Lucene search
K

4072 matches found

Huntr
Huntr
β€’added 2021/07/19 4:57 a.m.β€’11 views

Session Fixation in alovoa/alovoa

✍️ Description When a logged in user changes his password, the session does not expire after the update. πŸ•΅οΈβ€β™‚οΈ Proof of Concept // PasswordController.java does not expire or force to logout the user after the update. @PostMappingvalue = "/change", consumes = "application/json" public void...

0.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/19 3:28 a.m.β€’29 views

Improper Privilege Management in uvdesk/core-framework

✍️ BUG privilege escalation bug to pin a threads πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. Frist from admin account goto http://localhost/uvdesk/public/en/member/agents and add new user called user B with Agent role .\ Now gives user-B all tikceting permission like can update/add/edit/delete/lock/pin to a ticket...

Exploits0References1
Huntr
Huntr
β€’added 2021/07/19 3:9 a.m.β€’14 views

Cross-site Scripting (XSS) - DOM in alovoa/alovoa

✍️ Description It is possible to run JavaScript code in the webpage by DOM unsanitized properties. The function onChangeLocal sets the value of window.location.search directly from the URL, without previous checks. πŸ•΅οΈβ€β™‚οΈ Proof of Concept // Vulnerable function in file fragments.html:139 function...

7AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/07/18 7:34 p.m.β€’22 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker can delete any Exports for any user with CSRF vulnerability when the Admin or SuperAdmin or an authorized user click on PoC.html file, it is enough to attacker know the Export's names on server. I convert the...

2.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/18 7:23 p.m.β€’6 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker can delete any Product for any user with CSRF vulnerability when the Admin or SuperAdmin or an authorized user click on PoC.html file, it is enough to attacker know the Product id on server. I convert the GET...

3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/18 7:7 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker can delete any Third Parties for any user with CSRF vulnerability when the Admin or SuperAdmin or an authorized user click on PoC.html file, it is enough to attacker know the Third Parties id on server. I convert the GET...

2.4AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/18 6:52 p.m.β€’10 views

in cortezaproject/corteza-server

Passwords shorter than 8 characters are considered to be weak NIST SP800-63B. Maximum password length should not be set too low, as it will prevent users from creating passphrases. ... It is important to set a maximum password length to prevent long password Denial of Service attacks. STEPS FOR...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/18 5:33 p.m.β€’15 views

Inefficient Regular Expression Complexity in cronvel/string-kit

✍️ Description A ReDoS regular expression denial of service flaw was found in the string-kit package. An attacker that is able to provide crafted input to the naturalSort function may cause an application to consume an excessive amount of CPU. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Create the following PoC file:...

1.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/18 4:22 p.m.β€’8 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker can add or delete any permission for any user with CSRF vulnerability when the Admin or SuperAdmin or an authorized user click on PoC.html file, it is enough to attacker know the permission id on server that start from 1. There is no CSRF token in this situation and the CSR...

3.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/18 4:4 p.m.β€’8 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker can Delete each Group with CSRF vulnerability when the Admin or SuperAdmin click on PoC.html file, it is enough to attacker know the Group id on server that start from 1. For bypass your CSRF token, I just delete token parameter value and set in nothings as you can see in "...

2.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/18 3:31 p.m.β€’33 views

Inefficient Regular Expression Complexity in liriliri/licia

✍️ Description A ReDoS regular expression denial of service flaw was found in the licia package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar to https://nvd.nist.gov/vuln/detail/CVE-2020-28500 πŸ•΅οΈβ€β™‚οΈ...

0.6AI score0.07336EPSS
Exploits1
Huntr
Huntr
β€’added 2021/07/18 3:22 p.m.β€’16 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker able to reopen any Poll in Tools section. πŸ•΅οΈβ€β™‚οΈ Proof of Concept // PoC.html https://demo.dolibarr.org/opensurvey/card.php?action=reopen&id=amyra52rg3g4ywzj...

1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/18 10:48 a.m.β€’9 views

in spiral-project/ihatemoney

πŸ’₯ BUG clickjacking bug. πŸ’₯ STEP TO REPRODUCE I see there is no X-Frame-Options header present in response . So, it allow to load dashboard url in iframe which make clickjacking attack . Iframe will be completely hidden with opacity control so that victim dont suspect . bellow code can be used as...

