Lucene search
K

4072 matches found

Huntr
Huntr
added 2023/08/11 6:44 p.m.27 views

Heap-based Buffer Overflow

Description heap-buffer-overflow p/bf/plugin.c:176 in decode Environment radare2 5.8.9 31000 @ linux-x86-64 commit: 95b648f0907e91e10d55fc48147a7dae99029c5b Build export CC=gcc CXX=g++ CFLAGS="-fsanitize=address -static-libasan" CXXFLAGS="-fsanitize=address -static-libasan"...

7.5CVSS6.9AI score0.00926EPSS
Exploits1References1
Huntr
Huntr
added 2023/08/11 2:1 p.m.11 views

privilege escalation bug to creation survey-group with others group as parent

BUG ======= privilege escalation bug to creation survey-group with others group as parent\ ACCOUNT ============= 1. user-A -- superadmin\ 2. user-B -- normal user\ user-B has only create permission in survey-group . does not have view permission in survey group\ as user-B does not have view...

7.7AI score
Exploits0
Huntr
Huntr
added 2023/08/10 6:38 p.m.41 views

SSRF Blind in the image upload module via url

Description Web application with the function of uploading images through a link provided by the user . This access error leads to RCE and scanning of intranet ports Proof of Concept Link video Poc https://drive.google.com/file/d/17fksa8odZAqCuqRQbOCutc9I7eoNun-/view?usp=sharing Steps 1 . Use a...

5.5CVSS6.9AI score0.00349EPSS
Exploits1
Huntr
Huntr
added 2023/08/10 6:11 p.m.25 views

Misconfiguration in message sending function

Description Web application misconfiguration in messaging function. This vulnerability results in a user's messages being automatically sent to all other users. This results in the user's information potentially being exposed Proof of Concept link video Poc...

3.3CVSS6.7AI score0.00739EPSS
Exploits1
Huntr
Huntr
added 2023/08/09 5:10 p.m.26 views

authorized Admin Account Takeover

Description The icms2 contains a flaw in its admin account management functionality, specifically in the process of changing and resetting passwords for administrators. Through careful analysis and testing, it was observed that an authenticated administrator has the capability to change the...

5.8CVSS6.9AI score0.00453EPSS
Exploits1
Huntr
Huntr
added 2023/08/09 7:38 a.m.12 views

Store XSS via Upload Photos in album

Description The application does not check the file upload and content file extension. This results in an attacker being able to upload a malicious file that leads to xss. Proof of Concept Video POC: https://drive.google.com/file/d/1QZSCvgrmdXaZb7xoD-eA0iLlL7vDPKYw/view?usp=sharing Payload...

4.9CVSS6.9AI score0.00438EPSS
Exploits1References1
Huntr
Huntr
added 2023/08/08 6:30 p.m.24 views

Store XSS in module name "admin/controllers/edit/comments/comments_list"

Description I noticed that you filtered the comment very carefully. But there are still some parts you missed Proof of Concept 1.Login with admin 2.go to "https://demo.instantcms.io/admin/controllers/edit/comments/commentslist" 3.Select 1 comment and insert payload 4.Click save , and store xss...

4.3CVSS6.8AI score0.00426EPSS
Exploits1
Huntr
Huntr
added 2023/08/08 10:47 a.m.9 views

Self XSS in "Content Types / Add Content Type"

Description Add payload to field System name: Proof of Concept https://drive.google.com/file/d/1xJ24a3HveP4dpKXF5zmtsNIa2-wweoA/view?usp=sharing...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2023/08/07 10:40 a.m.9 views

stored XSS Bypass in the TAGS Section and other places in the application

Hello, I was able to bypass the XSS Protection and get a stored XSS using the XSS Payload in the Video and Screenshots. Thank you for your time and effort. Best regards Ahmed Hassan...

6.2AI score
Exploits0References4
Huntr
Huntr
added 2023/08/05 10:31 p.m.16 views

CSRF Logout

Description Bad actor can send to victims link ie. obfuscated with payload /signout and when victims will use it - can change the state of user logged in/logged out. Proof of Concept Payload: https://eu.aptabase.com/api/auth/signout Repro steps: As logged in user https://eu.aptabase.com/ open new...

