Lucene search
K

4072 matches found

Huntr
Huntr
added 2021/04/27 3:40 a.m.4 views

Cross-site Scripting (XSS) - Stored in jam-py/jam-py

✍️ Description Stored XSS at comment box at suppliers Profile. In fact, all input has XSS. No input parameter is sanitized before saving in the database. 🕵️‍♂️ Proof of Concept 1. git clone https://github.com/jam-py/jam-py 2. cd jam-py && python setup.py install 3. cd demo 4. python server.py 5...

5.9AI score
Exploits0References1
Huntr
Huntr
added 2021/04/26 11:38 a.m.13 views

Cross-Site Request Forgery (CSRF) in boxbilling/boxbilling

✍️ Description CSRF BUG 🕵️‍♂️ Proof of Concept i see whole boxbilling software is vulnerable to csrf bug . There is no protection for csrf attack the csrf attack poc will be bellow code document.getElementById"myForm".submit In this html code change your sitename and save the file as html . Now...

0.5AI score
Exploits0References2
Huntr
Huntr
added 2021/04/25 7:7 p.m.13 views

Cross-site Scripting (XSS) - Stored in bytefury/crater

✍️ Description Stored xss using customer billing address 🕵️‍♂️ Proof of Concept 1. First goto demo app https://demo.craterapp.com/admin/customers/create and create a customer . During creation put bellow xss payload in billing address field and save it . Now see xss is executed payload -- xss"'...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/04/19 2:36 p.m.13 views

Cross-site Scripting (XSS) - Generic in mailtrain-org/mailtrain

✍️ Description Stored xss via campaign file upload 🕵️‍♂️ Proof of Concept 1. First goto http://localhost:3000/campaigns and open a campaign . 2.Now in linux create a file with bellow name. 3. Now upload the created file in the above capaign http://localhost:3000/campaigns/1/files and see xss is...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/04/19 6:35 a.m.18 views

Cross-site Scripting (XSS) - Generic in boxbilling/boxbilling

✍️ Description XSS is possible via support ticket reply functionality for admin. It can happen if a client registers with his name as the XSS payload and admin replies with the default greetings. Otherwise admin have to manually enter the payload in reply form. 🕵️‍♂️ Proof of Concept 1. Register...

0.6AI score
Exploits0References1
Huntr
Huntr
added 2021/04/19 12:57 a.m.13 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through search request. It is possible to set the HTTP referer header to javascript:. 🕵️‍♂️ Proof of Concept Execute the following command localhost: shell curl -H 'Referer: javascript:alert'...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/04/18 11:2 p.m.16 views

Improper Access Control in idno/known

✍️ Description A logged in user can edit 'Public' or 'Members only' status of other users 🕵️‍♂️ Proof of Concept 1. Create a 'Public' or 'Members only' status update with a first user 2. Login with a second user and go to the root page e.g. http://yoursite/known where you can see the status of the...

7.2AI score
Exploits0
Huntr
Huntr
added 2021/04/17 4:33 p.m.24 views

Cross-site Scripting (XSS) - Generic in boxbilling/boxbilling

✍️ Description Cross site scripting via redirect url 🕵️‍♂️ Proof of Concept goto your boxbilling account and visit http://mysite.com/boxbilling/index.php?url=/bb-admin/extension/settings/redirect . here put xss paylaod xss"' in the redirect url field After saved you can see xss is executed Video...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/04/17 4:26 p.m.14 views

Cross-site Scripting (XSS) - Generic in boxbilling/boxbilling

✍️ Description Xss via support ticket 🕵️‍♂️ Proof of Concept login into your boxbilling account and create support ticket . put bellow xss payload in support ticket click-me Now save the link and click the and see xss is executed Video Poc--...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/04/17 1:49 p.m.16 views

Prototype Pollution in ssnau/xkit

✍️ Description Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype. An attacker...

2AI score
Exploits0
Huntr
Huntr
added 2021/04/16 2:12 p.m.14 views

Server-Side Request Forgery (SSRF) in prasathmani/tinyfilemanager

✍️ Description SSRF to access internal server 🕵️‍♂️ Proof of Concept 1. goto http://localhost/tinyfilemanager/index.php?p=&upload and put internal serveer address and see it will fetch that file Video Poc https://drive.google.com/file/d/1dsTqvuQbGN619Gdncze4tuIH7MsonliT/view?usp=sharing 💥 Impact...

