Lucene search
K

4072 matches found

Huntr
Huntr
added 2021/09/20 10:49 a.m.9 views

Cross-site Scripting (XSS) - Stored in zikula-modules/content

Description Stored XSS in External element Feed when created Content Proof of Concept POST /content/item/edit?type=Zikula%5CContentModule%5CContentType%5CFeedType HTTP/2 Host: demo.ziku.la Cookie: zsid=5idn7q9udrp7mgirikmdlep45d User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...

6.3AI score
Exploits0
Huntr
Huntr
added 2021/09/20 8:51 a.m.10 views

Cross-site Scripting (XSS) - Stored in zikula/core

Description Stored XSS in Blocks Module when Create new block with Block type ZikulaBlocksModule/Xslt Proof of Concept POST /blocks/admin/block/edit/8 HTTP/2 Host: demo.ziku.la Cookie: zsid=5idn7q9udrp7mgirikmdlep45d User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101...

6.3AI score
Exploits0
Huntr
Huntr
added 2021/09/20 6:33 a.m.16 views

Inefficient Regular Expression Complexity in josdejong/jsoneditor

✍️ Description The jsoneditor package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted element as input to the getInnerText function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex...

5CVSS0.6AI score0.01372EPSS
Exploits1
Huntr
Huntr
added 2021/09/20 5:31 a.m.14 views

Open Redirect in zikula/core

Description Open Redirect on Login with parameter ?returnUrl= Proof of Concept POST /login?returnUrl=https://google.com HTTP/2 Host: demo.ziku.la Cookie: zsid=b6g4qa64983t2tg073uh1e1rjm User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/09/20 4:54 a.m.11 views

Cross-site Scripting (XSS) - Stored in zikula-modules/content

Description Stored XSS in Content allows for the arbitrary execution of JavaScript Proof of Concept POST /content/admin/page/edit HTTP/2 Host: demo.ziku.la Cookie: zsid=3u8efffphk5430gdmlevluk6fa User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/09/19 7:26 p.m.20 views

Inefficient Regular Expression Complexity in nltk/nltk

✍️ Description The nltk package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide as an input to the readcomparisonblock function in the file "nltk/corpus/reader/comparativesents.py" may cause an application to consume an excessive amount of CPU. Belo...

5CVSS0.7AI score0.01649EPSS
Exploits1
Huntr
Huntr
added 2021/09/19 6:12 p.m.15 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Description Hello dear firefly-iii team I found some CSRFs with low priority in firefly-iii...

6.8CVSS1.4AI score0.00524EPSS
Exploits1
Huntr
Huntr
added 2021/09/19 5:30 p.m.24 views

Server-Side Request Forgery (SSRF) in osticket/osticket

Description The SSRF vulnerability in OSTickets detailed in CVE-2020-24881 is still unfixed, attackers can still make arbitrary requests via the server to the private network via the PDF print generator although they will not be able to exfiltrate anything other than image data. Proof of Concept ...

1.2AI score0.73267EPSS
Exploits3References1
Huntr
Huntr
added 2021/09/19 2:50 p.m.12 views

Cross-site Scripting (XSS) - Stored in causefx/organizr

Description When creating a new Tab, the name of the tab can store JavaScript. This also happens, when editing the name of an existing Tab. - I tested it with docker image for Organizr hash 7fb764ccd226. organizr/organizr latest 7fb764ccd226 4 weeks ago 73.3MB - Branch is v2-master. Proof of...

7.1AI score
Exploits0
Huntr
Huntr
added 2021/09/19 10:44 a.m.22 views

Inefficient Regular Expression Complexity in pksunkara/inflect

✍️ Description The inflect package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted tablename as input to the classify function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. 🕵️‍♂️...

5CVSS1.2AI score0.01183EPSS
Exploits1
Huntr
Huntr
added 2021/09/19 10:4 a.m.9 views

Cross-Site Request Forgery (CSRF) in janeczku/calibre-web

Description Hi team :, the /shelf/remove/id and /shelf/add/id is vulnerable against CSRFleading to the possibility to add and remove shelves' items on the behalf of the victim user. Proof of Concept 1. Install the application 2. Create a new shelf id == 1 in this case 3. The attacker sends the...

