Lucene search
K

4072 matches found

Huntr
Huntr
added 2021/09/26 9:25 p.m.7 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in jonschoning/espial

Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2021/09/26 9:12 p.m.7 views

in jonschoning/espial

Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. PoC https://i.ibb.co/QFTZD9j/clickjack.png Impact According to PortSwigger references, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable ...

0.9AI score
Exploits0References1
Huntr
Huntr
added 2021/09/26 8:34 p.m.8 views

in jonschoning/espial

Description Weak password implementation Proof of Concept step 1: login into account goto https://esp.ae8.org/Settings/Password step 2: change password demo to 12 or 1 and save changes step 3: we can see updated message application is allowing to set weak password. poc of image for your reference...

7AI score
Exploits0References1
Huntr
Huntr
added 2021/09/26 7:43 p.m.11 views

in gotify/server

Description On OS level, the authorization token of the user is being logged, with the default docker installation. Proof of Concept 1; Install the docker version of the software 2; Log in with any user 3; Observe the logs, and the following row is being displayed: GIN 2021/09/26 - 19:34:52 | 200...

3.1AI score
Exploits0
Huntr
Huntr
added 2021/09/26 7:9 p.m.20 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in kcal-app/kcal

Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2021/09/26 6:2 p.m.12 views

in kcal-app/kcal

Description Weak password implementation Proof of Concept step 1: login into account goto http://demo.kcal.cooking/users/kcal/edit step 2: change password kcal to 12 and save changes step 3: we can see updated message application is allowing to set weak password. poc of image in below link...

7AI score
Exploits0References1
Huntr
Huntr
added 2021/09/26 11:47 a.m.6 views

Cross-site Scripting (XSS) - Reflected in opensourcepos/opensourcepos

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC POST Request: https://demo.opensourcepos.org/messages/send/ Data:...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/09/26 10:31 a.m.9 views

Use of a Broken or Risky Cryptographic Algorithm in idno/known

Description In the referenced code, known uses an insecure RNG to generate a password because, in its words; this should "mitigate security holes if cleanup fails" - unfortunately, if the cleanup fails - an attacker may be able to predict the password to the created account. Proof of Concept See...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/09/26 8:26 a.m.10 views

in amirsanni/mini-inventory-and-sales-management-system

Description It is possible to enumerate registered emails using forgot password functionality as application is showing the different response when email exists and does not exists Proof of Concept Impact The product behaves differently or sends different responses under different circumstances i...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/09/26 6:12 a.m.10 views

Cross-Site Request Forgery (CSRF) in collectiveaccess/providence

Description I have found more endpoints which allow edit/duplicate were not protected from CSRF, the following endpoints are: 1: Edit Global Value in Pawtucket. 2: Change object type. 3: Duplicate object. 4: Duplicate items in the set and add to another set. Proof of Concept Via GET requests: 1...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/09/26 1:48 a.m.15 views

Heap-based Buffer Overflow in mruby/mruby

Description Heap buffer overflow on mrb-vm-exec Proof of Concept // poc.rb 1.timesuntil% ;break Result ./mruby poc.rb ================================================================= ==1451==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000023d9 at pc 0x55b2fc3f1046 bp...

Exploits0
Huntr
Huntr
added 2021/09/25 6:55 p.m.12 views

Cross-Site Request Forgery (CSRF) in galette/galette

Description Attacker is able to execute an CSRF attack when a user visits a malicious page Proof of Concept // PoC.html history.pushState'', '', '/' Impact This vulnerability is capable of allowing an attacker to submit CSRF through a crafted malicious page...