6.8AI score
Exploits0References2
Huntr
Huntr
added 2023/08/05 10:21 p.m.11 views

HTML Injection - real Aptabase emails

Description Due to lack of validation Name field during registration, bad actor can send emails with HTML injected code to the victims. Proof of Concept Payload example: Jameees Repro steps: Go to https://eu.aptabase.com/auth/register and for field 'Name' use payload with HTML. Open email from...

7AI score
Exploits0References2
Huntr
Huntr
added 2023/08/05 5:0 p.m.25 views

Cross-site Scripting (Stored XSS)

Description For any role that has permission to execute function assets, i can upload a html file and that leads to XSS. Proof of Concept 1. Link PoC: https://docs.google.com/document/d/1pZAi6PZiBmN3yNsBmY8Z9Qd3hv-8zPHUh69h-i1rvA/edit?usp=sharing 2. Link video PoC:...

4.9CVSS7.2AI score0.00408EPSS
Exploits1
Huntr
Huntr
added 2023/08/05 4:46 p.m.67 views

File Upload Bypass Leads to Remote Code Execution (RCE)

Description Vulnerable file upload functionality that users can upload files. Although almost all files with extensions like php, phtml, etc. have been prevented, an attacker can still upload phps files and remote code execute . Condition The Apache server which is hosting the web application nee...

6.5CVSS7.9AI score0.00787EPSS
Exploits1
Huntr
Huntr
added 2023/08/05 2:12 p.m.12 views

Multiple Stored XSS Found

Description Stored XSS Cross-Site Scripting is a type of web security vulnerability caused by improper input validation and inadequate data sanitization in a web application. It occurs when an attacker injects malicious scripts usually in the form of HTML or JavaScript into a website's database o...

4.9CVSS6.3AI score0.00407EPSS
Exploits0
Huntr
Huntr
added 2023/08/05 5:2 a.m.21 views

IDOR in Users Edit screen

Description By manipulating the User ID in the URL, users with low privilege can view the information of any users Proof of Concept Step 1: Login as user1 with author privilege, see that he can only access the edit screen of himself. Click on edit button. Step 2: See the userID in the URL, modify...

4CVSS6.8AI score0.00592EPSS
Exploits1
Huntr
Huntr
added 2023/08/05 4:49 a.m.11 views

Stored XSS in Page Title

Description At the latest version, the page title has been escaped and cannot trigger the XSS payload. However, by login to a user with other privileges, I see that It's still not escaped yet. Proof of Concept Step 1: Login as Admin, create a page in site1 with the title "test and see that the pa...

4.3CVSS6.3AI score0.00453EPSS
Exploits1
Huntr
Huntr
added 2023/08/04 10:42 a.m.22 views

Reflected XSS in URL path of '/admin/controllers/edit/activity/perms/'

Description /admin/controllers/edit/activity/perms/ takes input from the URL directly without sufficient sanitization leading to a Reflected XSS. A valid admin session is required, without it, the user will be brought to the login page instead of the affected page. Proof of Concept 1. Login as an...

4.3CVSS6.8AI score0.00409EPSS
Exploits1
Huntr
Huntr
added 2023/08/03 11:21 a.m.18 views

Stored HTML injection

Description Stored HTML Injection: A Hidden Web Threat. Learn how attackers exploit input fields to inject malicious code into web applications, jeopardizing user data and site integrity. Discover crucial prevention measures to safeguard against this insidious vulnerability. Step to reproduce 1...

4.9CVSS7AI score0.00381EPSS
Exploits1
Huntr
Huntr
added 2023/08/02 6:0 p.m.20 views

Unrestricted Upload File leads to Remote Code Execution

Description The upload file function is vulnerable that user can upload the file with other extensions .php, .phps, ... by using Magic Bytes technique. However, the .htaccess has almost prevented all the files with extensions such as php, phps, phtml, ... The attacker still can upload the hphp fi...

