: Aurelien David Date: Wed Oct 11 13:24:46 2023 +0200 ac3dmx: add remain size...

4.4CVSS6.8AI score0.00327EPSS
Exploits1
Huntr
Huntr
•added 2023/10/11 9:38 a.m.•11 views

heap-buffer-overflow in ac3dmx_process

Description Heap-buffer-overflow in ac3dmxprocess at filters/reframeac3.c:489. version git log commit 5692dc729491805e0e5f55c21d50ba1e6b19e88e HEAD - master, origin/master, origin/HEAD Author: Aurelien David Date: Wed Oct 11 13:24:46 2023 +0200 ac3dmx: add remain size check fixes 2627 ./MP4Box...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/10/10 7:49 p.m.•18 views

privilege escalation bug to edit survey

BUG ======== normal user can edit any survey AFFTED VERSION ============ 6.2.10 SUMMRUY ========== normal user has view permiision in survey . But still that user can edit the survey by adding that survey to his own group . STEP TO REPRODUCE ================= 1. There is already a superadminuser-...

7.1AI score
Exploits0
Huntr
Huntr
•added 2023/10/10 12:1 p.m.•28 views

heap-use-after-free in function editing_arg_idx

Description heap-use-after-free in function editingargidx at arglist.c:516 Vim Version git log commit 54844857fd6933fa4f6678e47610c4b9c9f7a091 HEAD - master, tag: v9.0.2009, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S editingargidxPOC2 -c :qa!...

4.4CVSS7AI score0.00539EPSS
Exploits1References2
Huntr
Huntr
•added 2023/10/09 6:37 p.m.•19 views

post body leaked to third party site when 303 redirect happen

BUG ======= post body leaked to third party site when 303 redirect happen SUMMURY ============ as per specification provided https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections during redirection of 303 POST request, body should be lost and request method should be GET .\ \ check the...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/10/09 5:53 a.m.•19 views

Cross-Site Request Forgery (CSRF) in

Description CSRF led to change permissions of participant in Edit Assignment sessions. Proof of Concept Payload: https://drive.google.com/file/d/1dHY9CS6R4mKM4F0im5n1aUxFamMEjbAa/view?usp=sharing Video PoC: https://drive.google.com/file/d/1AdDFE-qOF-EvVEJzzXKguMfr6ZkXXEx/view?usp=drivelink...

7.2AI score0.00255EPSS
Exploits1
Huntr
Huntr
•added 2023/10/08 6:37 p.m.•18 views

Stored XSS in function Add discussion at the Copyediting section

Description I tested the demo site you provided and I see that there is a stored XSS in function Add discussion Proof of Concept payload: thanh"alert1 Steps 1. Login as any user 2. In the Unassigned section and click view 3. In the Workflow click Copyediting section and Add discussion 4. Insert...

6AI score0.00404EPSS
Exploits1
Huntr
Huntr
•added 2023/10/08 4:50 p.m.•25 views

CSRF in Payment Types

Description CSRF in Payment Types Proof of Concept 1 .Attacker send form fake to user history.pushState'', '', '/'; document.forms0.submit; 2 .User click , edited unwanted payment types Video Poc https://drive.google.com/file/d/1jI4bW5BJXGdJ7kICI-K1Kmg5y2EPw7f0/view?usp=sharing Payload Poc...

6.8CVSS6.8AI score0.00264EPSS
Exploits1
Huntr
Huntr
•added 2023/10/08 2:24 p.m.•25 views

Root takeover via signature spoofing

Description When an app requests "CMDBECOMEMANAGER" via prctl, couple of checks done before promoting uid as root manager. Main check relies on requester's signature. Signature control is done in checkv2signature function in kernel\apksign.c, this function accepts both V2 and V3 signatures...

7.5CVSS7.1AI score0.00582EPSS
Exploits1References1
Huntr
Huntr
•added 2023/10/08 5:4 a.m.•24 views

Heap OOB Read

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the latest release as of 10/08/23 the current master branch at commit 50c2ab06f45a3101d73d6f317e98f041809f4923 . Description This AddressSanitizer output is indicating an OOB read of inval...

