Lucene search
K

4072 matches found

Huntr
Huntr
β€’added 2021/05/18 9:33 a.m.β€’9 views

Prototype Pollution in fiznool/body-parser-xml

✍️ Description This library uses an XML parsing library which causes prototype pollution. However, this issue can be fixed on our side. πŸ•΅οΈβ€β™‚οΈ Proof of Concept const express = require'express'; const bodyParser = require'body-parser'; require'body-parser-xml'bodyParser; const app = express; const...

7.5CVSS1.1AI score0.01257EPSS
Exploits1References2
Huntr
Huntr
β€’added 2021/05/18 8:58 a.m.β€’17 views

in cythron/gcp

✍️ Description Hard-Coded User Credentials are exposed in the docker file. πŸ•΅οΈβ€β™‚οΈ Proof of Concept https://github.com/cythron/gcp/blob/master/%23DockerfileL20 πŸ’₯ Impact Attacker is capable of login using given credentials...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/18 8:3 a.m.β€’11 views

Prototype Pollution in jalik/js-deep-extend

✍️ Description Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype. An attacker...

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/18 6:31 a.m.β€’8 views

Cross-site Scripting (XSS) - Reflected in tagspaces/viewertext

✍️ Description viewerText used within the Tagspaces to show a preview of text files is vulnerable to cross site scripting. πŸ•΅οΈβ€β™‚οΈ Proof of Concept If any HTML is feeded to setContent function: javascript setContent"alert'xss'; It appends it to the dom without any filteration: javascript...

0.2AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/05/18 6:2 a.m.β€’16 views

in tagspaces/tagspaces

Vulnerability Code Execution using Reflected Cross Site Scripting ✍️ Description Tagspaces is a file organizer that also works as a file manager. When you open a file, it tries to provide a preview of common files like images, code and text files. But if the extension is not known to tagspaces, it...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/18 1:15 a.m.β€’42 views

Cross-site Scripting (XSS) - Stored in knadh/listmonk

πŸ’₯ BUG Stored xss via file upload πŸ’₯ SUMMURY uploaded file extension only checked in client-side javascript. It must be also checked in server side so that user cant upload html file instead of image . πŸ’₯ STEP TO REPRODUCE 1. From your account goto http://localhost:9000/campaigns/media and upload a...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/17 7:59 p.m.β€’7 views

Cross-site Scripting (XSS) - Stored in knadh/listmonk

✍️ Description Hello, I found stored xss on Logs while creating new campaign works with other stuff not only campaign πŸ•΅οΈβ€β™‚οΈ Proof of Concept https://drive.google.com/file/d/1Y5CMQdfzzdWwcCsQ8y85GgWPOilJVOgo/view?usp=sharing sorry for bad quality Payload: asdf" πŸ’₯ Impact xss...

Exploits0References2
Huntr
Huntr
β€’added 2021/05/17 5:5 p.m.β€’8 views

Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr

πŸ’₯ BUG Stored xss bypassing xss filter πŸ’₯ SUMMURY There are many different user with different role . Here using this xss bug lower level user can make xss attack against higher level user πŸ’₯ PAYLOAD XSS15 πŸ’₯ STEP TO REPRODUCE 1. First goto your account and edit a product . Now put above xss payload ...

7.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/17 9:3 a.m.β€’6 views

Cross-site Scripting (XSS) - DOM in apexcharts/apexcharts.js

✍️ Description Last version of Apexcharts.js is vulnerable to Cross-Site Scripting XSS πŸ•΅οΈβ€β™‚οΈ Proof of Concept Simply try one of the examples provided in samples/vanilla-js/scatter/scatter-images.html in this way: javascript var options = series: name: 'Messenger', data: 16.4, 5.4, ..... , name:...

2.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/17 7:35 a.m.β€’4 views

Cross-site Scripting (XSS) - Stored in kalcaddle/kodexplorer

BUG ======== Stored xss via oexe file upload ACCOUNT ============= 1. user A--admin --victim 2. user B --demo user -- attacker STEP TO REPRODUCE ================== 1. from user B account create oexe file with bellow content...

