Lucene search
K

4072 matches found

Huntr
Huntr
β€’added 2021/05/29 9:15 p.m.β€’8 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Hi, in https://github.com/FalconChristmas/fpp/blob/39aa11e6f9bf8e7ee63bdbb07ea9fcabf434a60e/www/uploadfile.phpL504 you build a JS script using unsanitized user input, this can lead to XSS : php var activeTabNumber = ; // πŸ•΅οΈβ€β™‚οΈ Proof of Concept Visit...

6.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/29 8:53 p.m.β€’8 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Hi, in https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/rebootRemoteFPP.phpL15 the variable ip is reflected without prior sanitization : php $ip = $GET'ip'; echo "Rebooting FPP system @ $ip\n"; πŸ•΅οΈβ€β™‚οΈ Proof of Concept Visit :...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/29 8:43 p.m.β€’7 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Hi, In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/virtualdisplay.phpL14 you create a variable canvasWidth that will be used and reflected multiple times without sanitizing user input : php Later in the script : another PHP file will be...

Exploits0
Huntr
Huntr
β€’added 2021/05/29 8:27 p.m.β€’14 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Hi, there are 2 potential reflected XSS in https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/restartRemoteFPPD.phpL16 : php $ip = $GET'ip'; // if isset$GET'mode' echo "Setting FPPD mode @ $ip\n"; // echo "Restarting FPPD @ $ip\n"; The ip...

6.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/29 8:13 p.m.β€’6 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Hi, few days ago I reported this vulnerability : https://huntr.dev/bounties/8-other-FalconChristmas/fpp/ There were 2 XSS vectors in https://github.com/FalconChristmas/fpp/blob/f032d800a67ed280f8d577d95519a71c95114579/www/runEventScript.phpL41 : php \n"; // 1 // else ? ERROR: Unknow...

Exploits0
Huntr
Huntr
β€’added 2021/05/29 5:20 p.m.β€’10 views

OS Command Injection in falconchristmas/fpp

✍️ Description The version variable is directly embeded in a OS command in https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/upgradefpp.phpL54 php $version = $GET'version'; // $command = "sudo /opt/fpp/scripts/upgradeFPP " . $version . " 2&1"; echo "Command:...

1.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/29 5:11 p.m.β€’6 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, a command is built without filtering user input in https://github.com/FalconChristmas/fpp/blob/cc026bd238b641ad147a3f8e1df47052e34f16d3/www/copyFilesToRemote.phpL50 php $ip = $GET'ip'; // $command = "rsync -rtDlv --modify-window=1 $compress --stats $fppHome/media/$dir/...

1.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/29 4:59 p.m.β€’9 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, it is possible to inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/59b7f7e8039a7019143c2c4b44f7d95b6358a4ef/www/formatstorage.phpL24 php &1"; echo "Command: $command\n"; echo...

1.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/29 4:15 p.m.β€’9 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, it is possible ot inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/f032d800a67ed280f8d577d95519a71c95114579/www/upgradeOS.phpL46 php system$SUDO . " $fppDir/SD/upgradeOS-part1.sh /home/fpp/media/upload/" . $GET'os'; πŸ•΅οΈβ€β™‚οΈ Proof of Concept Visit :...

1.4AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/29 4:12 p.m.β€’8 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description An XSS vulnerability is present in https://github.com/FalconChristmas/fpp/blob/f032d800a67ed280f8d577d95519a71c95114579/www/upgradeOS.phpL26 due to absence of user input sanitization : php Image: πŸ•΅οΈβ€β™‚οΈ Proof of Concept Visit...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/29 4:6 p.m.β€’5 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description A reflected XSS is possible because you echo user controlled content without sanitization in https://github.com/FalconChristmas/fpp/blob/40a636c6e38442e3674db0b85fdfc5ed8a79b823/www/changebranch.phpL25 php $branch = $GET'branch'; $command = "sudo /opt/fpp/scripts/gitbranch "...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/29 4:2 p.m.β€’10 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, there is a command injection vulnerability in https://github.com/FalconChristmas/fpp/blob/40a636c6e38442e3674db0b85fdfc5ed8a79b823/www/changebranch.phpL23 php &1"; echo "Command: $command\n"; echo...