6.8AI score
Exploits0
Huntr
Huntr
added 2021/09/18 8:49 p.m.10 views

Cross-site Scripting (XSS) - Stored in zikula-modules/mediamodule

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept // PoC.js Steps to reproduce : 1 -- Go to link -- https://demo.ziku.la/media/media/create/paste/url 2 -- Inject Payload in...

6.3AI score
Exploits0
Huntr
Huntr
added 2021/09/18 8:44 p.m.12 views

Cross-site Scripting (XSS) - Reflected in zikula/core

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC.js POST /categories/admin/category/contextMenu HTTP/2 Host: demo.ziku.la Cookie: zsid=a9b37grip4in2kp0j6kaugdvrh...

5.4AI score
Exploits0
Huntr
Huntr
added 2021/09/18 7:34 p.m.8 views

Cross-site Scripting (XSS) - Reflected in zikula/core

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC Request: POST /permissions/test HTTP/1.1 Host: demo.ziku.la Cookie: zsid=qk60gkn4dmhgrjc6io2kt3dij4 User-Agent:...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/09/18 4:18 p.m.9 views

in zikula/core

Description Rate limit bypass sent unlimited email victim or any email address Proof of Concept There is no rate limit lost-user-name, attacker to send unlimited email to victim or any email address. POST /zauth/account/lost-user-name HTTP/1.1 Host: demo.ziku.la User-Agent: Mozilla/5.0 Windows NT...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/09/18 3:43 p.m.11 views

Inefficient Regular Expression Complexity in mochajs/mocha

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in mocha. It allows cause a denial of service when stripping crafted invalid function definition from strs. The ReDoS vulnerability is mainly due to the regex...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/09/18 11:19 a.m.6 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in spiral-project/ihatemoney

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/10p4ejCFsLA6LO32nPNTRKqZjlqVHVpUf/view?usp=sharing Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP...

Exploits0References1
Huntr
Huntr
added 2021/09/17 5:31 p.m.9 views

in zikula/core

Description Sensitive Data can be exposed even after logouting the application Proof of Concept Tested url :: https://demo.ziku.la/ Tested on :: Firefox 1 Login to the application 2 Got my account 3 Click logout button 4 Press browser back button 5 Now the we can re-enter to the dashboard Impact...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/09/17 4:23 p.m.9 views

Inefficient Regular Expression Complexity in validatorjs/validator.js

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in validator. It allows cause a denial of service when validating crafted invalid MagnetURIs. The ReDoS vulnerability is mainly due to the sub-pattern .+&tr=.+ with quantified overlapping adjacency and c...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/09/17 6:23 a.m.11 views

Inefficient Regular Expression Complexity in isaacs/minimatch

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in minimatch. It allows cause a denial of service when calling function braceExpand. The ReDoS vulnerability is mainly due to the regex /./ and can be exploited with the following code. Proof of Concept...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/09/17 6:15 a.m.22 views

Heap-based Buffer Overflow in mruby/mruby

Description Heap buffer overflow in mruby Proof of Concept // poc.rb %= % .clear ensure begin unless ?n = % :regex or 11 Compile mruby with asan git clone https://github.com/mruby/mruby cd mruby LDFLAGS="-fsanitize=address" CFLAGS="-fsanitize=address -g" make ./bin/mruby poc.rb Result ./bin/mruby...

7.7AI score
Exploits0
Huntr
Huntr
added 2021/09/17 5:8 a.m.8 views

Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin

Description Stored XSS Content allows for the arbitrary execution of JavaScript Proof of Concept In Wechat management at feature - Reply rule management - Follow reply configuration - Default reply configuration - Follow automatic replies Save Reply text with payload : \x3csVg/\x3e XSS will trigg...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/09/16 9:7 p.m.6 views

Session Fixation in alovoa/alovoa

Description On changing password both session using which user changes password and old sessions in any other browser or device does not expire and remains active. Proof of Concept STEPS TO REPRODUCE: 1. Log in to Browser A and make sure to check 'stay logged in to this device' checkbox while...

2AI score
Exploits0References1
Huntr
Huntr
added 2021/09/16 7:36 p.m.12 views

Stack-based Buffer Overflow in gwsw/less

Description The less utility is a pager used by many applications and setups. One such setup is access to log files. If permissions are not sufficient for regular users, less can be called with sudo. LESSSECURE=1 can be set to disable many dangerous operations which a regular user should not be...

