Lucene search
K

4072 matches found

Huntr
Huntr
β€’added 2021/07/25 8:43 a.m.β€’7 views

Cross-Site Request Forgery (CSRF) in pimcore/pimcore

✍️ Description Your application have not any CSRF protection and also You set the SameSite attribute to Lax, this means if you want to alter some data with GET HTTP requests, then your site should be vulnerable to CSRF attacks with no doubt. First you run this Html payload and then you should see...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/24 10:19 p.m.β€’8 views

Use of a Broken or Risky Cryptographic Algorithm in serghey-rodin/vesta

✍️ Description uniqid does not generate cryptographically secure strings, even if it did, supplying it with mtrand would render it insecure as an attacker would be able to gain access to a victim's account by simply knowing when they logged in, this could be used as a mass-account-takeover vector...

2.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/24 5:33 p.m.β€’12 views

Business Logic Errors in pimcore/pimcore

✍️ Description Pimcore is vulnerable to Business Logic error through negative products amount. πŸ•΅οΈβ€β™‚οΈ Proof of Concept HTML content: HTML 1. Save the above content into an HTML file. 2. Open the HTML file on the browser and click on Submit button. 3. Check out the total price. PoC video. πŸ’₯ Impact It...

1.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/24 12:2 p.m.β€’8 views

Inefficient Regular Expression Complexity in erxes/erxes

✍️ Description If we want to use Regex in our match or search or replace or … functions, we must be sanitize this function's inputs. if an attacker capable to inject any Regex or abuse the exponential Regexes that used in our codes, then the ReDoS vulnerability appear and according to "freezing th...

Exploits0
Huntr
Huntr
β€’added 2021/07/24 8:57 a.m.β€’7 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/24 8:43 a.m.β€’10 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/24 8:39 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/24 8:34 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/24 8:29 a.m.β€’10 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/24 8:29 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.4AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/23 7:3 p.m.β€’14 views

in alovoa/alovoa

✍️ Description Affected versions of this package are vulnerable to XML External Entity XXE Injection via the SAML2AssertionValidator method. Access to external entities was not disabled in XML parsing. πŸ•΅οΈβ€β™‚οΈ Proof of Concept org.springframework.security spring-security-oauth2-client...

4.3AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/07/23 3:29 p.m.β€’8 views

in janeczku/calibre-web

✍️ Description The attribute name is not properly restricted so a user can change his username even when the view does not allow to change it. πŸ•΅οΈβ€β™‚οΈ Proof of Concept //The method changeprofile saves also de name if it is present in the request. It does not check if the user has the permission to...

1.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/23 3:4 p.m.β€’9 views

Cross-Site Request Forgery (CSRF) in janeczku/calibre-web

✍️ Description An attacker can make a user change his profile settings by CSRF vulnerability through PoC file. There is no CSRF token. πŸ•΅οΈβ€β™‚οΈ Proof of Concept For example, changing the email address from "[email protected]" to "[email protected]" test1's profile. Make the user open a link with this page...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/23 2:58 p.m.β€’11 views

in kestasjk/webdiplomacy

✍️ Description According to previous explanation about weak cryptographic tokens, you also send the same weak token to users that forgot their passwords. here an attacker can also do Bruteforce attacks to take control of users accounts. πŸ•΅οΈβ€β™‚οΈ Proof of Concept...

0.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/23 2:55 p.m.β€’12 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug to watch a game πŸ•΅οΈβ€β™‚οΈ Proof of Concept no csrf token checking during watch game.\ Bellow request is vulnerable to csrf attack POST /redirect.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0 Accept:...

Exploits0
Huntr
Huntr
β€’added 2021/07/23 1:51 p.m.β€’10 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug when contacting team πŸ•΅οΈβ€β™‚οΈ Proof of Concept no csrf token contact .\ Bellow request is vulnerable to csrf attack POST /contactUsDirect.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0 Accept:...

0.4AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/23 1:32 p.m.β€’12 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug when disabling notice πŸ•΅οΈβ€β™‚οΈ Proof of Concept no csrf token checking during enable/desable notice .\ Bellow request is vulnerable to csrf attack POST /index.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/23 1:14 p.m.β€’14 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug when creating game πŸ•΅οΈβ€β™‚οΈ Proof of Concept no csrf token checking during gamecreate .\ Bellow request is vulnerable to csrf attack POST /gamecreate.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/23 11:53 a.m.β€’7 views

in kestasjk/webdiplomacy

✍️ Description Bypass rate limit and sent unlimited email to any email address. πŸ’₯ Impact Attacker can sent unlimited email to any mail address . Many email service provider has limited email sending like 10000 email per month . If you exeed that limit then you will be extra charged . So, using thi...

