Cross-Site Request Forgery (CSRF) in e107inc/e107

✍️ Description Attacker or malicious user is able to change social setting if a logged in user visits attacker website. because lack of CSRF token 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally your facebook page changed to...

Cross-Site Request Forgery (CSRF) in e107inc/e107

✍️ Description Attacker or malicious user is able to change search setting if a logged in user visits attacker website. because lack of CSRF token 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally some settings changed //POC.html...

Cross-Site Request Forgery (CSRF) in e107inc/e107

✍️ Description Attacker or malicious user is able to delete all caches if a logged in user visits attacker website. because lack of CSRF token. 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally all caches are cleared //POC.html...

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

✍️ Description Attacker able to delete any Profile filed with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with...

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

✍️ Description Attacker able to Add any Draft with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with visiting a...

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

✍️ Description Attacker able to Add any number of subscriber with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only...

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

✍️ Description Attacker able to Send any Mass mailing with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with...

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

✍️ Description Attacker able to Delete All Data in Tracker plugin with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means...

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

✍️ Description Attacker able to Purge All Archive Messages with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only...

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

✍️ Description Attacker able to delete any Draft with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with visitin...

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

✍️ Description Attacker able to Change List Password with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with...

OS Command Injection in zacanger/is-program-installed

✍️ Description There is "OS Command Injection" vulnerability on "is-program-installed" npm package. This package tries to understand the given parameter name program or binary name is installed in the computer or not. However, since this package does not properly control the characters in the...

in fisharebest/webtrees

✍️ Description A malicious actor, either logged in as an admin or after intercepting a request, is able to modify the path argument in the delete-path route, and can arbitrarily delete index.php or config.ini.php, rendering the site unusable. 🕵️‍♂️ Proof of Concept 1; An admin should navigate to...

Inefficient Regular Expression Complexity in clean-css/clean-css

✍️ Description It allows cause a denial of service when calling function isDataUriResource. 🕵️‍♂️ Proof of Concept // PoC.js var isDataUriResource = require"clean-css/lib/utils/is-data-uri-resource" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = 'data:' +...

Cross-site Scripting (XSS) - Stored in fisharebest/webtrees

✍️ Description A malicious actor is able to add a malicious payload as a Family Tree Title, and after click the Family Tree nav button from the My Pages Menu, the XSS payload is executed. 🕵️‍♂️ Proof of Concept 1;Create a new family tree, either when logging in after install for the first time, or...

Inefficient Regular Expression Complexity in yiminghe/async-validator

✍️ Description It allows cause a denial of service when validating crafted invalid URLs. 🕵️‍♂️ Proof of Concept // PoC.js var asyncValidator = require"async-validator" const validator = new asyncValidator.default v: type: 'url', , forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr =...

in bfabiszewski/libmobi

✍️ Description Overview This vulnerability is the use of out-of-range pointer offset, which lets attackers read memory information beyond the buffer size. Possibly, attackers can use this to do DOS Denial of Service attack or ALSR bypass by reading sensitive memory address information to all...

Code Injection in jerrod-lankford/google-voice-desktop-app

✍️ Description Attackers can execute malicious code on users computers using Google Voice Desktop App provided that users click on a malicious hyperlink in the app itself 🕵️‍♂️ Proof of Concept 1. Host the following index.html on a web server require'childprocess'.exec'calc'; 2. Users who click on...

in bfabiszewski/libmobi

✍️ Description Overview This vulnerability is of out-of-bound read, which lets attackers read memory information beyond the buffer size. Possibly, attackers can use this to do DOS Denial of Service attack or ALSR bypass by reading sensitive memory address information to all applications which use...

in bfabiszewski/libmobi

✍️ Description Overview This vulnerability is of out-of-bound read, which lets attackers read memory information beyond the buffer size. Possibly, attackers can use this to do DOS Denial of Service attack or ALSR bypass by reading sensitive memory address information to all applications which use...

Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Create a SSH key with PoC.html 🕵️‍♂️ Proof of Concept 1. User with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html 3.after...

Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to change the email of a user with PoC.html 🕵️‍♂️ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html...

Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Delete repositories History with PoC.html 🕵️‍♂️ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html...

Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Create users with PoC.html 🕵️‍♂️ Proof of Concept 1. User with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html 3.after visiting...

Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Delete users with PoC.html 🕵️‍♂️ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html 3.after visiting...

Inefficient Regular Expression Complexity in prismjs/prism

✍️ Description The prismjs package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. 🕵️‍♂️ Proof of Concept...

Inefficient Regular Expression Complexity in cdr/code-server

✍️ Description The code-server package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the ansiRegex functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS i...

None in vim/vim

✍️ Description Team, trust you are doing well. As part of continues fuzzing VIM v8.2.3425 in persistence mode, I found a heap use-after-free nvreplace. 🕵️‍♂️ Proof of Concept Affected version: VIM v8.2.3425 Tested on: Linux s157903 4.15.0-106-generic 107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x8664...