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/18 10:45 a.m.β€’12 views

Cross-Site Request Forgery (CSRF) in spiral-project/ihatemoney

✍️ Description CSRF bug to delete project πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. goto https://ihatemoney.org/ and create a new project and project-name is XXXX .\ Now bellow request is vulnerable to csrf attack which will delete the whole project \ https://ihatemoney.org/xxxx/delete πŸ’₯ Impact Attacker can...

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/18 9:9 a.m.β€’10 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In this directory "https://demo.dolibarr.org/ecm/index.php?mainmenu=ecm&leftmenu=ecm&idmenu=167162" The attacker Can Perform a CSRF attack to Remove any folders. In this Directory application take a parameter named "token" and I set "token" parameter value to nothings like...

1.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/17 7:4 p.m.β€’11 views

Cross-site Scripting (XSS) - Generic in emoncms/emoncms

✍️ Description Line 94 of theme.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in theme.php at line 94. πŸ•΅οΈβ€β™‚οΈ Proof of Concept $q = ""; if isset$GET'q' $q = $GET'q'; //get in line 16 //print in line...

3.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/17 10:23 a.m.β€’24 views

Server-Side Request Forgery (SSRF) in gogs/gogs

✍️ Description In 2018, this issue was created to address a SSRF vulnerability in gogs wherein an attacker could have gogs send requests to network-internal hosts - a patch for this was released see diff and no queries about the SSRF issue seem to have been raised again since from what I can tell...

5CVSS0.03422EPSS
Exploits1
Huntr
Huntr
β€’added 2021/07/17 3:59 a.m.β€’11 views

Cross-site Scripting (XSS) - Stored in chevereto/chevereto-free

✍️ Description Stored xss via image upload TESTED VESRION latest github code as of 16/7/21 πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. First download https://github.com/ranjit-git/poc/blob/master/xss%22'%3E%3Cimg%20src%3Dx%20onerror%3Dalert123%3E.jpeg image file in linux . Dont change the file name . This type file...

7.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/17 12:45 a.m.β€’10 views

Cross-Site Request Forgery (CSRF) in seriawei/zkeacms

✍️ Description ZKEACMS is vulnerable to Cross-site request forgery. The app has no mechanism against CSRF in all HTTP requests. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Sample: Add products to the shopping cart. HTML content: HTML setTimeout = form.submit , 2000; 1. Save the above content into an HTML file. 2. With...

1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/16 11:29 p.m.β€’11 views

in ampache/ampache

✍️ Description According to PHP official documents 1 we have for mtrand function an security issue that says "This function does not generate cryptographically secure values, and should not be used for cryptographic purposes" and as we see in permalinks you use the mtrand function for generate...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/16 10:59 p.m.β€’7 views

Business Logic Errors in seriawei/zkeacms

✍️ Description ZKEACMS is vulnerable to Business Logic error through negative product amount. πŸ•΅οΈβ€β™‚οΈ Proof of Concept PoC file content: HTML setTimeout = form.submit , 2000; 1. Save the above content into an HTML file. 2. Open it on the browser. Check the shopping cart negative value. PoC video. πŸ’₯...

1.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/16 3:30 p.m.β€’32 views

Inefficient Regular Expression Complexity in apidoc/apidoc-core

✍️ Description A ReDoS regular expression denial of service flaw was found in the apidoc-core package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar attack ref:...

0.2AI score0.03732EPSS
Exploits1
Huntr
Huntr
β€’added 2021/07/15 7:20 p.m.β€’10 views

in emoncms/emoncms

✍️ Description In CSRF attack if attacker able to change the victim email then attacker can change email to own email and get password from password reset section and then the account take over happen here. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1.you login in your account 2.you make a file contain the following...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/15 7:5 p.m.β€’10 views

Cross-Site Request Forgery (CSRF) in emoncms/emoncms

✍️ Description In CSRF attack if your users going to attacker website and click the mallicouse link then they able to steal users cookie, submit unwanted date, .... πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1.you login in your account 2.you make a file contain the following html file. 3.open html as victim site...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/15 7:0 p.m.β€’18 views

Cross-Site Request Forgery (CSRF) in emoncms/emoncms

✍️ Description In CSRF attack if your users going to attacker website and click the mallicouse link then they able to steal users cookie, submit unwanted date, .... πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1.you login in your account 2.you make a file contain the following html file. 3.open html as victim site...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/15 6:15 p.m.β€’9 views

in emoncms/emoncms

✍️ Description weak password requirements can lead to account takeover vulnerability as attacker easily can perform Bruteforce attacks. πŸ•΅οΈβ€β™‚οΈ Proof of Concept if a attacker knows the username and email of the your users then attacker easily can reset the victim password and no privileges required...