1.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/29 3:46 a.m.β€’10 views

in mcfriend99/bird

✍️ Description Heap-based 1-byte write violation. Certain programs can cause the parser/syntax-checker to write out of bounds. The below program writes a single byte out of bounds. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Program: var a = 'outer' def test var a = 'inner' echo 'It works! $a' echo a echo test test def...

7.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/29 3:32 a.m.β€’4 views

Denial of Service in mcfriend99/bird

✍️ Description The Bird interpreter is vulnerable to memory leaks. This occurs due to memory being allocated but never freed during the compilation/interpretation process. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Compile the interpreter with ASAN enabled. Run the interpreter and execute print123 and then exit. You...

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/29 3:23 a.m.β€’7 views

Heap-based Buffer Overflow in mcfriend99/bird

✍️ Description Heap-based Write Violation. Certain input programs can result in write access violations by the syntax checker component of the interpreter. One such program writes 23 bytes onto the heap outside of bounds and may result in arbitrary code execution and memory leaks. πŸ•΅οΈβ€β™‚οΈ Proof of...

Exploits0
Huntr
Huntr
β€’added 2021/05/28 4:48 p.m.β€’10 views

in hstm/dotfiles

✍️ Description Owner of this Github repo has inadvertently committed their .pgpass file which contains login information for a localhost PostgreSQL server. We suggest the owner of this Github repo deletes the file from the repo, adds .pgpass to their .gitignore and changes their localhost...

0.2AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/28 10:14 a.m.β€’9 views

Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Unsanitized user input leads to command injection in multiple scripts. πŸ•΅οΈβ€β™‚οΈ Proof of Concept payload = ;id https://drive.google.com/file/d/1ZPyCaSyDbD2-gQK43DKlAHkFxi8lmgh/view?usp=sharing πŸ’₯ Impact command run as root so it could do potential damage...

1AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/28 10:5 a.m.β€’12 views

Code Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Multiple Command injection in infogathering.py file due to lack of sanitization. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Payload : id Video: https://drive.google.com/file/d/1uozVKKHL1LSMvFW7ehX3eIoxsWFLCes1/view?usp=sharing πŸ’₯ Impact tools ask for root to run so every command injected will run as root...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/27 9:28 p.m.β€’28 views

in miodec/monkeytype

✍️ Description Users can bypass leaderboard controls and inject any object they want into the leaderboard by spoofing post requests to /checkLeaderboards. Malicious users can send specially crafted post requests and inject any user they want to the top of the leaderboard with any value words per...

6AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/26 9:52 p.m.β€’13 views

in psi-4ward/psitransfer

✍️ Description Hi, with PsiTransfer we can upload files and protect them with a password. However, there is an IDOR that let an attacker retrieve arbitrary files and get the AES encrypted data of these files. All is left is to perform an offline bruteforce to crack the password of this file and ge...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/25 10:34 p.m.β€’20 views

in thisistherk/fast_obj

✍️ Description Whilst experimenting with the test code built from commit d97389 with Clang 11 +UBSan on Ubuntu 20.04.2 LTS, we discovered an OBJ file which produces a signed integer overflow and a pointer overflow followed by a SIGSEGV πŸ•΅οΈβ€β™‚οΈ Proof of Concept echo...

2.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/24 3:33 p.m.β€’8 views

Improper Access Control in causefx/organizr

✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Visit the following link to verify that you can use the service...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/24 8:39 a.m.β€’11 views

Improper Access Control in openwhyd/openwhyd

✍️ Description Youtube API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Visit following link to verify anyone can access the api key:...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/24 3:33 a.m.β€’10 views

Improper Privilege Management in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can add personal email to another user. πŸ’₯ IMPACT user who dont have any access in "users and groups" can update users personal email. πŸ’₯ TESTED VERSION dolibarr 14.0.0-beta πŸ’₯ STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/24 3:23 a.m.β€’23 views

in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can attach bank to another user. πŸ’₯ IMPACT user who dont have any access in "users and groups" can update users bank details πŸ’₯ TESTED VERSION dolibarr 14.0.0-beta πŸ’₯ STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B bellow...