3.1AI score
Exploits0References1
Huntr
Huntr
added 2021/09/25 6:37 p.m.18 views

Code Injection in collectiveaccess/providence

Description client side injection Proof of Concept open the https://demo.collectiveaccess.org/find/QuickSearch/Index click on search input the code in search bar clickme https://i.ibb.co/tmB0K64/client.png Impact This vulnerability is injecting malicious code into application...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2021/09/25 5:7 p.m.18 views

Cross-Site Request Forgery (CSRF) in collectiveaccess/providence

Description No CSRF token and GET requests allowed in Data and Metadata imports Proof of Concept 1. Login as administrator 2. Create a directory called test in /import directory and put a CSV file inside 3. On the browser with administrator cookies, visit...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/09/25 3:41 p.m.14 views

Server-Side Request Forgery (SSRF) in collectiveaccess/providence

Description Authenticated, blind SSRF vulnerability exists in CollectiveAccess. Requires edit access tested with default cataloguer account Proof of Concept As the 'cataloguer', user: Step 1. Create a new object with the title: Step 2. After submitting this object, browse for objects in...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/09/25 2:58 p.m.7 views

in kcal-app/kcal

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes...

1AI score
Exploits0References1
Huntr
Huntr
added 2021/09/25 1:59 p.m.12 views

Cross-Site Request Forgery (CSRF) in attendize/attendize

Description Attacker is able to make an event live. Proof of Concept When you logged in open this POC.html in a browser. history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging user to unintentional mark an event live. Test Tested on Safari. Fix You...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/09/25 10:41 a.m.11 views

Cross-Site Request Forgery (CSRF) in janeczku/calibre-web

Description csrf bug to chnage shelf from private to public Proof of Concept Bellow request is vulnerable to csrf attack document.getElementById"test".click; Impact csrf bug to change anyone shelf status from private to public...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/09/25 10:7 a.m.14 views

Open Redirect in jonschoning/espial

Description Open Redirect at add url with parameter ?next= Proof of Concept // PoC.request POST /api/add HTTP/2 Host: esp.ae8.org Cookie:...

7AI score
Exploits0
Huntr
Huntr
added 2021/09/25 9:59 a.m.15 views

Cross-site Scripting (XSS) - Stored in jonschoning/espial

Description Stored XSS in parameter description when add url Proof of Concept // PoC.request POST /api/add HTTP/2 Host: esp.ae8.org Cookie:...

6.3AI score
Exploits0
Huntr
Huntr
added 2021/09/24 7:47 p.m.4 views

Improper Privilege Management in openemr/openemr

Description A predefined Front desk receptionist have access to the Audit Log Tamper Report function. By default this is a predefined system administrator function, and no other users should be able to access this function. Proof of Concept Log in with a Front desk receptionist user Simply open t...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/09/24 7:29 p.m.9 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

Description With this CSRF any user is able to remove any punishment on any user made by the staff. Proof of Concept After you log in, open this POC.html in a browser. This will remove any punishment that's specified in the POC. history.pushState'', '', '/' document.forms0.submit; This specific P...

3AI score
Exploits0
Huntr
Huntr
added 2021/09/24 6:0 p.m.12 views

Cross-site Scripting (XSS) - Stored in collectiveaccess/providence

Description stored xss via event name Proof of Concept Plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1iMDosuZYYmFyJEVxXo7KB09TghKPs-7/view?usp=sharing \ Here i uses bellow xss payload xss2"'onmouseover=prompt;// Impact Stored xss...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/09/24 4:5 p.m.5 views

Cross-site Scripting (XSS) - Reflected in collectiveaccess/providence

Description Reflected XSS in form Search Proof of Concept // PoC.js POST /find/QuickSearch/Index HTTP/1.1 Host: demo.collectiveaccess.org Cookie: cademo=5b9d06b7-3860-477d-9d53-85e6b2b1ae99; CAcademouilocale=enUS User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101...

Exploits0
Huntr
Huntr
added 2021/09/24 3:54 p.m.7 views

Inefficient Regular Expression Complexity in crankyoldgit/irremoteesp8266

✍️ Description The IRremoteESP8266 package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the extractsupports function in the file scrapesupporteddevices.py may cause an application to consume an excessive amount of CPU. Below...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/09/24 3:51 p.m.6 views

Open Redirect in collectiveaccess/providence

Description Open Redirect on Login with parameter ?redirect= Proof of Concept // PoC.request POST /system/Auth/DoLogin HTTP/1.1 Host: demo.collectiveaccess.org Cookie: cademo=ea7632ab-0ad8-4b0f-939f-9e292f232ff6; CAcademouilocale=enUS User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93...