Inefficient Regular Expression Complexity in jaywcjlove/colors-cli

✍️ Description The colors-cli package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the ansi-regex functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS i...

Open Redirect in alanaktion/phproject

✍️ Description open-redirect 🕵️‍♂️ Proof of Concept Bellow url is vulnerable to open redirect after login .\ it will redirect user to any arbitary site . http://localhost/phproject/login?to=http://example.com 💥 Impact Open redirect to any site...

Cross-site Scripting (XSS) - Stored in alanaktion/phproject

✍️ Description stored xss via svg file upload 🕵️‍♂️ Proof of Concept Here i uses demo site https://demo.phproject.org .\ 1. First goto any project and upload a svg file https://github.com/ranjit-git/poc/blob/master/evilsvgfile.svg .\ 2. Now open this svg file using url like...

Inefficient Regular Expression Complexity in terkelg/prompts

✍️ Description The prompts package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted input to the strip functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS is...

in getgrav/grav

✍️ Description Developers often set cookies to be accessible from the root context path "/". Doing so exposes the cookie to all web applications on the domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications can lead a vulnerability...

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Hello dear glpi team I found one more CSRF vulnerability in following directory: Home/Setup/General/performance 🕵️‍♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here...

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Hello dear glpi team I found one more CSRF vulnerability in following directory: Home/Setup/General/performance 🕵️‍♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here User...

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Hello dear glpi team I found one more CSRF vulnerability. 🕵️‍♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here pdf plugin will be installed after clicking on submit...

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Hello dear glpi team I found one more CSRF vulnerability. 🕵️‍♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here pdf plugin will be uninstalled after clicking on submit...

Inefficient Regular Expression Complexity in sindresorhus/semver-regex

✍️ Description It allows cause a denial of service when formatting crafted invalid semver versions. 🕵️‍♂️ Proof of Concept // PoC.mjs import semverRegex from 'semver-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = '0.0.0-0' + '.-------'.repeati1 + '@';...

in hestiacp/hestiacp

✍️ Description $SESSION"token" is a csrf token which is a md5 hash generated based on system time. It has been discovered that $SESSION"token" compares with $GET"token" using comparison operator != in file index.php. This might cause unexpected behavior due to type juggling. It is possible to...

Improper Access Control in alanaktion/mchostpanel

✍️ Description The php file install.php creates an admin account using POST parameter user, pass, dir, ram, port without any access control enforced nor check if the admin account has been created nor check if the file .installed exists before account creation. It is possible for any network user...

Cross-Site Request Forgery (CSRF) in hzxie/voj

✍️ Description The Update Profile has not any CSRF protection that make attackers able to change the users email and then can lead to account take over with Reset password functionality. 🕵️‍♂️ Proof of Concept 1.login as a user 2.Open PoC.html file. // PoC.html history.pushState'', '', '/'...

in agentejo/cockpit

✍️ Description Bypass of previous fix 🕵️‍♂️ Proof of Concept I see you recently fixed local-file-inclusion bug https://huntr.dev/bounties/a65d700c-1561-46c1-a9c2-cba6ed960f94/.\ And the fixed patch is https://github.com/agentejo/cockpit/commit/f1919184998bf9fa7a7db882c98ce1410375e596 .\ But it can...

Cross-site Scripting (XSS) - Reflected in universaloj/uoj-system

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Improper Privilege Management in microweber/microweber

✍️ Description A simple user without Super Admin access is able to add further users to the system. 🕵️‍♂️ Proof of Concept BurpSuite or proxy utility is required - 1;Simply add a simple User roled user USER A . - 2; Log in with USER A - 3; Obtain the X-Csrf-Token and the Cookie value of USER A - 4;...

Inefficient Regular Expression Complexity in chalk/ansi-regex

✍️ Description It allows cause a denial of service when matching crafted invalid ANSI escape codes. 🕵️‍♂️ Proof of Concept // PoC.mjs import ansiRegex from 'ansi-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = "\u001B"+";".repeati10000; ansiRegex.testattackstr var timecost...

Cross-Site Request Forgery (CSRF) in microweber/microweber

✍️ Description Attacker able to delete any user if knows the user id parameter value. 🕵️‍♂️ Proof of Concept Here after running PoC.html and you will see that the user with id 3 has been deleted. //PoC.html history.pushState'', '', '/' document.forms0.submit; 💥 Impact Here a user with id value 3...

in hestiacp/hestiacp

✍️ Description External Control of File Name or Path is a type of security flaw in which users can access resources from restricted locations on a file system. It is commonly called path traversal. If an attacker performs a path traversal attack successfully, they could potentially view sensitive...

Cross-site Scripting (XSS) - Reflected in yourls/yourls

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Path Traversal in pokeapi/pokeapi

✍️ Description A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...

Cross-site Scripting (XSS) - Reflected in universaloj/uoj-system

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...