Lucene search
K

4072 matches found

Huntr
Huntr
•added 2021/09/04 7:52 p.m.•11 views

Path Traversal in lampnick/doctron

āœļø Description doctron is a golang tool that helps conversion of HTML to PDF or image. The input doesn't validate if it's a valid web URL. Trying to access local files using file:/// work. This allows getting a screenshot/PDF of the sensitive files on the system. šŸ•µļøā€ā™‚ļø Proof of Concept A demo...

0.1AI score
Exploits0
Huntr
Huntr
•added 2021/09/04 4:23 p.m.•28 views

Inefficient Regular Expression Complexity in daaku/nodejs-tmpl

āœļø Description It allows cause a denial of service when formatting crafted string. šŸ•µļøā€ā™‚ļø Proof of Concept // PoC.js var tmpl = require"tmpl" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = ""+"".repeati10000+"answer"; tmplattackstr, answer: 42 var timecost = Date.now - time;...

7.8CVSS2.1AI score0.01257EPSS
Exploits1
Huntr
Huntr
•added 2021/09/04 11:14 a.m.•28 views

Open Redirect in digitalbazaar/forge

āœļø Description parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while node-forge sees it as a relative path and leads to URL...

5.8CVSS0.3AI score0.00832EPSS
Exploits1
Huntr
Huntr
•added 2021/09/04 9:53 a.m.•11 views

Improper Authorization in imran300/inventory

āœļø Description A General manager user can edit/add other group PERMISSIONS LIST with IDOR. šŸ•µļøā€ā™‚ļø Proof of Concept go to this url when logging in as a General manager. http://localhost:8000/inventory/index.php/generals/addgroup and then you can see that Permissions can be bypassed. šŸ’„ Impact This...

0.6AI score
Exploits0
Huntr
Huntr
•added 2021/09/04 9:35 a.m.•15 views

Improper Authorization in imran300/inventory

āœļø Description A designer user can deactivate any other users IDOR. šŸ•µļøā€ā™‚ļø Proof of Concept go to this url when logging in as a Designer. http://localhost:8000/inventory/index.php/Users/deactiveStatus/10 and then you can see that a user with id 10 will be deactivated. šŸ’„ Impact This vulnerability is...

1.5AI score
Exploits0
Huntr
Huntr
•added 2021/09/04 9:34 a.m.•6 views

Improper Authorization in imran300/inventory

āœļø Description A designer user can activate any other users IDOR. šŸ•µļøā€ā™‚ļø Proof of Concept go to this url when logging in as a Designer. localhost:8000/inventory/index.php/Users/activeStatus/10 and then you can see that a user with id 10 will be activated. šŸ’„ Impact This vulnerability is capable of...

3.3AI score
Exploits0
Huntr
Huntr
•added 2021/09/04 9:29 a.m.•7 views

Improper Authorization in imran300/inventory

āœļø Description A designer user can delete any other users IDOR. šŸ•µļøā€ā™‚ļø Proof of Concept go to this url when logging in as a Designer. localhost/inventory/users/deleteusers/10 and then you can see that a user with id 10 will be deleted. šŸ’„ Impact This vulnerability is capable of delete any user...

2.2AI score
Exploits0
Huntr
Huntr
•added 2021/09/04 9:26 a.m.•10 views

Cross-Site Request Forgery (CSRF) in imran300/inventory

āœļø Description You didn't set any CSRF protection for deleting a user. šŸ•µļøā€ā™‚ļø Proof of Concept // PoC.html history.pushState'', '', '/' document.forms0.submit; After that admin open the PoC.html file the user with id 7 will be deleted. šŸ’„ Impact This vulnerability is capable of delete any user with...

1.6AI score
Exploits0
Huntr
Huntr
•added 2021/09/04 9:26 a.m.•8 views

Cross-Site Request Forgery (CSRF) in imran300/inventory

āœļø Description You didn't set any CSRF protection for deactivating a user. šŸ•µļøā€ā™‚ļø Proof of Concept // PoC.html history.pushState'', '', '/' document.forms0.submit; After that admin open the PoC.html file the user with id 7 will be deactivated. šŸ’„ Impact This vulnerability is capable of deactivate any...