7AI score
Exploits0
Huntr
Huntr
added 2021/09/24 7:42 a.m.8 views

in mruby/mruby

Description NULL Pointer Dereference on easet Proof of Concept // poc.rb ...1, From: +- 2 Result mruby/bin/mruby poc.rb AddressSanitizer:DEADLYSIGNAL ================================================================= ==28787==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 pc...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/09/24 5:35 a.m.8 views

in aces/loris

Description It is possible to perform a clickjacking attack due to the lack of frame restrictions such as X-Frame-Options: DENY Proof of Concept Tested :: https://demo.loris.ca/ https://drive.google.com/file/d/1oSi2JpYnPjjoL6QvhFnsHcTD94KMzKBj/view?usp=sharing Impact Clickjacking is an...

Exploits0References1
Huntr
Huntr
added 2021/09/24 2:14 a.m.11 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF in deleting comments Proof of Concept 1. Logging in using admin/staff account 2. Go to torrent https://unit3d.site/torrents/19comments 3. Access the link https://unit3d.site/comments/delete/5 4 .See that the comment is deleted Impact This vulnerability is capable of deleting...

1AI score
Exploits0
Huntr
Huntr
added 2021/09/24 1:58 a.m.8 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF in flushing peer Proof of Concept 1. Login stafff/admin account 2. Access this link https://unit3d.site/dashboard/flush/peers 3. See that the peers has been flushed. Impact This vulnerability is capable of flushing peers...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/09/24 1:5 a.m.10 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF allows enable/disable bots CSRF allows flush chatbox Proof of Concept After logging in to unit3d.site, Access this link: https://unit3d.site/dashboard/chat/bots/2/disable, https://unit3d.site/dashboard/chat/bots/2/enable See that the chat bot is disabled/enabled correspondingly...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/09/24 12:13 a.m.13 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description Attacker is able to run staff commands. Proof of Concept When you logged in open this POC.html in a browser. You can run staff only tools. history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging user to unintentional run staff only tools...

1.6AI score
Exploits0
Huntr
Huntr
added 2021/09/23 6:42 p.m.11 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description Attacker is able to disable the form Proof of Concept When you logged in open this POC.html in a browser. You can put the website into maintenance mode. history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of disabling the website...

2.6AI score
Exploits0
Huntr
Huntr
added 2021/09/23 5:21 p.m.12 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description Attacker is able to change a torrents featured state to un-featured if a logged in user visits attacker website. Proof of Concept When you logged in open this POC.html in a browser. You can check the torrents state changed to un-featured. history.pushState'', '', '/'...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/09/23 4:47 p.m.13 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description Attacker is able to change a torrents featured state to if a logged in user visits attacker website. Proof of Concept 1. When you logged in open this POC.html in a browser. 2. You can check the torrents state changed to featured. history.pushState'', '', '/' document.forms0.submit;...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/09/23 3:19 p.m.12 views

Inefficient Regular Expression Complexity in trentm/python-markdown2

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in markdown2. The ReDoS vulnerability is mainly due to the sub-pattern with quantified overlapping adjacency and can be exploited with the following code. Proof of Concept // PoC.py import markdown2 from...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/09/23 2:24 p.m.7 views

Cross-site Scripting (XSS) - Reflected in forkcms/forkcms

Description Reflected XSS in form Search Proof of Concept // PoC.request POST /frontend/ajax HTTP/1.1 Host: demo.fork-cms.com Cookie: frontendlanguage=en; PHPSESSID=megjfhiirsim3v6klp91i7qjat User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/09/22 5:43 p.m.14 views