1.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/10 5:34 p.m.β€’7 views

in erudika/scoold

Reuse of cookies: The cookies are not expiring after sign out. Once the user signs out of his account, the cookies needs to be expired and should not be any use of reuse. But in this case, an attacker can grab the cookies and use them to log them into a user's account POC: 1Go to...

1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/10 2:13 p.m.β€’18 views

Open Redirect in ionicabizau/parse-url

✍️ Description parse-url improperly handles the user input such as https:/\ and interprets it as a relative path. Backslashes after the protocol are accepted by browsers and treated as normal slashes, but parse-url reads them as the relative path, which could lead to SSRF, open redirects, or other...

6.1AI score0.02483EPSS
Exploits2
Huntr
Huntr
β€’added 2021/07/10 1:51 p.m.β€’15 views

Open Redirect in ionicabizau/git-up

✍️ Description git-up improperly handles the user input such as https:/\ and interprets it as a relative path. Backslashes after the protocol are accepted by browsers and treated as normal slashes, but git-up reads them as the relative path, which could lead to SSRF, open redirects, or other...

6.1AI score0.02483EPSS
Exploits2
Huntr
Huntr
β€’added 2021/07/10 9:52 a.m.β€’12 views

Use of a Broken or Risky Cryptographic Algorithm in boxbilling/boxbilling

✍️ Description The function mtrand is used to generate ticket hashes at the reference shown, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to disclose critical...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/10 1:39 a.m.β€’43 views

Cross-site Scripting (XSS) - Reflected in swiftyspiffy/twitch-token-generator

✍️ Description An almost XSS exists in this repository that, if not for the WAF used on https://twitchtokengenerator.com; would have resulted in reflected XSS. Despite this, it is possible to inject HTML onto the page, making some attack scenarios possible. πŸ•΅οΈβ€β™‚οΈ Proof of Concept - Navigate to...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/10 12:31 a.m.β€’4 views

Use of a Broken or Risky Cryptographic Algorithm in emoncms/emoncms

✍️ Description The function mtrand is used to generate verification keys, API keys both read & write, and even hash salts, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this functio...

0.3AI score
Exploits0References4
Huntr
Huntr
β€’added 2021/07/10 12:20 a.m.β€’14 views

Use of a Broken or Risky Cryptographic Algorithm in panique/huge

✍️ Description The function mtrand is used to generate password-reset tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate password-reset tokens that...

Exploits0References2
Huntr
Huntr
β€’added 2021/07/10 12:13 a.m.β€’13 views

Use of a Broken or Risky Cryptographic Algorithm in mautic/mautic

✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...

0.2AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/07/09 4:15 p.m.β€’13 views

Heap-based Buffer Overflow in squell/id3

✍️ Description Hello! We compiled id3 from commit 857ac8 with Clang-13 + ASan, and we discovered a crafted file which triggers a heap-buffer-overflow, WRITE of size 1. This and the previous bug were discovered with the help of honggfuzz. πŸ•΅οΈβ€β™‚οΈ Proof of Concept echo...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/09 4:5 p.m.β€’11 views

Heap-based Buffer Overflow in squell/id3

✍️ Description Hello! We compiled id3 from commit 857ac8 with Clang-13 + ASan, and we discovered a crafted file which triggers a negative-size-param and a heap-buffer-overflow with a READ of size 40987248. But for the purposes of this report, we are going to look at the heap-buffer-overflow, as it...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/09 3:4 p.m.β€’7 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

✍️ Description pimcore is a Open Source Data & Experience Management Platform PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce this package is vulnerable for Stored XSS thru gender tag πŸ•΅οΈβ€β™‚οΈ Proof of Concept πŸ’₯ Impact This vulnerability is capable of stored xss πŸ“ Location Gender.phpL21...

1.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/08 3:54 p.m.β€’14 views

in ethibox/stacks

✍️ Description Please enter a description of the vulnerability. 1Visit https://github.com/ethibox/stacks/blob/master/wordpress.ymlL47-L50 for the exposed database credentials πŸ’₯ Impact This vulnerability is capable of database getting compromised...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/08 8:10 a.m.β€’21 views

Open Redirect in ionicabizau/parse-url

✍️ Description parse-url mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while parse-url sees it as a relative path. Which will lead to SSRF attacks, open redirects, or...