2.1AI score
Exploits0
Huntr
Huntr
•added 2021/09/04 9:25 a.m.•10 views

Cross-Site Request Forgery (CSRF) in imran300/inventory

āœļø Description You didn't set any CSRF protection for activating a user. šŸ•µļøā€ā™‚ļø Proof of Concept // PoC.html history.pushState'', '', '/' document.forms0.submit; After that admin open the PoC.html file the user with id 7 will be activated. šŸ’„ Impact This vulnerability is capable of activate any user...

2.2AI score
Exploits0
Huntr
Huntr
•added 2021/09/03 6:31 p.m.•26 views

Heap-based Buffer Overflow in vim/vim

āœļø Description Hello, we hope this message finds you well during these challenging times. Whilst testing vim built from commit deba5e with Ubuntu clang version 12.0.0-3ubuntu120.04.3 and Address Sanitizer, we discovered crafted input which triggers a heap-buffer-overflow, WRITE of size 15. Please...

4.6CVSS2.3AI score0.00735EPSS
Exploits1References1
Huntr
Huntr
•added 2021/09/02 2:1 p.m.•14 views

Inefficient Regular Expression Complexity in nervjs/taro

āœļø Description A ReDoS regular expression denial of service flaw was found in the @tarojs/helper package. An attacker that is able to provide crafted input as url may cause an application to consume an excessive amount of CPU. šŸ•µļøā€ā™‚ļø Proof of Concept Create the following poc.mjs // PoC.mjs import...

7.8CVSS1.6AI score0.01222EPSS
Exploits1
Huntr
Huntr
•added 2021/09/02 1:59 p.m.•9 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

āœļø Description A malicious actor is able to add new Client with a malicious payload, and upon opening the research menu, the XSS payload is being executed. šŸ•µļøā€ā™‚ļø Proof of Concept - 1; Log in with a proper roled user - 2; Add a new client to the system at upper right corner at /clients/showAll/ URI...

1.3AI score
Exploits0
Huntr
Huntr
•added 2021/09/02 11:59 a.m.•16 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

āœļø Description A malicious actor is able to add new Milestone with a malicious payload, and upon opening the research menu, the XSS payload is being executed. šŸ•µļøā€ā™‚ļø Proof of Concept - 1; Log in with a proper roled user - 2; Add a new Milestone to the system at the /tickets/roadmap URI with the +...

1.6AI score
Exploits0
Huntr
Huntr
•added 2021/09/02 11:49 a.m.•18 views

in leantime/leantime

āœļø Description In the source code of the application, the Secret Hash value and the initialization vector is being hardcoded. šŸ•µļøā€ā™‚ļø Proof of Concept In the following code snippet, we can see the hard-coded secret hash and IV. private $encryptionMethod = 'AES-256-CBC'; private $secrethash =...

0.6AI score
Exploits0
Huntr
Huntr
•added 2021/09/02 11:38 a.m.•8 views

Inefficient Regular Expression Complexity in x-neuron/antdfront

āœļø Description A ReDoS regular expression denial of service flaw was found in the antdFront package. An attacker that is able to provide crafted input to the isUrlinput function may cause an application to consume an excessive amount of CPU. šŸ•µļøā€ā™‚ļø Proof of Concept Create the following poc.mjs //...

1.4AI score
Exploits0
Huntr
Huntr
•added 2021/09/02 10:35 a.m.•16 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

āœļø Description A malicious actor is able to add New Project with a malicious payload, and upon opening the research menu, the XSS payload is being executed. šŸ•µļøā€ā™‚ļø Proof of Concept 1; Log in with a proper roled user 2; Add a new Project to the system at the /projects/showAll/ URI with the + New...

1.7AI score
Exploits0
Huntr
Huntr
•added 2021/09/02 9:56 a.m.•12 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

āœļø Description A malicious actor is able to add "new Retrospective" with a malicious payload, and upon opening the research menu, the XSS payload is being executed. šŸ•µļøā€ā™‚ļø Proof of Concept - 1; Log in with a proper roled user - 2; Add a new board to the system at Retrospective menu on the left - 3;...

2.2AI score
Exploits0
Huntr
Huntr
•added 2021/09/02 9:30 a.m.•14 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

āœļø Description A malicious actor is able to add "new board" with a malicious payload to any target, and upon opening the research menu, the XSS payload is being executed. šŸ•µļøā€ā™‚ļø Proof of Concept 1; Log in with a proper roled user 2; Add a new board to the system at research menu on the left 3;...