6.5CVSS7.4AI score0.00825EPSS
Exploits1
Huntr
Huntr
added 2023/08/02 5:8 p.m.18 views

Cross-site Scripting (Stored XSS)

Description For any role that has permission to execute function assets, i can add a new asset. Even though the site only allows uploading images and gifs, I can still upload an html file by modifying the magic number and that leads to XSS. Proof of Concept 1. Link PoC:...

4.9CVSS7.2AI score0.00402EPSS
Exploits1
Huntr
Huntr
added 2023/08/02 4:31 a.m.20 views

Unauthenticated Blind SQL Injection in '/tags/autocomplete'

Description The application was found to be vulnerable to an unauthenticated blind SQL injection in the /tags/autocomplete page. The GET parameter term does not sufficiently sanitize input. Proof of Concept 1. Make a GET request to...

6.4CVSS8.1AI score0.00777EPSS
Exploits1
Huntr
Huntr
added 2023/08/01 4:23 p.m.15 views

Blind SSRF When Uploading Presentation (mitigation bypass)

Description This is actually a bypass of CVE-2023-33176 when i able to perform SSRF to internal network. Proof of Concept As we already know, we can upload files via api /bigbluebutton/api/insertDocument using a remote url. PresentationUrlDownloadServicesavePresentation is the method to handle th...

7.2AI score0.00471EPSS
Exploits0References1
Huntr
Huntr
added 2023/08/01 5:2 a.m.11 views

Pre-Auth SQLi leading to RCE in Social Media Skeleton v1.0

Summary A SQL Injection vulnerability exists in Social Media Skeleton v1.0 via the username and password parameters in admin/login.php. Not to be confused with login.php, which properly escapes special characters. Issue Description SQL injection SQLi is a code injection technique used to attack...

8.2AI score
Exploits0References5
Huntr
Huntr
added 2023/07/30 8:35 p.m.26 views

HTML injection Leads to Open redirection

Description HTML Injection Leads to Open Redirection is a dangerous web security issue. Attackers inject malicious HTML code into vulnerable websites, allowing them to execute harmful scripts in users' browsers. This may lead to unauthorized actions on users' behalf and redirect them to malicious...

4.3CVSS7.1AI score0.00379EPSS
Exploits1
Huntr
Huntr
added 2023/07/27 7:57 p.m.57 views

HTML Injection Leads To Open Redirect

Description HTML injection is possible in the Installation title parameter, which leads to Open Redirect when clicked. Proof of Concept Open Redirect 1. Login as Admin 2. Navigate to settings 3. Edit the Installation title and set it to: Click Me 4. Save Changes 5. Click the Click Me text on the...

4.3CVSS7.3AI score0.00445EPSS
Exploits1
Huntr
Huntr
added 2023/07/27 1:14 p.m.20 views

Server Side Request Forgery (SSRF)

Description It is possible to access the local environment in the Webhook function. Therefore, Blind SSRF makes it possible to perform a port scan against the local environment. Proof of Concept After logging in, access the webhook setting page, specify the URL with the following pattern, and che...

2.8CVSS6.6AI score0.00533EPSS
Exploits1References2
Huntr
Huntr
added 2023/07/26 8:40 p.m.12 views

XSS in function navigateTo

Vunerability The check for external links checks if the protocol is script:, which is not a valid protocol and allows the user to provide a valid javascript payload using javascript: protocol. ts if isExternal && parseURLtoPath.protocol === 'script:' throw new Error'Cannot navigate to an URL with...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/07/26 4:3 p.m.22 views

Stored html injection on segment name

Description I have found an HTML Injection vulnerability on your web application. HTML injection is a type of injection vulnerability that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. Note : I am recreating the report a...

4.9CVSS7.8AI score0.00538EPSS
Exploits1References1
Huntr
Huntr
added 2023/07/24 7:36 p.m.12 views

stored XSS Bypass in the FAQ Fields

Hello, I was able to detect an XSS Payload to bypass the XSS Protections in the FAQ Fields and get a stored XSS which can be used to start further attacks. Thank you for your time and effort...