1.5AI score
Exploits0References1
Huntr
Huntr
added 2021/09/16 5:4 p.m.8 views

Inefficient Regular Expression Complexity in chocobozzz/peertube

Description Hello Again dear Peertube team. I found inefficient regular expression in that have a Polynomial execution time that can be lead to ReDoS attacks and it is better to replace it with another regex or Use google re2 regex engine for server sides code. Proof of Concept I create two...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/09/16 4:40 p.m.15 views

Cross-site Scripting (XSS) - Stored in zhongshaofa/easyadmin

Description Stored XSS in FileName allows for arbitrary execution of JavaScript Proof of Concept At Upload Management Upload File Image with filename : Sun'set.jpg Image Upload File https://user-images.githubusercontent.com/31820707/133646077-b6a14692-fea3-4a37-95e7-eb4c4e6f9073.png Image XSS...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/09/16 2:31 p.m.10 views

in zoujingli/thinkadmin

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept: please Note that this leads also to a verbose error that shows credentials of the owner . Ex : Link --...

Exploits0
Huntr
Huntr
added 2021/09/16 11:6 a.m.6 views

Inefficient Regular Expression Complexity in faisalman/ua-parser-js

Description Hello my dear I found another inefficient regular expression in ua-parser-js that have a Polynomial execution time not exponential but still dangerous. Proof of Concept I create two payloads that you can compare the execution times between them in Regexr provided links. payload 1...

6.8AI score
Exploits0
Huntr
Huntr
added 2021/09/16 6:36 a.m.10 views

in khodakhah/nodcms

Description Violation of secure design principles Proof of Concept step 1: click on login page and login into account. step 2: we can see dashboard and further options inside the application step 3: logout from application step 4: directly visit the url: https://demo.nodcms.com/admin/ step 5:...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2021/09/16 6:4 a.m.5 views

Exposure of Sensitive Information to an Unauthorized Actor in opendatacube/odc-tools

Description Information Disclosure AWS PrincipleID, sourceIPAddress, configurationId and more. Proof of Concept https://raw.githubusercontent.com/opendatacube/odc-tools/develop/apps/dctools/tests/data/sentinel-2-nrt20200821.json Impact Leaks Sensitive Data...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/09/16 3:58 a.m.14 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ledgersmb/ledgersmb

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1ESnBKwFef8D42A2VD3W59vXMLdWhCxS9/view?usp=sharing Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP...

4CVSS0.00941EPSS
Exploits1References1
Huntr
Huntr
added 2021/09/15 2:54 p.m.15 views

in khodakhah/nodcms

Description Clear Text submission of password through unencrypted channel Proof of Concept POST /en/login HTTP/1.1 Host: demo.nodcms.com User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:92.0 Gecko/20100101 Firefox/92.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language:...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2021/09/15 2:32 p.m.10 views

Sensitive Cookie Without 'HttpOnly' Flag in babybuddy/babybuddy

Description HttpOnly flag not mentioned Proof of Concept step to reproduce below show request GET /login/?next=/google.com HTTP/1.1 Host: demo.baby-buddy.net User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:92.0 Gecko/20100101 Firefox/92.0 Accept:...

7.2AI score
Exploits0References1
Huntr
Huntr
added 2021/09/15 2:2 p.m.9 views

in babybuddy/babybuddy

Description Violation of secure design principles Proof of Concept step 1: login to account and logout step 2: click back button in browser step 3:check rightt corner of there we can see user profile option step 4: click on that application settings is getting listed PoC image attached as link...

6.6AI score
Exploits0References1
Huntr
Huntr
added 2021/09/15 1:51 p.m.10 views

in babybuddy/babybuddy

Description Weak password implementation Proof of Concept step 1: login into account step 2: goto settings http://demo.baby-buddy.net/user/password/ step 3: change password admin to 12 and save changes step 4: we can see updated message application is allowing to set weak password. poc of image i...