1AI score
Exploits0References2
Huntr
Huntr
added 2021/04/16 1:39 p.m.12 views

Cross-site Scripting (XSS) - Generic in prasathmani/tinyfilemanager

✍️ Description Crss site scripting bug exist via file upload 🕵️‍♂️ Proof of Concept 1. Upload a file and capture the request in burpsuite . 2. Now change fullpath parameter value to xss payload in burpsuite and forward the request . and see xss is executed Video poc...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/04/16 7:30 a.m.14 views

Cross-site Scripting (XSS) - Generic in chatwoot/chatwoot

SUMMURY i contacted the company directly , but they told me submit the bug through huntr ✍️ Description Stored xss .Agent can make cross site scripting against admin VIDEO POC https://drive.google.com/file/d/1vWXiFKbsqVhMUS4kgpz50wSNsFTo9Ny/view?usp=sharing 🕵️‍♂️ Proof of Concept STEP TO REPRODUCE...

6.2AI score
Exploits0
Huntr
Huntr
added 2021/04/08 3:12 a.m.20 views

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in sebhildebrandt/systeminformation

✍️ Description The systeminformation package is vulnerable to Improper Input Validation through versions function. 🕵️‍♂️ Proof of Concept javascript // PoC.js const si = require'systeminformation'; si.versionstoString : = console.log"This is a PoC" ; 💥 Impact This vulnerability allows attackers to...

3.7AI score
Exploits0
Huntr
Huntr
added 2021/04/03 3:30 a.m.19 views

Cross-site Scripting (XSS) - Stored in octobercms/library

✍️ Description OctoberCMS uses october/rain library to handle file uploads. Previously it was possible to upload malicious files with HTML content to the CMS via its Media upload feature. This security issue marked as CVE-2020-15249 was fixed in 1.0.469. But it is still possible to upload XML...

0.8AI score0.00459EPSS
Exploits0References3
Huntr
Huntr
added 2021/03/31 6:18 a.m.29 views

Code Injection in trentm/json

✍️ Description json is a 'json' command tool for massaging and processing JSON on the command line. Affected versions of this package are vulnerable to Arbitrary Code Injection via the -d argument. 🕵️‍♂️ Proof of Concept curl -sL 'https://api.github.com/repos/joyent/node/issues?state=open' |...

3.6AI score
Exploits0
Huntr
Huntr
added 2021/03/31 12:36 a.m.8 views

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through adding new media. 🕵️‍♂️ Proof of Concept Payload: . 1. With an authenticated user, access: http://localhost/private/en/medialibrary/mediaitemindex. 2. Select the option Online movies Youtube, Vimeo, ... and click on Next. 3. Select any source...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/03/30 11:47 a.m.18 views

Cross-site Scripting (XSS) - Stored in harish81/digidocu

✍️ Description DigiDocu is a CMS written in PHP using Laravel Framework. Laravel uses Blade templating engine which sanitizes the HTML by default. But DigiDocu is trying to render some HTML content without validating the input that comes from the user's profile ie. users can write some HTML using...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/03/30 8:12 a.m.41 views

Server-Side Request Forgery (SSRF) in frenchbread/private-ip

✍️ Description Private-ip is an NPM module that is used to check if the input IP address is private or not, so as to prevent SSRF attacks. It has 12k downloads every week on NPM However, I found that by crafting a malicious IP, an attacker can easily bypass this check. 🕵️‍♂️ Proof of Concept First...

7.5CVSS1.5AI score0.02949EPSS
Exploits0
Huntr
Huntr
added 2021/03/28 2:28 p.m.44 views

Path Traversal in mailtrain-org/mailtrain

✍️ Description A path traversal also known as directory traversal is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. This might include application code and data, credentials for back-end systems, and sensitive operating...

1AI score
Exploits0References2
Huntr
Huntr
added 2021/03/28 2:14 p.m.14 views

Code Injection in flitbit/json-ptr

✍️ Description json-ptr is a complete implementation of JSON Pointer RFC 6901 for nodejs and modern browsers. JsonPointer.get that is designed to get the target object's value at the pointer's location is vulnerable to arbitrary code injection and exection, mainly due to the lack of sanitizing for...