7.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/16 7:31 a.m.β€’14 views

Cross-site Scripting (XSS) - Stored in phplist/phplist3

✍️ Description Stored xss πŸ•΅οΈβ€β™‚οΈ Proof of Concept see this recorded video https://drive.google.com/file/d/1EUTevCQWPK4txY6jqQ-MAcXyDO7Zx2q/view?usp=sharing πŸ’₯ Impact Xss bug...

0.6AI score
Exploits0References3
Huntr
Huntr
β€’added 2021/05/16 4:57 a.m.β€’15 views

Cross-site Scripting (XSS) - Stored in knadh/listmonk

✍️ Description Stored xss πŸ•΅οΈβ€β™‚οΈ Proof of Concept Check this recorded video https://drive.google.com/file/d/1wlbisKCbYUZprOkAGzWGRQm0f-LDRD/view?usp=sharing πŸ’₯ Impact xss...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/15 1:35 p.m.β€’12 views

in utmsigep/member-directory

✍️ Description Entering unintended values during the member creation flow causes unusual database state, unhandled exceptions/stack trace disclosure and denial of service due to continuous page crashes. πŸ•΅οΈβ€β™‚οΈ Proof of Concept - Select a member-status/group - Create New Member - Enter an invalid...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/15 1:26 p.m.β€’11 views

Cross-site Scripting (XSS) - Stored in utmsigep/member-directory

✍️ Description Donor creation is vulnerable to stored XSS originating from donor creation due to missing sanitization on user input. πŸ•΅οΈβ€β™‚οΈ Proof of Concept - Select a member-status/group - Create Member - Enter an XSS payload into the directory notes field, eg. - Hit save. Upon...

0.9AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/15 1:20 p.m.β€’6 views

Cross-site Scripting (XSS) - Generic in utmsigep/member-directory

✍️ Description Non-administrative functions display success banners after multiple actions that reflect user-input directly without sanitization. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Donation Creation and Update - Donations - New Donation - Enter XSS payloads into the fields Last Name, First Name and Receipt ID,...

1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/15 1:7 p.m.β€’11 views

Cross-site Scripting (XSS) - Generic in utmsigep/member-directory

✍️ Description Administrative functions display success banners after multiple actions that reflect user-input directly without sanitization. πŸ•΅οΈβ€β™‚οΈ Proof of Concept Member-status Creation and Update - Directory Admin - Member Statuses - Create New Member Status - Code: Enter a string, Label: Enter...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/15 1:34 a.m.β€’12 views

Path Traversal in demon1a/discord-recon

✍️ Description Scanning internal git directories leaks using Improper input validation in truffleHog function urlHost = urlparseargument.netloc if urlHost != "github.com" and urlHost != "gitlab.com": await ctx.send"You're trying to scan unallowed URL, please use a github/gitlab URL." return The...

7AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/14 2:42 a.m.β€’9 views

in rockcarry/ffjpeg

✍️ Description An exploitable heap overflow vulnerability exists in function bmpload in bmp.c. πŸ•΅οΈβ€β™‚οΈ Proof of Concept make ./ffjpeg -e poc πŸ’₯ Impact This vulnerability is capable of Code execution...

2.4AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/13 7:20 a.m.β€’6 views

in cythron/tweango

✍️ Description The Django secret key was hard coded in the Github repository which is vulnerable as https://huntr.dev/bounties/1-other-cythron/Tweango/ accordingly. Since the GitHub public API monitor every single git commit that is made, attacker can still find the key from commit lists. = It is...

