Lucene search
K

4072 matches found

Huntr
Huntr
•added 2023/09/21 9:17 a.m.•11 views

IDOR - Users can change Administrator information (User ID = 1 )

Description IDOR - Users can change Administrator information User ID = 1 Proof of Concept 1 .Create an account with all rights. 2 .Detect default the administrator user ID = 1 information cannot be changed. 3 .Broken access control, can change administrator information user ID = 1 Video Poc...

7AI score
Exploits0
Huntr
Huntr
•added 2023/09/20 6:14 p.m.•7 views

Deleted account still has the right to create, delete other accounts (delete surveys)

Description An account that has been deleted still has the right to create, delete surveys other accounts Proof of Concept Video Poc https://drive.google.com/file/d/1kvNqK8tYvWDabLigI6dZsp4kpKKkrfIx/view?usp=sharing...

7.2AI score
Exploits0
Huntr
Huntr
•added 2023/09/20 2:19 a.m.•20 views

NULL Pointer Dereference

Environment Windows 10 22H2 19045.3448 Version I checked against the latest trunk as of 09/19/23 at commit 3a126babc77dd5af4cd8fb0c45d8c0eb172c7b8c and the current release 4.12.0. Description This is a null pointer dereference that causes the IE driver to crash when selenium gets the cookies from...

5CVSS7AI score0.00852EPSS
Exploits1
Huntr
Huntr
•added 2023/09/19 2:49 p.m.•19 views

No rate limiting on creating access token

Description: Access token creation is a critical security component in many applications, especially when it comes to user authentication and authorization. Without proper rate limiting controls, attackers may exploit this process to launch various types of attacks, such as brute force attacks,...

6.5CVSS6.9AI score0.00646EPSS
Exploits1
Huntr
Huntr
•added 2023/09/18 7:45 p.m.•20 views

SQL Injection in `icms2/install/index.php`

Introduction I'm quite hesitant about reporting this vulnerability. After thinking about it, I knew I needed to provide this information to you!. As described in the documentation https://docs.instantcms.ru/en/manual/instal, at Post-Installation steps, you described that the installation director...

7.4AI score
Exploits0
Huntr
Huntr
•added 2023/09/17 2:17 p.m.•75 views

Password Reset link hijacking via Host Header Poisoning

Description LinkStack uses the Host header when sending out password reset links. This allows an attacker to insert a malicious host header, leading to password reset link / token leakage. Tested on a default Docker Compose installation of LinkStack https://github.com/LinkStackOrg/linkstack-docke...

6.9AI score0.00674EPSS
Exploits1References3
Huntr
Huntr
•added 2023/09/17 11:16 a.m.•62 views

Time-Based Blind SQL injection leads to database extraction

Proof of Concept Login your account. then copy the coope and paste on below raw request POST /ajaxtable.php HTTP/1.1 Host: demo.librenms.org User-Agent: Mozilla/5.0 Windows NT 10.0; rv:78.0 Gecko/20100101 Firefox/78.0 Content-Length: 221 Accept: / Accept-Language: en-US,en;q=0.5 Content-Type:...

4CVSS7.4AI score0.22222EPSS
Exploits0References1
Huntr
Huntr
•added 2023/09/17 9:37 a.m.•23 views

Multiple Self-XSS Vulnerabilites

Description Multiple Self-XSS Vulnerabilities are triggered at multiple endpoints. http://localhost:8083/edit/server/ There is a bug in web/templates/pages/editserver.php file. Attacker can control $vtimezone. php ', theme: '', language: '', hasSmtpRelay: , remoteBackupEnabled: , backupType: '',...

5.8CVSS7AI score0.004EPSS
Exploits1
Huntr
Huntr
•added 2023/09/15 5:31 p.m.•17 views

STORED XSS in Journal-> Sections

Description Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XS...

5.8AI score0.00449EPSS
Exploits1References1
Huntr
Huntr
•added 2023/09/15 6:46 a.m.•21 views

XSS/CSRF in GetImage Endpoint

Description The endpoint at /o/get/image?url= does not have sufficient protections to protect users from CSRF and XSS. An attacker can craft a malicious svg image that will allow them to perform any action of the victim. In the case where the victim is the admin this can lead to a site takover...