6.2AI score
Exploits0References5
Huntr
Huntr
added 2023/07/24 2:53 p.m.17 views

Stored XSS in Preview title

Description There is accumulated XSS in the preview title of the page. Proof of Concept Step 1. Log in to the administrator screen and create a new page. Step 2. Insert "Browse preview" from "Add new block" and specify Payload in "Preview title". Step 3. When you access the preview screen in the...

4.3CVSS5.9AI score0.00401EPSS
Exploits1References1
Huntr
Huntr
added 2023/07/24 1:37 p.m.4 views

Stored XSS at Guest Lobby

Description Guest Lobby is vulnerable to XSS when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML Proof of Concept 1.Start a new web conference and change Guest policy to "Ask Moderator" role moderator 2.Attacker edit "Message to the...

6.6AI score
Exploits0
Huntr
Huntr
added 2023/07/23 3:7 p.m.17 views

CWE-521: Weak Password Requirements

Description Users at this moment can set really weak password like 123. Proof of Concept Go to register page and set really weak password like 123, see allowed - registered in. For example, go to https://sandbox.openedx.org/register?next=/dashboard , type '1' see info 'This password is too short...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2023/07/22 5:24 a.m.29 views

Stored XSS in title

Description There is Stored XSS in the item title of the menu on the administrator screen. Proof of Concept Step 1. Log in to the admin screen and select Add New Item in Menu. Step 2. Specify the following Payload for the item title and save it. Step 3. Once saved, any script can be executed on t...

4.3CVSS6.2AI score0.00409EPSS
Exploits1References1
Huntr
Huntr
added 2023/07/21 3:37 a.m.15 views

Insufficient Session Expiration because of lacking of cache check

Description The web application's session management system suffers from an "Insufficient Session Expiration" vulnerability due to the lack of proper cache check. This vulnerability allows a user's session to remain valid even after the user has logged out, potentially granting unauthorized acces...

6.4CVSS6.7AI score0.00507EPSS
Exploits1
Huntr
Huntr
added 2023/07/18 2:27 a.m.15 views

Vim's embedded terminal allows injection via DECRQSS response

Description DECRQSS is a terminal response that replies with certain information about the terminal. Various terminals have bugs where a piece of data from the request i.e. data that the terminal receives is echoed back in the reply. In some cases this is enough to make it so if untrusted data...

7.1AI score
Exploits0References2
Huntr
Huntr
added 2023/07/17 9:18 p.m.50 views

XSS with CSP bypass leads to diagrams backdoor

🔒️ Requirements The user must go on a link and remove a square. In the following section, I'll give PoCs only for chromium based browsers 📝 Description 📦 Load plugins by default Thanks to the ?p= parameter, it is possible to enforce the user to load built-in plugins without warning for a specific...

5.8CVSS6.2AI score0.00346EPSS
Exploits0
Huntr
Huntr
added 2023/07/17 1:50 a.m.12 views

Reflected XSS at upload file

Description 1/ Access to the demo website and login at this case I used user admin 2/ At function upload photo to an album, try upload a file with the name is payload XSS. 3/ The payload will be triggered at error content. Proof of Concept Video PoC:...

7AI score
Exploits0
Huntr
Huntr
added 2023/07/16 1:53 a.m.18 views

Server Side Request Forgery (SSRF)

Description There is Blind SSRF on the vocabulary screen in the administrator screen. Proof of Concept Step 1. Log in to the administrator screen and access "Import new vocabulary" from the "vocabulary" page. Step 2. Specify the following Payload in the "Vocabulary URL" field and check that the...

3.3CVSS6.3AI score0.00563EPSS
Exploits1References2
Huntr
Huntr
added 2023/07/16 12:31 a.m.26 views

Stored XSS via SVG Upload

Description By uploading an SVG file containing JavaScript code in the file upload function on the administrator screen, it is possible to execute any script on the browser of the accessing user. Proof of Concept Log in to the administrator screen, access the Assets page, and upload the SVG file...