0.1AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/13 2:22 a.m.β€’20 views

Heap-based Buffer Overflow in strukturag/libde265

✍️ Description heap-buffer-overflow of decctx.cc in function readspsNAL πŸ•΅οΈβ€β™‚οΈ Proof of Concept Verification steps: 1.Get the source code of Bento4 2.Compile the Bento4 bash $ ./autogen.sh $ export CFLAGS="-g -lpthread -fsanitize=address" $ export CXXFLAGS="-g -lpthread -fsanitize=address" $...

7.5CVSS2.5AI score0.0202EPSS
Exploits1References1
Huntr
Huntr
β€’added 2021/05/13 1:55 a.m.β€’12 views

Heap-based Buffer Overflow in axiomatic-systems/bento4

✍️ Description heap-buffer-overflow πŸ•΅οΈβ€β™‚οΈ Proof of Concept Verification steps: 1.Get the source code of Bento4 2.Compile the Bento4 bash $ cd Bento4 $ mkdir checkbuild && cd checkbuild $ cmake ../ -DCMAKECCOMPILER=clang -DCMAKECXXCOMPILER=clang++ -DCMAKECFLAGS="-fsanitize=address"...

2.2AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/05/12 2:59 p.m.β€’14 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/shutdownRemoteFPP.phpL15 a user input is directly echo-ed in the page without sanitization : php $ip = $GET'ip'; echo "Shutting down FPP system @ $ip\n"; πŸ•΅οΈβ€β™‚οΈ Proof of Concept Visit :...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/12 2:37 p.m.β€’8 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/runEventScript.phpL30 you echo unsanitied user input in two places : php \n"; // 1 echo "\n"; system$SUDO . " $fppDir/scripts/eventScript $scriptDirectory/$script $args"; echo "\n"; else ?...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/12 2:33 p.m.β€’10 views

OS Command Injection in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/runEventScript.phpL32 a command is built using unsanitized user input : php \n"; echo "\n"; system$SUDO . " $fppDir/scripts/eventScript $scriptDirectory/$script $args"; // scripts and args ar...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/12 2:23 p.m.β€’4 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/copystorage.phpL29 you echo a command built with untrusted user-input without sanitizing it : php &1"; echo "Command: $command\n"; // I can embed custom and malicious JS here echo...

7.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/12 2:20 p.m.β€’8 views

OS Command Injection in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/copystorage.phpL27 you build a command using unsanitized user input : php &1"; // no sanitization : echo "Command: $command\n"; echo...

1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/12 2:16 p.m.β€’11 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/721c99aed6897792bf7f79fa02a280995e27d409/www/gitCheckoutVersion.phpL26 you echo a user input without sanitization : html Version: πŸ•΅οΈβ€β™‚οΈ Proof of Concept Visit...

0.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/12 2:13 p.m.β€’9 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, in https://github.com/FalconChristmas/fpp/blob/721c99aed6897792bf7f79fa02a280995e27d409/www/gitCheckoutVersion.phpL38 : php A system function is called with a user input, a malicious user could profit from it if the version variable contains a command πŸ•΅οΈβ€β™‚οΈ Proof of Concept...

2.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/12 1:56 p.m.β€’7 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description FalconChristmas/fpp suffer from a XSS vulnerability. In https://github.com/FalconChristmas/fpp/blob/master/www/playlists.phpL15 we see : php var initialPlaylist = ""; XSS is possible because the playlist variable isn't sanitized before reflection in the webpage. πŸ•΅οΈβ€β™‚οΈ Proof of...

1.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/12 1:29 p.m.β€’12 views

in cythron/tweango

✍️ Description Django secret key is pushed into Github repository. This is used to sign Json objects, create hashes and generate Csrf tokens. πŸ•΅οΈβ€β™‚οΈ Proof of Concept https://stackoverflow.com/questions/15170637/effects-of-changing-djangos-secret-key/15383766?noredirect=1comment2174349415383766 πŸ’₯...