1.2AI score
Exploits0
Huntr
Huntr
•added 2021/09/02 8:38 a.m.•12 views

in apolloconfig/apollo

āœļø Description The Application does not have control set in password complexity. It is possible to add a user with a single character password in the application. šŸ•µļøā€ā™‚ļø Proof of Concept Adding the user. POST /users HTTP/1.1 Host: xxx.xxx.xxx.xxx Content-Length: 63 Accept: application/json,...

7.1AI score
Exploits0References1
Huntr
Huntr
•added 2021/09/02 3:11 a.m.•15 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in flatpressblog/flatpress

āœļø Description The secure flag is not set for session cookies in the application. šŸ•µļøā€ā™‚ļø Proof of Concept šŸ’„ Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being...

0.5AI score
Exploits0References1
Huntr
Huntr
•added 2021/09/02 3:8 a.m.•12 views

Sensitive Cookie Without 'HttpOnly' Flag in flatpressblog/flatpress

āœļø Description HTTPOnly attribute is not set for session cookies in the application. šŸ•µļøā€ā™‚ļø Proof of Concept šŸ’„ Impact When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session cookies that can...

0.6AI score
Exploits0References1
Huntr
Huntr
•added 2021/09/01 6:43 p.m.•21 views

Sensitive Cookie Without 'HttpOnly' Flag in pi-hole/adminlte

āœļø Description Please enter a description of the vulnerability. The cookie persistentlogin is set without httponly flag šŸ•µļøā€ā™‚ļø Proof of Concept Enable remember me during Login POST /admin/index.php?login HTTP/1.1 Host: 192.168.159.138 Content-Length: 30 Cache-Control: max-age=0...

5CVSS0.2AI score0.01066EPSS
Exploits1References1
Huntr
Huntr
•added 2021/09/01 6:0 p.m.•19 views

Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte

āœļø Description Reflected XSS on any POST parameters with a correct token on /admin/settings.php When field is not in the defined list , $debug value is set to true , and the $POST is dumped without filtering šŸ•µļøā€ā™‚ļø Proof of Concept 1. Login as admin 2. Settings - Flush log 3. replace field with XSS...

4.3CVSS0.1AI score0.00532EPSS
Exploits1
Huntr
Huntr
•added 2021/09/01 4:7 p.m.•23 views

Inefficient Regular Expression Complexity in vuelidate/vuelidate

āœļø Description A ReDoS regular expression denial of service flaw was found in the @vuelidate/validators package. An attacker that is able to provide crafted input to the urlinput function may cause an application to consume an excessive amount of CPU. šŸ•µļøā€ā™‚ļø Proof of Concept Create the following...

5CVSS1.4AI score0.01183EPSS
Exploits1
Huntr
Huntr
•added 2021/09/01 1:4 p.m.•15 views

Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack

āœļø Description There is svg tag filtration problem in "book page" egit leading to stored XSS. SVG images can be used on book pages, but there is not server side attribute filtration implemented for it. šŸ•µļøā€ā™‚ļø Proof of Concept There is filter for href attribute, but inside SVG xlink:href used. That...

3.5CVSS0.1AI score0.0058EPSS
Exploits1
Huntr
Huntr
•added 2021/09/01 12:18 p.m.•40 views

Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack

āœļø Description There is html tag filtration problem in "book page" egit leading to stored XSS. By design "bad" tags and attributes stripped on client side when editing pageobvious bypass by editing request intercepted via burp and on server side addition filter applied, however this filter can be...

3.5CVSS5.5AI score0.0058EPSS
Exploits1
Huntr
Huntr
•added 2021/09/01 10:54 a.m.•26 views

Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte

āœļø Description Reflected XSS in POST /admin/scripts/pi-hole/php/customcname.php šŸ•µļøā€ā™‚ļø Proof of Concept 1. Login as admin, Go to Local DNS - CNAME Records - Add a new CNAME record 2. Input alert1 in domain field and anything in target domain. 3. The Payload in post body domain is URL encoded, use a...

4.3CVSS0.2AI score0.00532EPSS
Exploits1
Huntr
Huntr
•added 2021/09/01 10:19 a.m.•12 views

Forced Browsing in slackero/phpwcms

āœļø Description Image cache can be flushed by any authenticated, low privileged user. šŸ•µļøā€ā™‚ļø Proof of Concept - Register a low privileged user without any administrator access. - Log in with the low privileged user - Open the following URL:...