6.8CVSS7AI score0.00285EPSS
Exploits1References2
Huntr
Huntr
•added 2023/09/15 4:23 a.m.•22 views

Dom XSS in module "Search IPv6"

Description 1 .Access to IPv6 search function 2 .Enter the payload in the IPv4 field to perform the search Payload : "alertdocument.cookie 3 .Enter the search button and the payload will be executed Proof of Concept Link video Poc :...

5.8CVSS6.9AI score0.00561EPSS
Exploits1
Huntr
Huntr
•added 2023/09/14 11:39 a.m.•19 views

Stored XSS at LOGO+USER menu

Description Please enter a description of the vulnerability. Proof of Concept login with admin account visit https://demo.instantcms.io/admin/widgets?templatename=modern&scrollto=row-14 navigate to logo+user menu tab insert payload 1" onmouseover = "alert'hackedbytisha' at Parent row Tag CSS clas...

6.5AI score
Exploits0References1
Huntr
Huntr
•added 2023/09/13 11:14 p.m.•13 views

Admin account TakeOver

Description The endpoint api/system/update-env allows any authenticated users to change env variables of the back-end process : js process.envenvKey = value; The envKey value comes from here : js const envKey, checks = KEYMAPPINGkey; One of the value in the KEYMAPPING dictionnary is : js JWTSecre...

6.6AI score0.00633EPSS
Exploits1
Huntr
Huntr
•added 2023/09/13 9:58 p.m.•17 views

Improper input validation leads to arbitrary file deletion

Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...

6.8AI score0.0073EPSS
Exploits1
Huntr
Huntr
•added 2023/09/13 8:25 a.m.•15 views

Store XSS in Widgets and pages in instantsoft/icms2

Description I noticed that you filtered the filter very carefully. But there are still some parts you missed Proof of Concept 1 . Login with admin 2 . Go to "http://localhost/o2/admin/menu/itemedit/18" 3 . Insert payload in CSS class 4 . Click save , and go to home page, and Detect store xss in...

6.8AI score
Exploits0
Huntr
Huntr
•added 2023/09/12 11:22 a.m.•18 views

XSS Vulnerabilities in Search Functionality and Course Tags

Description 1. XSS via Image Error in Search Box: - This vulnerability allows an attacker to execute a Cross-Site Scripting XSS attack through the search functionality of the web application. When a user performs a search, the application attempts to display an image related to the search query...

5.8CVSS6.1AI score0.00442EPSS
Exploits1References1
Huntr
Huntr
•added 2023/09/12 7:39 a.m.•18 views

Store DOM XSS in FAQ

Description I noticed, your website is very secure. But you overlooked a flaw XSS Proof of Concept 1 .Login vs admin demo account and access admin page. 2 .Create a category, Question with payload: haidoalertdocument.domain 3 .Select FAQ status published and Sticky 4 .Back to the homepage, detect...

7AI score0.00532EPSS
Exploits1
Huntr
Huntr
•added 2023/09/12 2:53 a.m.•16 views

SQL Injection Vulnerability in Content Page

In menu Content page, there is a SQL Injection Vulnerability at Filter function. To exploit this vulnerability, attacker injection query into filter field. Proof of Concept 1. Login with admin 2. Go to "http://127.0.0.1/icms2/admin/content/5". In this case, the number 5 is content's id Can be...

5.8CVSS8.1AI score0.00737EPSS
Exploits1
Huntr
Huntr
•added 2023/09/11 9:54 a.m.•16 views

Stored xss using journal-name

BUG ======== Stored xss using journal-name ACCOUNT ========== 1. user-A -- superadmin -- Victim -- Firefox browser Normal mode\ 2. user-B -- journal manager -- Attacker -- Firefox browser Container-1\ STEP TO RERPODUCE ====================== 1. From user-A account create a journal called...

7.5AI score0.00404EPSS
Exploits1
Huntr
Huntr
•added 2023/09/11 9:50 a.m.•19 views

Stored xss using journal-name in journal-tab

BUG ======== Stored xss using journal-name in journal-tab ACCOUNT ========== 1. user-A -- superadmin -- Victim -- Firefox browser Normal mode\ 2. user-B -- journal manager -- Attacker -- Firefox browser Container-1\ STEP TO RERPODUCE ====================== 1. From user-A account create a journal...