2.3AI score
Exploits0
Huntr
Huntr
added 2021/03/27 3:9 p.m.16 views

Cross-Site Request Forgery (CSRF) in thewawar/simple-http-server

✍️ Description The 'upload' feature in simple-http-server is vulnerable to cross-site request forgery, it doesn't authenticate the user and just uploads the files which are given to it. If upload feature is enabled, it can allow attackers to craft web pages and if victims interact with attackers'...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/03/26 3:36 p.m.84 views

Prototype Pollution in silentmatt/expr-eval

✍️ Description With speficific input attckers can define properties on prototype, which will lead to prototype pollution. Need node version=12.0.0, which introduce Object.fromEntries 🕵️‍♂️ Proof of Concept // PoC.js const Parser = require'expr-eval'; const o = ; console.log"o.a=", o.a; // o.a=...

2.9AI score
Exploits0
Huntr
Huntr
added 2021/03/26 12:57 p.m.12 views

Code Injection in storybookjs/telejson

✍️ Description telejson is a library for teleporting rich data to another place. The telejson.reviver which is used to parse string data back to json structure can be abused to execute arbitrary code when the lazyEval option is set to false i.e., disabled. The root cause is the attackers can...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/03/26 11:57 a.m.8 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-end" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-end p1-end & p2-end end XSS...

2AI score
Exploits0
Huntr
Huntr
added 2021/03/26 11:52 a.m.15 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-start" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-start p1-start & p2-start...

2AI score
Exploits0
Huntr
Huntr
added 2021/03/26 11:46 a.m.5 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtererclient" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/03/26 11:41 a.m.14 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtereritem" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/03/25 7:3 p.m.17 views

Code Injection in donmccurdy/expression-eval

✍️ Description Althrough we have decleared in the README.MD that do not use this package with user-provided inputs, but after i exam some project with this project, i found that many developers still use in that way, which may lead to some serious security problem. So I think that we still need to...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/03/25 4:6 p.m.15 views

Cross-site Scripting (XSS) - Generic in maxsite/cms

✍️ Description Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/03/23 10:12 p.m.13 views

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishontime" Parameter 🕵️‍♂️ Proof of Concept Vulnerable Parameter: publishontime XSS payload: 17:59'"&%alert1 Steps to reproduce issue 1- Login to Fork admin panel 2-...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/03/23 10:10 p.m.10 views

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter 🕵️‍♂️ Proof of Concept Vulnerable parameter: publishondate XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2-...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/03/23 9:14 p.m.8 views

Cross-site Scripting (XSS) - Generic in forkcms/library

✍️ Description Please enter a description of the vulnerability. Submitted values weren't escaped in case of date, time or hidden fields. This made it possible to perform an XSS attack by URL tampering 🕵️‍♂️ Proof of Concept Find a Spoon Form where there is a date, time or hidden field and pass...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2021/03/23 6:9 p.m.10 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "startdate" Parameter 🕵️‍♂️ Proof of Concept XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2- Goto Modules=Formbuilder 3- Turn on Burp...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/03/23 6:9 p.m.10 views

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter 🕵️‍♂️ Proof of Concept XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2- Goto Modules=Formbuilder 3- Turn on Burp...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/03/23 5:15 p.m.10 views

Open Redirect in forkcms/forkcms

✍️ Description The forkcms is vulnerable to Open Redirect through invalid characters in the URL path. 🕵️‍♂️ Proof of Concept With an authenticated user, access: http://localhost/private/en/authentication?querystring=/%01/effectrenan.com 💥 Impact This vulnerability allows attackers to fool victims...

2.6AI score
Exploits0
Huntr
Huntr
added 2021/03/22 5:22 p.m.10 views

Open Redirect in forkcms/forkcms

✍️ Description Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs. When apps and web pages have requests for URLs, they are supposed to verify that those URLs are part of the intended page’s domain. Open redirect is a failure in that...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/03/17 8:20 p.m.15 views

Command Injection in yibn2008/find-process

✍️ Description find-process is vulnerable to Command Injection through the find function. This function is capable to get information about running processes by PID number, port number or a string value. 🕵️‍♂️ Proof of Concept // PoC.js const find = require'find-process'; const command = "$touch...