0.6AI score0.02483EPSS
Exploits2
Huntr
Huntr
β€’added 2021/07/08 8:8 a.m.β€’17 views

Open Redirect in ionicabizau/parse-path

✍️ Description parse-path mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while parse-path sees it as a relative path. Which will lead to SSRF attacks, open redirects, o...

0.6AI score0.02483EPSS
Exploits2
Huntr
Huntr
β€’added 2021/07/08 8:1 a.m.β€’23 views

Open Redirect in tjenkinson/url-toolkit

✍️ Description url-toolkit mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-toolkit sees it as a relative path. Which will lead to SSRF attacks, open redirects,...

0.1AI score0.02483EPSS
Exploits2
Huntr
Huntr
β€’added 2021/07/07 10:44 p.m.β€’9 views

Cross-site Scripting (XSS) - Reflected in leantime/leantime

✍️ Description Reflected XSS in editBoxDialog.tpl.php where "module" and "label" parameters leads to exploitation of a vulnerability. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Open this link http://127.0.0.1/setting/editBoxLabel?module=idealabels%22%3E%3Cscript%3Ealert%22XSS%20by%20OverJT%22%3C/script%3E&label=jjj πŸ’₯...

1.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/07 6:33 a.m.β€’28 views

Server-Side Request Forgery (SSRF) in aimeos/aimeos-core

✍️ Description Integrated online shop based on Laravel 6 LTS and the Aimeos e-commerce framework this web app is vulnerable for stored SSRF thru svg files πŸ•΅οΈβ€β™‚οΈ Proof of Concept πŸ’₯ Impact This vulnerability is capable SSRF...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/06 6:20 p.m.β€’11 views

Cross-Site Request Forgery (CSRF) in spiral-project/ihatemoney

✍️ Description The //delete/ end point lacks CSRF protection. This could be exploited by attackers to make the admin delete records from database. πŸ•΅οΈβ€β™‚οΈ Proof of Concept For the attack to work, a logged in user should click the link could be performed with JavaScript. /delete/"Click here πŸ’₯ Impact...

2.7AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/07/06 4:31 p.m.β€’6 views

Server-Side Request Forgery (SSRF) in erudika/scoold

✍️ Description Possible SSRF in scoold in user profile picture from URL πŸ•΅οΈβ€β™‚οΈ Proof of Concept Steps to reproduce: 1. Create an account and click on the image. 2. Now open the local server or enter any IP:port ex: http://127.0.0.1:8082 3. Now enter the URL and then view the image, you will see get...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/06 4:28 p.m.β€’6 views

Session Fixation in erudika/scoold

✍️ Description Session Fixation vulnerability found in scoold in which it doesn't expire the sessions after password update. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Steps to reproduce: 1. Open the same account in the normal and private tab. 2. Change the password from anyone tab let's say private and then refresh...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/06 2:56 p.m.β€’8 views

Cross-site Scripting (XSS) - Stored in sergix44/xbackbone

✍️ Description Stored xss through file upload via a .svg file πŸ•΅οΈβ€β™‚οΈ Proof of Concept Upload a .svg file with the following content: javascript alertdocument.cookie; give a name you want ending with .svg store-xss.svg for example and upload the file, after upload click on open click on raw see the...

7.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/06 1:25 p.m.β€’8 views

Cross-site Scripting (XSS) - Stored in omeka/omeka-s

✍️ Description Stored xss bug using a xss payload in the Title when adding a new site. the xss is getting executed when you are trying to delete the website, see the PoC for details. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Goto http://localhost/omeka/omeka-s/admin/site and click on add new site copy paste the...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/06 8:6 a.m.β€’6 views

Open Redirect in medialize/uri.js

✍️ Description urijs mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-parse sees it as a relative path. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. Create the following PoC file:...

5.8CVSS0.02483EPSS
Exploits2References1
Huntr
Huntr
β€’added 2021/07/06 7:53 a.m.β€’18 views

Open Redirect in unshiftio/url-parse

✍️ Description url-parse mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-parse sees it as a relative path. Similar attacks:...

5CVSS5.5AI score0.01964EPSS
Exploits2References1
Total number of security vulnerabilities4072