3.3CVSS6.8AI score0.00325EPSS
Exploits1
Huntr
Huntr
•added 2023/10/07 5:2 p.m.•20 views

CSRF in Send Reminder

Description CSRF in Send Reminder Proof of Concept 1 .Attacker sent form fake to victim history.pushState'', '', '/'; document.forms0.submit; 2 .Victim click, execute send reminder unexpected Video Poc https://drive.google.com/file/d/1eibfxIbACA6DWObg2bjZjJBiqTPlwWd/view?usp=sharing...

6.8CVSS7.1AI score0.00265EPSS
Exploits1
Huntr
Huntr
•added 2023/10/07 3:28 a.m.•23 views

Improper Authorization allows opening of arbitrary files

Description Tested on Build94 of the Inure application. It was discovered that the application had an exported activity .activities.association.TextViewerActivity which accepted intent data via the file scheme + text/ mime type and opened the associated files from provided URI data string. The...

7.2AI score0.00251EPSS
Exploits1References1
Huntr
Huntr
•added 2023/10/06 7:24 a.m.•32 views

Cross-Site Request Forgery Vulnerability in Logout Functionality

Description Logout CSRF is a security vulnerability where an attacker forces a user to unknowingly log out of their session by tricking them into triggering a logout request through a malicious website or link. The csrftoken for the logout interface is invalid, it is recommended to change it to...

6.8CVSS6.9AI score0.00428EPSS
Exploits1References1
Huntr
Huntr
•added 2023/10/05 4:30 p.m.•20 views

Stored Cross Site Scripting (XSS)

Description The location endpoint is not sanitized which leads to the Stored Cross Site Scripting XSS Proof of Concept 1. Login as a standard user non-admin Asset page List All https://drive.google.com/file/d/1qymhc6sMe9EeS2bOe4CE2XTAbzFkgHao/view?usp=drivelink 2. Click to open any asset Edit Ass...

4.9CVSS6.3AI score0.00527EPSS
Exploits4References2
Huntr
Huntr
•added 2023/10/03 3:38 p.m.•27 views

RXSS in onpremises version of structurizr

Description During investigation it was found that onpremises api endpoint GET parameter version is vulnerable to XSS injection: /workspace/workspaceid?version=1; Proof of Concept 1. Visit the link provided: http:///workspace/1/?version=1%22;alert1; 2. XSS injected...

5.8CVSS6.3AI score0.01222EPSS
Exploits1
Huntr
Huntr
•added 2023/10/03 11:38 a.m.•32 views

SQL Injection in opportunities module

Description During the save of the the opportunity the duplicateparentid is not properly validated and cleaned, which allows for injecting sql. Proof of Concept Add sql injection statement to opportunities duplicateparentid on save request...

6.4CVSS7.3AI score0.0191EPSS
Exploits2
Huntr
Huntr
•added 2023/10/02 7:37 p.m.•32 views

Stored XSS in Attachment File Name

Description A stored cross-site scripting vulnerability exists within the file attachment upload functionality. Replication Steps 0x01. As a user with only the "Edit Record" and "Add Attachments" permissions, the user proceeded to edit a FAQ record and clicked "Add new attachment", as seen in the...

5.5AI score0.00414EPSS
Exploits1
Huntr
Huntr
•added 2023/10/02 5:45 p.m.•21 views

Application allows excessively long password value

Description Vrite v0.2.0 allows excessively long passwords to be set for user accounts which introduce several issues and challenges, primarily related to performance, storage, and compatibility. Proof of Concept 1. Make an user profile in the app. 2. Go to settings security Change password. 3. I...

5CVSS7AI score0.00643EPSS
Exploits1
Huntr
Huntr
•added 2023/10/02 2:3 p.m.•34 views

Heap BoF in trunc_string()

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the master branch as of 09/25 at commit 6ee7b521fa7531ef356ececc8be7575c3800f872 . Description Heap BoF in the file /src/message.c in the function truncstring at line 356. Snippet c bufe -...

5CVSS6.9AI score0.0119EPSS
Exploits1
Huntr
Huntr
•added 2023/10/02 3:38 a.m.•11 views

CSRF in Save Box Settings

Description CSRF in Save Box Settings Proof of Concept 1 .Attacker send form fake to user history.pushState'', '', '/'; document.forms0.submit; 2 .User click, interface home changed Video Poc https://drive.google.com/file/d/18y9P7SZuHgNC3uzmD50Xo82Yrmp5V4VS/view?usp=sharing...