Cross-site Scripting (XSS) - Generic in tsolucio/corebos

Description Generic XSS in RSS content allows for the arbitrary execution of JavaScript Proof of Concept // PoC Request Add RSS Feed POST /corebos/index.php?module=Rss&action=RssAjax&file=Popup&directmode=ajax&rssurl=http://127.0.0.1:9999/rss.xml HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/09/22 4:4 p.m.10 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description Stored XSS in Subject in To Dos Proof of Concept // PoC Request POST /corebos/index.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

6.2AI score
Exploits0
Huntr
Huntr
added 2021/09/22 3:8 p.m.12 views

Inefficient Regular Expression Complexity in cronvel/terminal-kit

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in terminal-kit. It allows cause a denial of service when calling function markupWidth. The ReDoS vulnerability is mainly due to the regex /^^|^./g and can be exploited with the following code. Proof...

2AI score
Exploits0
Huntr
Huntr
added 2021/09/22 6:58 a.m.12 views

Cross-site Scripting (XSS) - Stored in unclebob/fitnesse

Description Stored XSS in FileName allows for arbitrary execution of JavaScript Proof of Concept // PoC Request POST /files/ HTTP/1.1 Host: localhost:8081 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/09/22 3:9 a.m.5 views

Cross-site Scripting (XSS) - Stored in evereux/flicket

Description Stored XSS in deleting departments page due to unsanitized input in many places. Proof of Concept 1. Create a new department with name 2. After creating the above department, Click on delete icon next to it and see the pop up. 3. Create a new ticket with title 4. View the ticket and s...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/09/21 8:24 p.m.17 views

Cross-site Scripting (XSS) - Reflected in sbrl/pepperminty-wiki

✍️ Description Stored XSS in action 🕵️‍♂️ Proof of Concept 1. Navigate to "index.php?action=alert1;&page=Main Page" 2. See XSS executed 💥 Impact With this vulnerability, You can run arbitrary java script on all users...

3.4AI score
Exploits0
Huntr
Huntr
added 2021/09/21 2:44 p.m.7 views

Inefficient Regular Expression Complexity in tapjs/tap-mocha-reporter

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in tap-mocha-reporter. The ReDoS vulnerability is mainly due to the regex /^\s+|\s+$|/g and can be exploited with the following code. Proof of Concept // PoC.js var tapMochaReporter =...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/09/21 8:41 a.m.36 views

Inefficient Regular Expression Complexity in validatorjs/validator.js

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in validator. It allows cause a denial of service when calling function 'rtrim'. The ReDoS vulnerability is mainly due to the regex /\s+$/g and can be exploited with the following code. Proof of Concept ...

5CVSS2.2AI score0.01666EPSS
Exploits1
Huntr
Huntr
added 2021/09/20 4:8 p.m.21 views

in dompdf/dompdf

Description DomPDF is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate...

1AI score0.0143EPSS
Exploits1References1
Huntr
Huntr
added 2021/09/20 1:43 p.m.14 views

in osticket/osticket

Description The URL parser incorrectly parses the URL given IFrame src attributes. An attacker is able to inject iframe elements linking to arbitrary domains which can be viewed by admins, bypassing the embedded domain whitelist. Proof of Concept will render malicious-server site rather than...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/09/20 1:13 p.m.9 views

Inefficient Regular Expression Complexity in ampproject/amphtml

✍️ Description The amphtml package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted template as input to the expandTemplate function of core/types/string/index.js may cause an application to consume an excessive amount of CPU. Below pinned...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/09/20 12:0 p.m.10 views

Inefficient Regular Expression Complexity in alvations/sacremoses

✍️ Description The sacremoses package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted text as input to the hasnumericonly function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/09/20 11:31 a.m.11 views

Inefficient Regular Expression Complexity in pyload/pyload

✍️ Description The pyload package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted HTML comments as input to the comments function of utils/web/purge.py may cause an application to consume an excessive amount of CPU. Below pinned line using...

1AI score
Exploits0
Total number of security vulnerabilities4072