7AI score
Exploits0References1
Huntr
Huntr
added 2021/09/15 9:14 a.m.10 views

Cross-site Scripting (XSS) - Stored in mineweb/minewebcms

Description A malicious actor is able to add new Notification with a malicious payload, and upon the user receives the notification, the malicious payload is being executed. Proof of Concept - 1; Log in with any user, who is able to submit notifications - 2; Create a new notification at...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/09/15 8:54 a.m.8 views

in zoujingli/thinkadmin

Description upload file to any path Proof of Concept User can upload file to any path by path-traversal POST /admin/api.upload/file.html HTTP/2 Host: v6.thinkadmin.top Cookie: lang=zh-cn; PHPSESSID=88a2945fb139bb74f87137d2144709ab; limit=20 Content-Length: 14170 Sec-Ch-Ua: "Google Chrome";v="93",...

7.1AI score
Exploits0
Huntr
Huntr
added 2021/09/15 8:24 a.m.11 views

Code Injection in zoujingli/thinkadmin

Description remote code execution Proof of Concept Bellow request is vulnerable to arbitary system command injection .\ During file upload it does not properly check file upload which allow to upload php file and this php file will execute system command POST /admin/api.upload/file.html HTTP/2...

1AI score
Exploits0
Huntr
Huntr
added 2021/09/15 6:45 a.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in babybuddy/babybuddy

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1zWCQRRZl42kEbqrs0QS4hXyUdjnBRf/view Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The...

Exploits0References1
Huntr
Huntr
added 2021/09/15 6:0 a.m.9 views

Cross-site Scripting (XSS) - DOM in zoujingli/thinkadmin

Description DOM based xss via url hash frgament Proof of Concept First login into https://v6.thinkadmin.top and then visit https://v6.thinkadmin.top/admin.htmlhttps://bbounty.000webhostapp.com/cors.php?id=xxxxx2 and see xss is executed Impact DOM based xss via url hash fragment...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/09/15 4:37 a.m.8 views

Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin

Description Stored xss Proof of Concept Plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1hyN4X9gIgQJH2B5QEFhkniGt78sIw1iF/view?usp=sharing Impact Xss allow to arbitary javascript code execution...

1AI score
Exploits0
Huntr
Huntr
added 2021/09/14 3:48 p.m.14 views

Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin

Description Stored xss via name Proof of Concept 1. First goto https://v6.thinkadmin.top/admin.html/admin/base.html?type=datea&spm=m-2-4-8 and edit a data and put bellow xss payload in Data name field . xss"' Now see xss is executed VIEDO...

3AI score
Exploits0
Huntr
Huntr
added 2021/09/14 3:11 p.m.14 views

Cross-site Scripting (XSS) - DOM in mineweb/minewebcms

✍️ Description A malicious actor is able to add a malicious payload as a new Navigation Bar Link Title, and after every time any users visit the main root page of the website, the XSS payload is executed and the session of whoever visits the site is compromised. 🕵️‍♂️ Proof of Concept 1; Create a...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/09/14 2:34 p.m.7 views

Cross-site Scripting (XSS) - Stored in mineweb/minewebcms

Description A malicious actor is able to add a malicious payload as a new Page Title, and after every time any administrative user visits the /admin/pages route, the XSS payload is executed. Proof of Concept 1;Create a new Page at the following route: /admin/pages/add. Use the following payload a...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/09/14 7:25 a.m.11 views

Cross-Site Request Forgery (CSRF) in pheditor/pheditor

Description Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...

0.9AI score
Exploits0References2
Huntr
Huntr
added 2021/09/14 7:2 a.m.32 views

Cross-site Scripting (XSS) - Reflected in pheditor/pheditor

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.3AI score
Exploits0References2
Huntr
Huntr
added 2021/09/14 6:59 a.m.10 views

Path Traversal in pheditor/pheditor

Description A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...

1.1AI score
Exploits0References2
Huntr
Huntr
added 2021/09/14 6:11 a.m.11 views

Open Redirect in sbrl/pepperminty-wiki

Description Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain...

0.2AI score
Exploits0References2
Huntr
Huntr
added 2021/09/14 6:4 a.m.5 views

Cross-site Scripting (XSS) - Reflected in sbrl/pepperminty-wiki

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.3AI score
Exploits0References2
Huntr
Huntr
added 2021/09/14 5:54 a.m.8 views

in sbrl/pepperminty-wiki

Unrestricted Upload of File with Dangerous Type allows javascript injection Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file...

7AI score
Exploits0References2
Total number of security vulnerabilities4072