7.2AI score
Exploits0
Huntr
Huntr
•added 2023/10/01 6:8 p.m.•28 views

CWE-476 leads to potential OOB Read

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the master branch as of 09/25 at commit f109bf93c9402e4e3122a7ae7846e6feae4fa222 . Description This AddressSanitizer output is indicating a OOB read that is semi-controllable, but is...

1.9CVSS6.6AI score0.00431EPSS
Exploits1
Huntr
Huntr
•added 2023/09/30 3:18 p.m.•18 views

CSRF on marking an admin task as complete

Description A data altering method is done through a get request in AdminTaskToggleDoneView, making it vulnerable to csrf attack. In django, get request is considered as a safe method and is not protected against csrf. Proof of Concept python class AdminTaskToggleDoneViewLoginRequiredMixin,...

4.3CVSS6.9AI score0.00238EPSS
Exploits1References1
Huntr
Huntr
•added 2023/09/30 11:50 a.m.•21 views

Open Redirect

Description There is an open redirect in the endpoint /project/switch/project due to the use of symfony's redirect function from a user controlled input. Proof of Concept php $targetPath = $request-query-get'targetPath', false; if $targetPath return $this-redirect$targetPath;...

5.8CVSS6.8AI score0.33629EPSS
Exploits1References1
Huntr
Huntr
•added 2023/09/30 7:44 a.m.•13 views

CSRF edit Blacklist settings( YES to NO)

Description CSRF edit Blacklist settings Proof of Concept 1 .For example, the data fields in the Blacklist settings are all set to: YES. 2 .The attacker sends a fake form to the user: history.pushState'', '', '/'; document.forms0.submit; 3 .User Clicked, changed the setting to NO, which the user...

7.1AI score
Exploits0
Huntr
Huntr
•added 2023/09/30 6:39 a.m.•19 views

Reflected XSS in /admin/index.php

Description Description I noticed, your website is very secure. But you overlooked a flaw XSS Proof of Concept 1. Step 1: Access the demo website 2. Step 2: Access admin/index.php?action=ngductung"img src/onerror="alert'XSS' 3. Step 3: Detect XSS Video PoC...

7.2AI score0.01105EPSS
Exploits1
Huntr
Huntr
•added 2023/09/29 5:31 p.m.•10 views

Store XSS when Edit label set

Description Store XSS when Edit label set. I noticed, you have filtered the input when creating the label set. But, perhaps you forgot to filter when editing the label set. Proof of Concept 1 .Create a label set 2 .Edit label set with payload : haidoalertdocument.domain 3 .Click Export multiple...

6.3AI score
Exploits0
Huntr
Huntr
•added 2023/09/29 2:49 a.m.•24 views

Heap OOB Read

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the latest release as of 09/28/23 the current master branch at commit c5603fa8de0e7d4460718e28f90989ffdf925494 . Description This AddressSanitizer output is indicating an OOB read of inval...

3.3CVSS6.9AI score0.00341EPSS
Exploits1
Huntr
Huntr
•added 2023/09/28 6:51 p.m.•19 views

CSRF Edit Locale files

Description CSRF edit Locale files Proof of Concept 1 .Attack sends fake requests to users history.pushState'', '', '/'; document.forms0.submit; 2 .User click, edited unwanted Locale files Payload Poc https://drive.google.com/file/d/1wpgmDoK0fGsiPSKfThVoEWq50pj7sBz5/view?usp=sharing Video Poc...

7.1AI score0.00216EPSS
Exploits1
Huntr
Huntr
•added 2023/09/28 5:29 p.m.•14 views

CSRF Delete Navigation Menu Items

Description CSRF Delete Navigation Menu Items Proof of Concept 1 .Attack sends fake requests to users history.pushState'', '', '/'; document.forms0.submit; 2 .User click, deletes unwanted Navigation Menu Items Payload Poc...

7.1AI score0.0024EPSS
Exploits1
Huntr
Huntr
•added 2023/09/28 4:14 p.m.•17 views

CSRF Delete Categories

Description CSRF Delete Categories Proof of Concept 1 .Attack sends fake requests to users history.pushState'', '', '/'; document.forms0.submit; 2 .User clicks, deletes unwanted Categories Payload Poc https://drive.google.com/file/d/12cCzI-b9KLCRlND6MmjM6j-DJfTJiIt/view?usp=sharing Video Poc...