0.4AI score
Exploits0
Huntr
Huntr
•added 2021/09/01 10:19 a.m.•5 views

Prototype Pollution in liriliri/licia

āœļø Description licia package is vulnerable to Prototype Pollution. The safeSet function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. šŸ•µļøā€ā™‚ļø Proof of Concept...

2.7AI score
Exploits0
Huntr
Huntr
•added 2021/09/01 12:30 a.m.•14 views

Command Injection in yogeshojha/rengine

āœļø Description RCE via the proxy feature of Rengine. Proxies can be added in Rengine for executables like httpx to use in a scan. This functionality can be used to inject a command and run arbitrary code. šŸ•µļøā€ā™‚ļø Proof of Concept Add this as the only proxy in the proxy list in the Proxy settings:...

0.8AI score
Exploits0
Huntr
Huntr
•added 2021/08/31 11:16 p.m.•10 views

Forced Browsing in slackero/phpwcms

āœļø Description A malicious actor is able to reveal the list and details of newsletter subscribers. šŸ•µļøā€ā™‚ļø Proof of Concept - Method 1; This method requires a proxy utility, like BurpSuite. - With an administrator user, create some subscribers on the newsletters under CommunicationNewsletter...

1.3AI score
Exploits0
Huntr
Huntr
•added 2021/08/31 11:5 p.m.•22 views

Path Traversal in yogeshojha/rengine

āœļø Description Local File Inclusion through Path Traversal šŸ•µļøā€ā™‚ļø Proof of Concept While logged in into a Rengine instance, go to /api/getFileContents/?nucleitemplate&name=../../../../../../../../etc/passwd. The contents of /etc/passwd are included into the response. šŸ’„ Impact This vulnerability is...

2.4AI score
Exploits0
Huntr
Huntr
•added 2021/08/31 10:50 p.m.•7 views

Session Fixation in slackero/phpwcms

āœļø Description A malicious actor with access to the computer is able to reveal the loaded site's actual PHPSESSID value. Since upon login, this value does not change, the attacker can gain access via session hijacking, when the target logs in on the compromised computer. šŸ•µļøā€ā™‚ļø Proof of Concept -...

1.1AI score
Exploits0
Huntr
Huntr
•added 2021/08/31 8:4 p.m.•11 views

Cross-site Scripting (XSS) - DOM in forkcms/forkcms

āœļø Description The underlying library needs to get the charset in lowercase but fork is passing it in uppercase causing some of the XSS protections to fail šŸ•µļøā€ā™‚ļø Proof of Concept Go to...

1.8AI score
Exploits0
Huntr
Huntr
•added 2021/08/31 5:9 p.m.•9 views

Cross-site Scripting (XSS) - Stored in yogeshojha/rengine

āœļø Description Hi, When creating a template for nuclei, it is possible to upload a malicious template with xss load, clicking to see this template will run xss. šŸ•µļøā€ā™‚ļø Proof of Concept 1- First, create the fake template: id: poc-xss alert1 info: name: xss-storage-rengine author: phor3nsic severity:...

0.7AI score
Exploits0
Huntr
Huntr
•added 2021/08/31 5:7 p.m.•9 views

Cross-site Scripting (XSS) - Stored in zikula/core

āœļø Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites šŸ•µļøā€ā™‚ļø Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/blocks/admin/block/edit/2 2- Go to Editor and link a test word with a link As...

6AI score
Exploits0
Huntr
Huntr
•added 2021/08/31 3:3 p.m.•8 views

in pimcore/pimcore

āœļø Description It is possible to enumerate usernames via the forgot password functionality šŸ•µļøā€ā™‚ļø Proof of Concept When entering an username that is not registered in the application the response reads "User unknown". The following curl command demonstrates this: curl -i -s -k -X $'POST' \ -H...

1.1AI score
Exploits0
Huntr
Huntr
•added 2021/08/31 1:48 p.m.•13 views

Cross-site Scripting (XSS) - Stored in yogeshojha/rengine

āœļø Description A malicious actor is able to add "To-do" with a malicious payload to any target, and upon opening the target's summary, the XSS payload is being executed. šŸ•µļøā€ā™‚ļø Proof of Concept 1; Create a scan with any domain 2; Start scanning the target 3; Add a "To-do" with any title and with the...