7.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/23 3:21 p.m.β€’8 views

Stack-based Buffer Overflow in codeplea/tinyexpr

✍️ Description Whilst experimenting with repl built from commit 61af1d, with Clang 10 +ASan on Ubuntu 20.04.2 LTS, we discovered an expression containing 4 null characters after a newline which, due to insufficient bounds checking, triggers a stack-buffer-overflow. πŸ•΅οΈβ€β™‚οΈ Proof of Concept echo...

0.4AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/23 12:55 p.m.β€’21 views

Improper Access Control in bramp/myip

✍️ Description Google Maps API key is enabled without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. If Google Maps is not used in your project, then all the following APIs should...

Exploits0
Huntr
Huntr
β€’added 2021/05/23 12:12 p.m.β€’5 views

Exposure of Sensitive Information to an Unauthorized Actor in tl-its-umich-edu/my-learning-analytics

✍️ Description Django secret key is exposed into the Dockerfile. This is used to sign JSON objects, create hashes and generate CSRF tokens. πŸ•΅οΈβ€β™‚οΈ Proof of Concept https://stackoverflow.com/questions/15170637/effects-of-changing-djangos-secret-key/15383766?noredirect=1comment2174349415383766 πŸ’₯...

7.1AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/23 4:46 a.m.β€’6 views

Improper Privilege Management in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can attach agenda with leave. πŸ’₯ IMPACT user who dont have any access in leave can add agenda to this leave πŸ’₯ TESTED VERSION dolibarr 14.0.0-beta πŸ’₯ STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B bellow permission for Agenda...

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/23 2:20 a.m.β€’13 views

Improper Privilege Management in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can add resource to a agenda πŸ’₯ IMPACT user with read-only permission can add resource agenda πŸ’₯ TESTED VERSION dolibarr 14.0.0-beta πŸ’₯ STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B bellow permission for Events/Agenda and...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/22 7:20 p.m.β€’17 views

in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can upload file to a task associated with a project. πŸ’₯ IMPACT user who has read-only access to a project can add file to task associated with this project πŸ’₯ TESTED VERSION dolibarr 14.0.0-beta πŸ’₯ STEP TO REPRODUCE 1. First goto admin account and add user B as normal user ....

7.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/22 6:46 p.m.β€’5 views

in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can modify subject of a ticket πŸ’₯ IMPACT user with read-only permission can modify ticket subject πŸ’₯ TESTED VERSION dolibarr 14.0.0-beta πŸ’₯ STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B bellow permission for Ticket module ....

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/22 6:30 p.m.β€’6 views

Improper Privilege Management in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can see task associated with a project πŸ’₯ IMPACT user dont have access to specific project but still can see task attached to this project . πŸ’₯ TESTED VERSION dolibarr 14.0.0-beta πŸ’₯ STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user ...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/22 6:10 p.m.β€’7 views

Improper Privilege Management in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can download file of a agenda πŸ’₯ IMPACT user dont have access to specific agenda but still can download file uploaded to this agenda . πŸ’₯ TESTED VERSION dolibarr 14.0.0-beta πŸ’₯ STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B...

1.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/22 7:39 a.m.β€’2 views

Improper Access Control in xamarin/googleplayservicescomponents

✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Visit the following links to verify that you can use the service by...

0.8AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/21 10:58 p.m.β€’7 views

Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr

✍️ Description dolibarr is vulnerable to XSS. It is possible to upload SVG files containing JavaScript code. πŸ•΅οΈβ€β™‚οΈ Proof of Concept SVG file content: html alertdocument.domain; 1. With an authenticated user, access http://localhost/societe/card.php?action=create&leftmenu=. 2. Write any content in...

Exploits0
Huntr
Huntr
β€’added 2021/05/21 9:15 p.m.β€’7 views

Heap-based Buffer Overflow in croatiacontrolltd/asterix

✍️ Description Whilst experimenting with asterix, built from commit f44cfea, compiled with Clang 10 + ASan on Ubuntu 20.04.2 LTS, we are able to induce a heap-buffer-overflow in DataItemBits::getBits asterix/src/asterix/DataItemBits.cpp:125. Since there is no bounds checking, when the software...