7.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/23 10:31 a.m.β€’10 views

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description csrf bug to change user profile πŸ•΅οΈβ€β™‚οΈ Proof of Concept I see there no csrf token checking when updating user-profile save bellow html code in html file and host this file . Now sent this file link to vicitm when victim open the link then his profile information will be changed...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/23 8:59 a.m.β€’12 views

Code Injection in causefx/organizr

✍️ Description The "version": "v6.4.1", is vulnerable to code injection, Affected versions of this package are vulnerable to Arbitrary Code Execution. If the $langpath parameter is passed unfiltered from user input, it can be set to a UNC path, and if an attacker is also able to persuade the serve...

4AI score0.02803EPSS
Exploits0References1
Huntr
Huntr
β€’added 2021/07/22 6:18 p.m.β€’15 views

Cross-Site Request Forgery (CSRF) in emoncms/dashboard

πŸ’₯ BUG csrf bug to change schedule to public πŸ’₯ STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/schedule/set.json?id=1&fields=%22public%22:true and your schedule will be change from private to public. πŸ’₯ IMPACT Any attacker can send those link to vicitm...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/22 6:13 p.m.β€’13 views

in emoncms/dashboard

πŸ’₯ BUG account takeover via host-header injection It allow attacker to change url of account-verification link and verify any email-address . πŸ’₯ STEP TO REPRODUCE 1. First as attacker create a account with email [email protected]. You dont own that email-address .\ You cant login untill you verify that...

0.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/22 6:9 p.m.β€’9 views

Cross-Site Request Forgery (CSRF) in emoncms/dashboard

πŸ’₯ BUG csrf bug to regenerate api-key πŸ’₯ STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/user/newapikeywrite.json and a new api key will be generated. πŸ’₯ IMPACT Any attacker can send those link to vicitm and when vicitm open the link then api-key will be...

1.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/22 6:7 p.m.β€’13 views

Cross-Site Request Forgery (CSRF) in emoncms/dashboard

πŸ’₯ BUG csrf bug to change email πŸ’₯ STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/user/changeemail.json?&email=admin%40localhost.combm and your email will be changed. πŸ’₯ IMPACT Any attacker can send those link to vicitm and when vicitm open the link the...

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/22 2:12 p.m.β€’6 views

Cross-Site Request Forgery (CSRF) in emoncms/emoncms

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/22 4:41 a.m.β€’8 views

Improper Privilege Management in opensource-socialnetwork/opensource-socialnetwork

πŸ’₯ BUG unprivileged user can like to private album . πŸ’₯ IMPACT user who does not have permiison in private album still can comment in that album. πŸ’₯ STEP TO RERPODUCE There is two user called user-A and user-B.\ 1. First goto user-A account and create a private album . \ Lets album url is...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/22 4:39 a.m.β€’6 views

Improper Privilege Management in opensource-socialnetwork/opensource-socialnetwork

πŸ’₯ BUG unprivileged user can comment to private album . πŸ’₯ IMPACT user who does not have permiison in private album still can comment in that album. πŸ’₯ STEP TO RERPODUCE There is two user called user-A and user-B.\ 1. First goto user-A account and create a private album . \ Lets album url is...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/22 4:1 a.m.β€’11 views

in janeczku/calibre-web

✍️ Description A user can see the name of another user's private shelf through a forbidden error. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. As user 1, try to add a book to a user 2's shelf: GET /shelf/add/2/2 2. See the returned error: Sorry you are not allowed to add a book to the the shelf: shelf test2 This is...

1.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 10:1 p.m.β€’11 views

Improper Access Control in janeczku/calibre-web

✍️ Description A user can edit the title of another user's shelf. πŸ•΅οΈβ€β™‚οΈ Proof of Concept The function editshelf calls directly to createeditshelf sending the queried shelf by the id from the path withouth checking if that shelf is theirs. // shelf.py @shelf.route"/shelf/edit/", methods="GET",...

0.5AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/07/21 7:36 p.m.β€’13 views

in janeczku/calibre-web

✍️ Description The app does not expire the user's session after the logout. It is possible to continue using the session even when the user has logged out. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. Login as a user at /login. 2. Select logout, intercepting and copying the user's cookie. 3. After this logout, send a...

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 6:34 p.m.β€’23 views

None in firefly-iii/firefly-iii

Improper Restriction of Excessive Authentication Attempts. The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks. STEPS FOR REPRODUCTION: 1Go to...