Exploits0References1
Huntr
Huntr
β€’added 2021/05/12 6:51 a.m.β€’12 views

Cross-site Scripting (XSS) - Reflected in thecoshman/http

✍️ Description The web server is vulnerable to Cross-site scripting. An attacker can host a file with an XSS payload as the file name. When a user visits the web server address, the javascript will be executed in the browser. This is due to improper sanitization. πŸ•΅οΈβ€β™‚οΈ Proof of Concept - Create a...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/12 6:18 a.m.β€’13 views

in axiomatic-systems/bento4

✍️ Description NULL pointer dereference of Ap4StszAtom.cpp in function GetSampleSize πŸ•΅οΈβ€β™‚οΈ Proof of Concept Verification steps: 1.Get the source code of Bento4 2.Compile the Bento4 bash $ cd Bento4 $ mkdir checkbuild && cd checkbuild $ cmake ../ -DCMAKECCOMPILER=clang -DCMAKECXXCOMPILER=clang++...

0.6AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/12 6:16 a.m.β€’13 views

in axiomatic-systems/bento4

✍️ Description NULL pointer dereference of Ap4Descriptor.h in function GetTag πŸ•΅οΈβ€β™‚οΈ Proof of Concept Verification steps: 1.Get the source code of Bento4 2.Compile the Bento4 bash $ cd Bento4 $ mkdir checkbuild && cd checkbuild $ cmake ../ -DCMAKECCOMPILER=clang -DCMAKECXXCOMPILER=clang++...

1.4AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/11 7:31 p.m.β€’9 views

Cross-site Scripting (XSS) - Reflected in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through Online movies id edition. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. With an authenticated user, access http://localhost/private/en/medialibrary/mediaitemindex. 2. Click on New media. 3. Select Online movies Youtube, Vimeo, ... and click on Next. 4. Select any...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/09 8:23 p.m.β€’9 views

Session Fixation in monicahq/monica

✍️ Description Recently there was more than 5 reports at huntr showing how to trigger XSS in monica ,the session fixation i am reporting here can be used with these bugs or can be used for post exploitation methods to maintain access on an account even after changing the password of the account...

0.8AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/09 3:50 p.m.β€’13 views

OS Command Injection in falconchristmas/fpp

✍️ Description FPP - Falcon Player is vulnerable to OS Command injection attacks on ping.php because it doesnt sanitize user supplied parameters as shown below. : Vulnerable variable: count Method: GET The $count variable is constructed using the user supplied data, and then is used in a system...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/07 11:8 p.m.β€’12 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through image name edition. πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. With an authenticated user, access http://localhost/private/en/medialibrary/mediaitemindex. 2. Click on New media. 3. Upload any image and then click on Back to overview. 4. With the image...

1.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/06 10:45 p.m.β€’8 views

Path Traversal in thecodingmachine/mouf

✍️ Description Mouf is vulnerable to path traversal attacks on mouf/mouf/src/direct/getsourcefile.php because it doesnt sanitize user supplied parameters as shown below. Vulnerable variable: file Method: GET The $file variable is constructed using the user supplied data, and then a file is open...

2.1AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/06 5:46 p.m.β€’13 views

Improper Privilege Management in monicahq/monica

✍️ Description Bypass payment verification and add more contact. From free account user can add only 10 contacts . but using this bug user can add more than 10 contacts for free πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. First goto https://app.monicahq.com/people from free account and add 10 contacts . Now you cant...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/06 5:27 p.m.β€’10 views

Improper Privilege Management in chatwoot/chatwoot

✍️ Description Privilege escalation bug to add slack integration by a agent πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. First goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list from admin account and add a user B as agent . Now here user B cant add slack integration 2. Finally from user B account...

1.2AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/06 12:25 a.m.β€’7 views

Cross-site Scripting (XSS) - Reflected in coppermine-gallery/cpg1.6.x

✍️ Description Coppermine is vulnerable to XSS attacks on /plugins/uploadh5a/help.php because it doesnt sanitize user supplied parameters as shown below. Vulnerable variable: t Method: GET The $styles variable is constructed using the user supplied data, and then is echo in the response. $styles =...