0.4AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/21 4:11 p.m.β€’9 views

Improper Access Control in teamultroid/ultroid

✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Visit this link to verify that you can use the service by visiting...

1.5AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/21 12:32 p.m.β€’10 views

Improper Access Control in codingtrain/website

✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Visit this link to verify that you can use the service by visiting...

0.5AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/21 12:26 p.m.β€’10 views

Improper Access Control in kenzo-404/lynx-userbot

✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Visit this link to verify that you can use the service by visiting...

1.4AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/20 9:53 p.m.β€’7 views

in koel/koel

✍️ Description Koel is lacking any form of rate limiting in the login form, thus allowing an attacker to brute force their way in. πŸ•΅οΈβ€β™‚οΈ Proof of Concept - Spin up an instance of Koel. - Open up burpsuite and capture a login request, send it to intruder, set your options and run. - 401 is shown...

2.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/20 12:36 p.m.β€’26 views

Path Traversal in kalcaddle/kodexplorer

✍️ Description I have confirmed a file transversal vulnerability on any server running Kodexplorer, Malicious user can read any file πŸ•΅οΈβ€β™‚οΈ Proof of Concept First setup local installation of kodExplorer. If the server is running with root permission:...

0.4AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/19 7:59 p.m.β€’10 views

SQL Injection in akshayp282/quizx

✍️ Description Course deletion on the teacher portal is vulnerable to SQL injection. This will allow a user to run arbitrary SQL queries and completely erase, export or change all information in the database - potentially rendering the entire platform unusable. πŸ•΅οΈβ€β™‚οΈ Proof of Concept - Log in to...

1.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/19 4:38 p.m.β€’4 views

Cross-site Scripting (XSS) - Stored in stevearc/pypicloud

✍️ Description i didn't know there was something like this πŸ•΅οΈβ€β™‚οΈ Proof of Concept details https://github.com/stevearc/pypicloud/issues/280 πŸ’₯ Impact stored xss on admin panel many users still have older versions...

0.8AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/19 10:34 a.m.β€’10 views

Improper Privilege Management in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can edit/share linked file of a project . πŸ’₯ VIDEO https://drive.google.com/file/d/1YaiG0vjFTuqZRck7dMLqkhT7HSZqaEdu/view?usp=sharing πŸ’₯ STEP TO REPRODUCE 1. From admin account add user B as normal user .\ now give user B bellow permission for project module.\ ----Read...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/19 9:11 a.m.β€’13 views

Improper Privilege Management in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can download project file πŸ’₯ STEP TO REPRODUCE ========================== 1. From admin account add user B as normal user .\ now give user B bellow permission for project module.\ ----Read projects and tasks shared project and projects I'm contact for. Can also enter time...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/19 8:49 a.m.β€’12 views

Improper Privilege Management in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can modify directory πŸ’₯ STEP TO REPRODUCE 1. From admin account add user B as normal user .\ Now dont give any permission for DMS/ECM module for user B .\ So, user B should not see any DMS/ECM details .\ \ 2. Now from admin account goto...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/19 8:34 a.m.β€’14 views

Improper Privilege Management in dolibarr/dolibarr

πŸ’₯ BUG unprivileged user can see all details of a product πŸ’₯ STEP TO REPRODUCE 1. From admin account add user B as normal user .\ Now dont give any permission for Product module for user B .\ So, user B should not see any product details .\ \ 2. Now from admin create a product .\ \ 3. Finally goto...

0.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/18 8:27 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr

✍️ Description The dolibarr is vulnerable to XSS. It is possible to bypass the sanitizer through onpointerdown event. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Payload: XSS. 1. With an authenticated user, access http://localhost/product/index.php. 2. Click on New product in the left bar. 3. Put any content in the Ref...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/18 1:29 p.m.β€’19 views

Cross-site Scripting (XSS) - Stored in changeweb/unifiedtransform

✍️ Description Stored Cross Site Scripting in the message/all.blade.php. πŸ•΅οΈβ€β™‚οΈ Proof of Concept As a teacher, click on "My Courses" and then "message students". CKEditor hides the underlying where we can add tag or capture the request in a proxy like burpsuite and edit the HTTP POST request. Select...

Exploits0
Total number of security vulnerabilities4072