5CVSS0.3AI score0.0071EPSS
Exploits1
Huntr
Huntr
β€’added 2021/07/21 12:10 p.m.β€’13 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to close a project πŸ•΅οΈβ€β™‚οΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when closing a project ....

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 11:59 a.m.β€’6 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to activate all contractline πŸ•΅οΈβ€β™‚οΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when activate all contract-line ....

1.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 11:53 a.m.β€’4 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to remove third-party from sales-order πŸ•΅οΈβ€β™‚οΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when removing third-party from sales-order ....

1.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 11:48 a.m.β€’15 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to classify bill of sales-order πŸ•΅οΈβ€β™‚οΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when classify bill of sales-order ....

1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 11:43 a.m.β€’8 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to delete warehouse πŸ•΅οΈβ€β™‚οΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when delete warehouse ....

1.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 11:40 a.m.β€’13 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to validate inventory πŸ•΅οΈβ€β™‚οΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when validate inventory ....

1.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 11:23 a.m.β€’10 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to delete product variants πŸ•΅οΈβ€β™‚οΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when delete product variants ....

1.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 11:12 a.m.β€’13 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to delete customer price πŸ•΅οΈβ€β™‚οΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when delete customer price ....

1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 10:42 a.m.β€’18 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to set-paid expense-report πŸ•΅οΈβ€β™‚οΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when set-paid expense report....

1.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 10:21 a.m.β€’10 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to remove linked file πŸ•΅οΈβ€β™‚οΈ Proof of Concept bellow request is vulnerable to csrf attack when removing linked file.\ https://demo.dolibarr.org/expensereport/card.php?id=202&action=removefile&file=%28PROV202%29%2F%28PROV202%29.pdf&entity=1 πŸ’₯ Impact csrf attack...

1.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 9:3 a.m.β€’11 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In Billing | payment section the Customer invoices part, you protect invoice Statuses to any kind of modification from CSRF attacks but if I set CSRF token to nothings then I able to modify arbitrary invoice Statuses only with knowing their ids. In this PoC.html I am able to Validat...

3.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 8:36 a.m.β€’12 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In Bank section the POS part, you don't protect resources from delete with CSRF attacks and then I able to delete/close arbitrary POS cash desk control entities only with knowing their ids. πŸ•΅οΈβ€β™‚οΈ Proof of Concept // PoC.html history.pushState'', '', '/' πŸ’₯ Impact This vulnerability is...

3.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 8:32 a.m.β€’10 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In Bank section the Bank | Cash part, you protect List entities to delete with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary List entities only with knowing their ids. πŸ•΅οΈβ€β™‚οΈ Proof of Concept // PoC.html history.pushState'', '', '/' input...

2.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 8:15 a.m.β€’9 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In Ticket section , you protect tickets from being deleted with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary tickets only with knowing their "trackid" parameter. πŸ•΅οΈβ€β™‚οΈ Proof of Concept // PoC.html history.pushState'', '', '/' πŸ’₯ Impact This...

4.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/21 5:44 a.m.β€’6 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In HRM -- Expenses reports Directory, you don't protect files built by mass actions to delete with CSRF attacks then attacker able to delete arbitrary reports only with knowing their names. πŸ•΅οΈβ€β™‚οΈ Proof of Concept // PoC.html history.pushState'', '', '/' ...

3.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/20 3:4 a.m.β€’10 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

✍️ Description microweber is vulnerable to Cross-site request forgery. The app is not checking the CSRF token when adding new products to the cart. πŸ•΅οΈβ€β™‚οΈ Proof of Concept HTML content: HTML setTimeout = form.submit; , 2000; 1. Save the above content into an HTML file. 2. Open the file on the...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/20 2:52 a.m.β€’13 views

Business Logic Errors in microweber/microweber

✍️ Description microweber is vulnerable to Business Logic error through negative product price. πŸ•΅οΈβ€β™‚οΈ Proof of Concept HTML content: HTML 1. Save the above content into an HTML file. 2. Access the app localhost and add a product to the cart. 3. Open the HTML file and click on submit button to take...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/19 11:9 a.m.β€’10 views

Cross-site Scripting (XSS) - Reflected in alovoa/alovoa

✍️ Description xss bug πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. Open url https://alovoa.com/profile?lang=es%22%3E%3Cscript%3Ealert1%3C/script%3E and see xss is executed .\ My previous xss and this xss has different attacking endpoint and thats why i submitted two report πŸ’₯ Impact xss...

0.2AI score
Exploits0
Total number of security vulnerabilities4072