0.3AI score
Exploits0
Huntr
Huntr
•added 2021/08/31 12:24 p.m.•11 views

Cross-site Scripting (XSS) - Stored in zikula-modules/content

āœļø Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites šŸ•µļøā€ā™‚ļø Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/content/page/edit/PAGEID?slug=pages/content-introduction-page 2- inject this...

5.9AI score
Exploits0
Huntr
Huntr
•added 2021/08/31 6:49 a.m.•6 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

āœļø Description csrf bug to disable user šŸ•µļøā€ā™‚ļø Proof of Concept I see during disable a user there is no csrf token is checking .\ 1. First login into admin account .\ 2. Now copy url http://localhost/ampache-develop/public/admin/users.php?action=disable&userid=3 and paste in browser tab and hit...

0.3AI score
Exploits0
Huntr
Huntr
•added 2021/08/30 9:41 a.m.•29 views

Prototype Pollution in jonschlinkert/set-value

āœļø Description set-value package is vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. šŸ•µļøā€ā™‚ļø Proof of Concept...

5.8CVSS2AI score0.00675EPSS
Exploits0
Huntr
Huntr
•added 2021/08/30 8:6 a.m.•19 views

Prototype Pollution in vincit/objection.js

āœļø Description objection package is vulnerable to Prototype Pollution. šŸ•µļøā€ā™‚ļø Proof of Concept Create the following PoC file: // poc.js var set = require"objection/lib/utils/objectUtils" let obj = console.log"Before: " + .polluted setobj, 'proto', 'polluted', 'Yes! Its Polluted' console.log"After: "...

7.5CVSS1.8AI score0.0147EPSS
Exploits1
Huntr
Huntr
•added 2021/08/30 5:45 a.m.•22 views

Prototype Pollution in immerjs/immer

āœļø Description immer package is vulnerable to Prototype Pollution. šŸ•µļøā€ā™‚ļø Proof of Concept Create the following PoC file: // poc.js const immer = require"immer"; immer.enablePatches; let obj = ; const patch = op: 'add', path: "proto","polluted", value: "Yes! Its Polluted"; console.log"Before : " +...

7.5CVSS1.7AI score0.01651EPSS
Exploits1
Huntr
Huntr
•added 2021/08/29 10:59 p.m.•16 views

Cross-Site Request Forgery (CSRF) in combodo/itop

āœļø Description Attacker able to delete Standard SLA with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...

1.6AI score
Exploits0
Huntr
Huntr
•added 2021/08/29 3:54 p.m.•12 views

Cross-site Scripting (XSS) - Generic in forkcms/library

āœļø Description Please enter a description of the vulnerability. XSS is possible when the option allowHTML was set to true for text inputs and textfields šŸ•µļøā€ā™‚ļø Proof of Concept http://demo.fork-cms.com/en/search?form=search&qwidget=%22%3E%3Csvg/onload=alertdocument.domain%3E šŸ’„ Impact XSS attacks can...

7AI score
Exploits0
Huntr
Huntr
•added 2021/08/29 2:39 p.m.•12 views

Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc

āœļø Description Stored xss bug allow to execute arbitary javascript code in vicitm account šŸ•µļøā€ā™‚ļø Proof of Concept 1. First create a document and put bellow xss payload inside document content .\ xss"''\ 2. Now any user view this document project then xss is executed VIDEO POC --...

0.9AI score
Exploits0
Huntr
Huntr
•added 2021/08/29 11:36 a.m.•33 views

Cross-site Scripting (XSS) - Stored in yogeshojha/rengine

āœļø Description 'Delete Scheduled Task' confirmation model executes javascript as part of the name of a scan engine. šŸ•µļøā€ā™‚ļø Proof of Concept 1. Name a scan engine as a XSS payload. Example: 2. Schedule a scan for any target using the created scan engine. 3. Try to delete the scheduled task Location...

0.2AI score
Exploits0
Huntr
Huntr
•added 2021/08/29 9:33 a.m.•11 views

Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc

āœļø Description online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for XSS šŸ•µļøā€ā™‚ļø Proof of Concept šŸ’„ Impact This vulnerability is capable of...

1.7AI score
Exploits0
Huntr
Huntr
•added 2021/08/29 9:20 a.m.•11 views

Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc

āœļø Description online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for XSS šŸ•µļøā€ā™‚ļø Proof of Concept šŸ’„ Impact This vulnerability is capable of XSS...

1.6AI score
Exploits0
Total number of security vulnerabilities4072