7.5AI score0.00449EPSS
Exploits1
Huntr
Huntr
•added 2023/09/08 2:10 p.m.•18 views

Cookie without Secure flag

Description Access and login to the website. Press F12 on your keyboard or right-click on the website to open dev-tool. At Application tab, choose Cookies and there are some sensitive cookies without Secure flag. Proof of Concept...

7.1AI score0.00287EPSS
Exploits1References1
Huntr
Huntr
•added 2023/09/07 12:53 p.m.•16 views

Relative Path Traversal vulnerability in the serve command

Description When a Cecil site is served by cecil serve, Relative Path Traversal is possible via the URI path. Proof of Concept Run the following commands: mkdir cecil-path-traversal-poc cd cecil-path-traversal-poc curl -L https://cecil.app/cecil.phar -o cecil chmod +x cecil ./cecil new:site -n...

5CVSS6.9AI score0.00731EPSS
Exploits1
Huntr
Huntr
•added 2023/09/07 12:33 p.m.•19 views

Reflected Cross-Site Scripting (XSS) vulnerability in the dynamic 404 page

Description When running a Cecil site by cecil serve without a 404.html, Reflected Cross-Site Scripting XSS is possible via the URI path. Proof of Concept Run the following commands: mkdir cecil-404-xss-poc cd cecil-404-xss-poc curl -L https://cecil.app/cecil.phar -o cecil chmod +x cecil ./cecil...

5.8CVSS5.9AI score0.00446EPSS
Exploits1
Huntr
Huntr
•added 2023/09/05 6:19 a.m.•63 views

AppImage Vim loads libc.so.6 from pwd

Description The appimage distribution of vim loads libc.so.6 from the current directory of the user. An attacker with control of files in a directory where the user uses vim could execute arbritrary code. Proof of Concept Proof of concept will use a malicious libc.so.6 generated with below patch ...

7.1AI score
Exploits0
Huntr
Huntr
•added 2023/09/04 12:40 p.m.•28 views

heap-buffer-overflow in function vim_regsub_both

Description heap-buffer-overflow in vimregsubboth at regexp.c:2482 Version git log commit e073a8b79f1d3398b27f35b7920746b564a169e9 HEAD - master, origin/master, origin/HEAD Proof of Concept ./vim -u NONE -i NONE -n -m -X -Z -e -s -S vimregsubbothpoc -c :qa! helplang=en readonly...

4.4CVSS6.9AI score0.00606EPSS
Exploits1References1
Huntr
Huntr
•added 2023/09/04 11:24 a.m.•33 views

Out of Bounds Read in scene_manager/loader_bt.c:478

Description Out of Bounds Read in MP4Box. Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.9AI score0.00253EPSS
Exploits1References1
Huntr
Huntr
•added 2023/09/04 9:11 a.m.•36 views

Incomplete fix for SSRF in CVE-2023-4651

Description The fix commit a6bf758de0b3242b0c0e4b47a588aae0c94305b0 for CVE-2023-4651 is not complete. Only ip based URLs are blocked. Proof of Concept Clone the latest repo and install. On server, listen for 1234 on localhost. Use http://localhost:1234/ as URL for image upload. Observe a hit on...

5.5CVSS7AI score0.00349EPSS
Exploits2References1
Huntr
Huntr
•added 2023/09/03 7:23 p.m.•31 views

SQL injection and Authentication bypass

Description The validApiKey middleware, which is responsible for verifying API keys provided in the request's Authorization header, is susceptible to SQL injection. This vulnerability can potentially lead to an authentication bypass, granting unauthorized access to API endpoints. NOTE: It's worth...

5CVSS9AI score0.00585EPSS
Exploits1
Huntr
Huntr
•added 2023/09/03 4:9 p.m.•11 views

Store XSS in Survey menus

Description I noticed, your website is very secure. But you overlooked a flaw Store DOM XSS . Proof of Concept Detail: 1 .Login vs admin demo account and access Configuration 2 .Go to Survey menus == Survey menus entries 3 .Add new menu entry and insert payload in to GET data method...