2.6AI score
Exploits0References1
Huntr
Huntr
added 2021/03/17 1:24 p.m.9 views

Prototype Pollution in aheckmann/mquery

✍️ Description mquery is aware of the risk of prototype pollution in its exported functions cloneObject and merge and readily present protection by checking the key in var specialProperties = 'proto', 'constructor', 'prototype'. However, the current protection misses to protect another exported...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/03/17 10:59 a.m.39 views

Prototype Pollution in automattic/mongoose

✍️ Description Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Mongoose supports both promises and callbacks. mongoose.Schema is subject to prototype pollution due to the recursively calling of Schema.prototype.add function to add new items into the...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/03/11 8:17 a.m.13 views

Cross-site Scripting (XSS) - Generic in blackcatdevelopment/blackcatcms

✍️ Description 'Display name' Cross Site Scripting XSS 🕵️‍♂️ Proof of Concept 1. To exploit this vulnerability an attacker has a login in the admin panel and clicks on the admin profile button. Then use " onmouseover=alert1 " this XSS payload on Display name field and click on the Save button. 2...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/03/11 12:0 a.m.10 views

Prototype Pollution in automattic/cli-table

Description Prototype Pollution in cli-table Proof of Concept 1. Create the following PoC file: // poc.js var cliTable = require"cli-table" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted; cliTablepayload; console.log"After : " +...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/03/10 4:44 p.m.16 views

Code Injection in prayag2/konsave

✍️ Description konsave is a CLI program that will let you save and apply your KDE Plasma customizations with just one command , which is vulnerable to YAML deserialization attack caused by unsafe loading leads to Arbitary Code Execution. 🕵️‍♂️ Proof of Concept Installation bash pip install konsave...

2.3AI score
Exploits0References2
Huntr
Huntr
added 2021/03/10 4:11 p.m.9 views

Code Injection in antoinestudio/dok

✍️ Description Dok is a documentation tool/system that converts an architecture of folders and files into a static website that anyone can explore. It can be seen as a personal assistant, it invites you to write, organize and then publish your personal knowledge online. , which is vulnerable to...

2.7AI score
Exploits0References1
Huntr
Huntr
added 2021/03/09 3:18 a.m.23 views

Command Injection in azure/ms-rest-nodeauth

✍️ Description the core function execAz which is purposely used for az command can be injected with arbitrary other OS commands. Also the attackers can exploit this vulnerability by calling AzureCliCredentials.setDefaultSubscription"OS command" from the Azure CLI. 🕵️‍♂️ Proof of Concept // PoC.js...

6.8CVSS2.8AI score0.01956EPSS
Exploits0
Huntr
Huntr
added 2021/03/03 12:0 a.m.62 views

Command Injection in facebook/create-react-app

description react-dev-utils includes some utilities used by Create React App. The function getProcessForPort in react-dev-utils is vulnerable to command injection. PoC Create a .js file with the content below and run it, then the file pzhou@shu can be illegally created. var getProcessForPort =...

6.8CVSS1.1AI score0.03289EPSS
Exploits1
Huntr
Huntr
added 2021/02/23 12:0 a.m.18 views

Code Injection in sodadata/soda-sql

Description soda-sql Metric collection, data testing and monitoring for SQL accessible data, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install soda-sql Run exploit.py...

2.7AI score
Exploits0
Huntr
Huntr
added 2021/02/23 12:0 a.m.16 views

Code Injection in jeikeilim/kindle

Description Kindle is an easy model build package for PyTorch. Building a deep learning model became so simple that almost all model can be made by copy and paste from other existing model codes, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization atta...

2.2AI score
Exploits0References1
Huntr
Huntr
added 2021/02/22 12:0 a.m.18 views

Cross-site Scripting (XSS) - Generic in cmason3/jinjafx

:book: Description JinjaFx is a Templating Tool that uses Jinja2 as the templating engine. It is written in Python and is extremely lightweight and hopefully simple - it doesn't require any Python modules that aren't in the base install, with the exception of jinja2 for obvious reasons, this...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/02/22 12:0 a.m.9 views

Code Injection in vitessio/arewefastyet

:book: Description arewefastyet Nightly Benchmarks Project, this package is vulnerable for arbitaryCodeexecution https://github.com/cmason3/jinjafx :recycle: Steps To Reproduce-: 0 git clone http://github.com/vitessio/arewefastyet 1 run as in poc.png :telescope: POC 💥 Impact Arbitary code executi...

0.7AI score
Exploits0
Total number of security vulnerabilities4072