7.1AI score0.00264EPSS
Exploits1
Huntr
Huntr
•added 2023/09/27 9:36 a.m.•17 views

SSRF vulnerability in the vrite

Description This vulnerability can be used to leak remote server information, bypass CDN like cloudflare. Also it can be used to the SSRF attack. Proof of Concept Here we can use it to leak the real IP of the https://app.vrite.io. GET /proxy?url=https://your-vps-ip.nip.io/ HTTP/2 Host: app.vrite....

7.5CVSS6.9AI score0.00842EPSS
Exploits1
Huntr
Huntr
•added 2023/09/27 8:8 a.m.•11 views

Incorrect Authorization in User role

Description Incorrect Authorization in User role Proof of Concept 1 .Default, administrator User ID =1 cannot add user roles 2 .Remove the "disable" class at Inspect 3 .After that, add the user role success Video Poc https://drive.google.com/file/d/1vQPHZwaghByHsqEgQI9p3EiGeVCTbLK7/view?usp=shari...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/09/26 5:46 p.m.•9 views

Add arbitrary users to the user group

Description Add arbitrary users to the user group Proof of Concept 1 .Administrator user haido456 creates a user group name : group456 2 .User hai123 has general user rights but has the right to add arbitrary users to the user group: group456 3 .This includes users that the admin does not want...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/09/24 3:18 p.m.•35 views

Session is not expiring after password resetting

Description Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs, in this case the session is not getting expired after the password change Proof of Concept 1. Open http://localhost:8188/studio/profile in 2 browsers I use Firefox a...

7AI score0.00504EPSS
Exploits1References1
Huntr
Huntr
•added 2023/09/24 1:24 p.m.•38 views

No rate limit on sending magic link to sign-in

Description It was observed that rate limit is not being implemented on sending magic link , which allows an attacker to spam the victims mailbox. Affected URL : https://app.vrite.io/api/v1/auth.sendMagicLink?batch=1 Proof of Concept 1. Visit - https://app.vrite.io/auth 2. select option "continue...

4CVSS6.9AI score0.00544EPSS
Exploits1
Huntr
Huntr
•added 2023/09/23 5:58 p.m.•20 views

stored xss using journal-role when user try to export user of any journal

BUG ========== stored xss using journal-role when user try to export user of any journal SUMMURY ========= lower level user can attack higher level user using this xss STEP TO REPRODUCE ================ 1. from Admin account create a journal called "journal-A" .\ \ 2. Admin goto above journal...

7AI score0.00338EPSS
Exploits1
Huntr
Huntr
•added 2023/09/23 3:51 p.m.•21 views

Disabled accounts still work normally

Description Disabled accounts still work normally Proof of Concept The account A is logged in and active. Admin suddenly disabled that account, but account A still works normally. Video Poc https://drive.google.com/file/d/15OHZF71pJyGaU30dQaw6NglkpZEhpOPm/view?usp=sharing...

7.2AI score0.0044EPSS
Exploits1
Huntr
Huntr
•added 2023/09/23 5:47 a.m.•13 views

Store XSS at Label sets list in (Version 6.2.7)

Description First of all, I apologize for reporting back. I noticed, the latest current version is 6.2.7. XSS vulnerabilities still exist Proof of Concept Detail: 1 .Login and access Label sets list 2 .Create new label set 3 . Insert payload in to Title haido" onclick="alert1 4 .Click save ==...

6.4AI score
Exploits0
Huntr
Huntr
•added 2023/09/22 9:44 a.m.•20 views

Insufficient Session Expiration

Description User's action is still vaild when admin changed privileges. Proof of Concept 1. Admin create user1 and grant all privileges. 2. go into incognito mode and login as user1 then go to user list page. 3. admin create user2 and in user1 browser refresh the page to see user2. 4. Then admin...

7.2AI score0.00576EPSS
Exploits1References1
Huntr
Huntr
•added 2023/09/22 5:2 a.m.•17 views

Improper validation of intent data received in TextViewerActivity allows opening of arbitrary files in hamza417/inure

Description Tested on Build89 of the Inure application. It was discovered that the application had an exported activity .activities.association.TextViewerActivity which accepted intent data via the file scheme + text/ mime type and opened the associated files from provided URI data string. The...

1.7CVSS7AI score0.00261EPSS
Exploits1References1
Total number of security vulnerabilities4072