6.3AI score
Exploits0
Huntr
Huntr
•added 2023/09/03 2:5 p.m.•15 views

Stored XSS in module named "New Submissions"

Description I tested the demo site you provided. I see that there is an Stored XSS vulnerability. I hope you can check and provide a fix as soon as possible. Proof of Concept Link video Poc https://drive.google.com/file/d/1BaAnaZQyfbUTu54rzwRtTevr-wx100/view?usp=sharing Steps 1 .Login as account...

6AI score0.00411EPSS
Exploits1
Huntr
Huntr
•added 2023/09/03 6:50 a.m.•9 views

Store DOM XSS when create survey

Description I noticed, your website is very secure. But you overlooked a flaw Store DOM XSS . Proof of Concept Detail: 1 .Login vs admin demo account 2 .Create new survey , insert payload in to Survey title: test" onclick = "alertdocument.domain" 3 . Click create == detect Store DOM XSS Video Poc...

6.1AI score
Exploits0
Huntr
Huntr
•added 2023/09/02 11:6 p.m.•26 views

SQL injection in slug parameter

Description The /api/workspace/:slug endpoint exposes a critical SQL injection vulnerability in the slug parameter. This vulnerability arises due to the insecure handling of user-supplied data slug in the construction of a SQL query. An attacker can exploit this vulnerability by crafting a...

6.5CVSS8.1AI score0.00649EPSS
Exploits1
Huntr
Huntr
•added 2023/09/02 8:55 p.m.•20 views

Relative path traversal

Description The endpoint /system/data-exports/:filename is intended to export AnythingLLM data zip file for download based on a specified filename parameter. However, a critical security vulnerability arises due to insufficient validation and sanitization of the request.params.filename parameter...

7.5CVSS6.7AI score0.00752EPSS
Exploits1
Huntr
Huntr
•added 2023/09/02 2:33 p.m.•34 views

segmentation fault in function f_fullcommand

Description segmentation fault in function ffullcommand at exdocmd.c:4101 Proof of Concept valgrind ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocseg -c :qa! ==14662== Memcheck, a memory error detector ==14662== Copyright C 2002-2017, and GNU GPL'd, by Julian Seward et al. ==14662== Using...

4.4CVSS6.9AI score0.00573EPSS
Exploits1
Huntr
Huntr
•added 2023/09/01 7:31 p.m.•23 views

Store XSS in Mail Setup

Description I noticed, your website is very secure. But you overlooked a flaw XSS . Proof of Concept Detail: 1 .Login vs admin demo account and access admin page. 2 .Go to Configuration == Mail setup. 3 .Insert payload into Password: test"alertdocument.domain 4 .Click save configuration == detect...

5.8CVSS6.2AI score0.00417EPSS
Exploits0
Huntr
Huntr
•added 2023/09/01 6:44 p.m.•33 views

Store XSS in Users

Description I noticed, your website is very secure. But you overlooked a flaw XSS . Proof of Concept Detail: 1 .Login vs admin demo account and access admin page. 2 .Create a users ,insert payload in to Real name test" 3 .Click edit on the user just created, detect XSS Video Poc...

4.9CVSS6.1AI score0.00412EPSS
Exploits0
Huntr
Huntr
•added 2023/09/01 11:9 a.m.•28 views

Cross-Site Scripting ( XSS) Via file upload

Description I tested the demo site you provided. I see that there is a file upload vulnerability which can lead to XSS. Hope you check and find a solution as soon as possible. Proof of Concept link video Poc https://drive.google.com/file/d/1LAcTulbfhGJfCmWdIel9e-SkuoQbDq/view?usp=sharing Steps 1...

7AI score0.0046EPSS
Exploits1
Huntr
Huntr
•added 2023/09/01 10:54 a.m.•15 views

Stored XSS in module named "Create Issues"

Description I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible. Proof of Concept link video Poc https://drive.google.com/file/d/1CEEFO0ukhjug6dNRfb-vdQNuBUyezoJp/view?usp=sharing Steps 1 .Login as account demo ...