0.6AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/05/05 10:14 a.m.β€’13 views

Cross-site Scripting (XSS) - Reflected in bustle/mobiledoc-kit

✍️ Description XSS using bypass of url validation πŸ•΅οΈβ€β™‚οΈ Proof of Concept i see your code https://github.com/bustle/mobiledoc-kit uses a dependance https://github.com/bustle/mobiledoc-dom-renderer . This dependency uses for url validation to prevent xss . It filter javascript,vbscript protocol to...

5.8CVSS6.6AI score0.00745EPSS
Exploits1
Huntr
Huntr
β€’added 2021/05/04 8:45 p.m.β€’9 views

Path Traversal in svenstaro/miniserve

✍️ Description The file upload feature in miniserver is vulnerable to path traversal vulnerability. An attacker can upload a file with "../" in the filename and the web server will then upload the file outside of the directory scope allowing path traversal. The severity of this security issue...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/03 11:40 a.m.β€’13 views

Code Injection in c0oki3s/python-tools

✍️ Description python-tools is using an unsecure input function in https://github.com/C0oki3s/python-tools/blob/main/Dircreate/Dircreate.pyL8. Given that the script can be run using python2 or python3, if you feed the program with a python command and the python interpreter is python2, then the...

0.4AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/03 8:56 a.m.β€’9 views

Insufficiently Protected Credentials in hotrodzphotography/hotrodzphotography.github.io

✍️ Description Private mailgun API key found in https://github.com/hotrodzphotography/hotrodzphotography.github.io/blob/1e8d0227f3558f3df8140ee0042867fcb1146379/src/views/Contact.vueL48 90e27fb32160148dc1cc3890ef601355' πŸ•΅οΈβ€β™‚οΈ Proof of Concept curl --user 'api:key-90e27fb32160148dc1cc3890ef601355'...

7AI score
Exploits0
Huntr
Huntr
β€’added 2021/05/03 8:8 a.m.β€’9 views

Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Command injection occurs due to lack of sanitization of input passed to the os.system command usage in the package. as the package runs only as root every command processed inside the package system command will be running with root privileges , so every command passed via simple...

2.3AI score
Exploits0References1
Huntr
Huntr
β€’added 2021/05/03 3:53 a.m.β€’20 views

OS Command Injection in sztheory/exifcleaner

✍️ Description Command Injection using XSS via EXIF Data. The application displays the image metadata in HTML format without removing malicious tags, therefore an XSS attack can be performed. bash exiftool -Comment='OverJT' MYIMAGE.png Being an application made in electron, it allows to easily...

1.1AI score0.0434EPSS
Exploits1References2
Huntr
Huntr
β€’added 2021/05/01 9:4 a.m.β€’11 views

Cross-site Scripting (XSS) - Reflected in blockonomics/woocommerce-plugin

✍️ Description Reflected javascript injection vulnerabilities exist when web applications take parameters from the URL and display them on a page. Reflection vulnerabilities occur when a website outputs a variable from the webpage URL directly to the page, such as in a PHP application that accepts...

6.8AI score
Exploits0References2
Huntr
Huntr
β€’added 2021/04/30 1:50 p.m.β€’31 views

Improper Privilege Management in chatwoot/chatwoot

✍️ Description Privilege escalation bug to add agent in a inbox πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. First goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list from admin account and add a user B as agent . 2. now goto https://app.chatwoot.com/app/accounts/4534/settings/inboxes/list and add a...

0.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/04/30 6:30 a.m.β€’12 views

Improper Privilege Management in chatwoot/chatwoot

✍️ Description Privilege escalation to view all conversation πŸ•΅οΈβ€β™‚οΈ Proof of Concept 1. First goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list from admin account and add a user B as agent . 2. now goto https://app.chatwoot.com/app/accounts/4534/settings/inboxes/list and add a...

1.3AI score
Exploits0
Total number of security vulnerabilities4072