6.2AI score0.00401EPSS
Exploits1
Huntr
Huntr
•added 2023/09/01 3:19 a.m.•23 views

heap-buffer-overflow in function swf_def_font scene_manager/swf_parse.c:1449

Description Heap-buffer-overflow in MP4Box. Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.9AI score0.00267EPSS
Exploits1References1
Huntr
Huntr
•added 2023/09/01 3:7 a.m.•22 views

heap-use-after-free in mp4_mux_process_fragmented filters/mux_isom.c:6634

Description heap-use-after-free in MP4Box. Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.9AI score0.00267EPSS
Exploits1References1
Huntr
Huntr
•added 2023/09/01 2:55 a.m.•21 views

stack-overflow in gf_bt_check_line scene_manager/loader_bt.c:408

Description stack-overflow in MP4Box Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.8AI score0.00297EPSS
Exploits1References1
Huntr
Huntr
•added 2023/09/01 2:46 a.m.•17 views

Store XSS in FAQ Multisites

Description I noticed, your website is very secure. But you overlooked a flaw XSS Proof of Concept 1 .Login vs admin demo account and access admin page. 2 .Go to Configuration == FAQ Multisites 3 . Edit Instance URL with payload: javascript:alertdocument.domain 4 .Edit Instance path with payload:...

4.9CVSS6.7AI score0.00336EPSS
Exploits0
Huntr
Huntr
•added 2023/08/31 5:57 p.m.•29 views

File Upload Vulnerability in Categories

Description I noticed, your website is very secure. But you overlooked a flaw File Upload. Proof of Concept Detail: 1 .Login vs admin demo account and access admin page. 2 .Create a category titled "test" and upload a file image. 3 .Using burp suite edit Content-type: image/html and insert payloa...

7.5CVSS6.9AI score0.0052EPSS
Exploits0
Huntr
Huntr
•added 2023/08/31 6:32 a.m.•16 views

left shift of negative value in scene_manager/swf_parse.c:213:12

Description left shift of negative value in MP4Box Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC...

1.9CVSS6.8AI score0.00296EPSS
Exploits1References1
Huntr
Huntr
•added 2023/08/31 2:45 a.m.•19 views

Out of Bounds Read in MPEG12_ParseSeqHdr media_tools/mpeg2_ps.c

Description Out of Bounds Read in MP4Box. Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.9AI score0.00293EPSS
Exploits1References1
Huntr
Huntr
•added 2023/08/31 2:23 a.m.•22 views

signed integer overflow in filters/mux_isom.c:5716:20

Description The signed integer overflow in MP4Box, and the program will eventually crash due to double-free,. It is uncertain whether the signed integer overflow is directly related to double-free Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Par...

1.9CVSS7AI score0.00293EPSS
Exploits1References1
Huntr
Huntr
•added 2023/08/30 7:48 a.m.•24 views

Use After Free in gf_filterpacket_del filter_core/filter.c:38

Description Use After Free in MP4Box. I'm not sure if this is a bug or an exploitable vulnerability. Since it was a double-free crash, I classified it as a UAF vulnerability type. Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed...

6.7AI score0.00272EPSS
Exploits1References1
Huntr
Huntr
•added 2023/08/29 9:32 a.m.•12 views

LimeSurvey 5.6.34-230816 has a storage based XSS vulnerability caused by importManifest

Description A regular user with "theme" privileges who maliciously sets the "templatename" during the importManifest process can lead to a stored Cross-Site Scripting XSS vulnerability. Proof of Concept The first step is to create a user with only 'theme' permission. Log in to this user and make ...

5.6AI score
Exploits0
Huntr
Huntr
•added 2023/08/29 7:0 a.m.•23 views

NULL Pointer Dereference in media_tools/mpeg2_ps.c, media_tools/avilib.c and filters/dasher.c

Description NULL Pointer Dereference in MP4Box. Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.8AI score0.00295EPSS
Exploits1References4
Huntr
Huntr
•added 2023/08/29 3:10 a.m.•23 views

division by zero in scene_manager/swf_svg.c, filters/dasher.c , filters/mux_isom.c and scene_manager/swf_parse.c

Description division by zero in MP4Box. Version $ ./bin/gcc/MP4Box -version MP4Box - GPAC version 2.3-DEV-revrelease c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...

1.9CVSS6.8AI score0.00295EPSS
Exploits1References6
Total number of security vulnerabilities4072