4.3CVSS7AI score0.00401EPSS
Exploits1References1
Huntr
Huntr
added 2023/07/15 8:36 p.m.9 views

Potential XSS injection in stuff and say attributes

Description The stuff and say attributes are not sanitized before being used in innerHTML. Because of this, they could be used to inject arbitrary JS in the page. Proof of Concept html obfumatic XSS "Fallback text...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/07/14 12:40 p.m.23 views

SQL injection in Data Objects function

Description Log in as an admin, go to Data Objects function, and perform a sort action. Observer the request on Burpsuite and injection point is the 'sort' parameter Proof of Concept POC request that makes the application sleep for 5 seconds Data Objects function payload:...

5.8CVSS7.2AI score0.00957EPSS
Exploits1
Huntr
Huntr
added 2023/07/13 8:47 p.m.17 views

Business Logic Error - letting the Name Field blank

Hello, I was able to bypass the restriction for setting an admin username and letting the username via spaces blank. Let's have a look. As you can see the name is with a red star and therefore required to be filled. Now we will add2 spaces and let the username blank and save. As you can see all t...

3.3CVSS7AI score0.00477EPSS
Exploits1References1
Huntr
Huntr
added 2023/07/11 12:41 p.m.13 views

XSS in webmention.js

Description webmention.js has a XSS vulnerability here. Comment name has not escaped. https://github.com/PlaidWeb/webmention.js/blob/9457e71433c0d2430bbe767ecc5b5837140d0ee4/static/webmention.jsL330 Proof of Concept 1. 1 Put a webmention.js on your site 2. 2 Send a webmention that includes XSS...

5.8CVSS6.4AI score0.00428EPSS
Exploits1
Huntr
Huntr
added 2023/07/11 8:38 a.m.25 views

Session is still valid after changing password

Description The application does not delete the old login session on the server side after changing the password. This poses a risk when a user uses a public computer and an attacker captures the login session. Even if the user has changed the password, the login session is still taken over by th...

7.5CVSS6.5AI score0.00409EPSS
Exploits0
Huntr
Huntr
added 2023/07/10 12:42 a.m.31 views

Arbitrary command execution on Windows

Description Opening files from an untrusted directory can lead to execution of arbitrary commands on Windows systems, this is possible by having a malicious file with the same name as a trusted executable, Windows gives priority to the current directory when searching for executables. Several...

4.4CVSS7.5AI score0.06796EPSS
Exploits1
Huntr
Huntr
added 2023/07/08 10:27 a.m.12 views

SQL Injection

Description GLPI 10.0.8 and are affected by an SQL injection on the page ajax/dashboard.php Proof of Concept I can provide you the POC written in python3.5 or higher. Just provide me a way to send it to you. Tested under the following environment: - Ubuntu 20.04 - GLPI 10.0.8 and 10.0.7 - Mysql...

8.1AI score
Exploits0
Huntr
Huntr
added 2023/07/07 8:30 a.m.18 views

Stored Xss in Question field due to lack of sanitization in Link.php

Description Stored XSS Cross-Site Scripting is a type of web application vulnerability that allows an attacker to inject malicious scripts into a website or web application. Unlike reflected XSS, where the malicious script is embedded in a URL and executed immediately, stored XSS involves the...

4.9CVSS5.6AI score0.00426EPSS
Exploits0References1
Huntr
Huntr
added 2023/07/07 3:4 a.m.6 views

Stored XSS in description of theme

Description The attacker can execute JavaScript code through the theme's description. Proof of Concept Step 1 : - Choose any theme to upload i used a copy of vanila theme - Open theme folder and change description tag of config.xml file vanilla Bootstrap Vanilla theme 16/10/2017 LimeSurvey GmbH...

7.2AI score
Exploits0
Huntr
Huntr
added 2023/07/07 12:59 a.m.91 views

Mongoose Prototype Pollution Vulnerability

If an attacker has some way to control an object on the Mongo server through one way or another, it is possible to cause prototype pollution on any Mongoose client. Notably, if a poorly implemented service allows a user to control the object in findByIdAndUpdate and similar functions, this bug...

7.5CVSS6.7AI score0.0101EPSS
Exploits1
Huntr
Huntr
added 2023/07/05 12:33 p.m.27 views

XSS vulnerabilities via various embeds

Description JSFiddle, Gliffy, Otter and Tldraw embeds lack sufficient input validation. Every one of them can be abused to achieve a stored XSS on a main application domain. This XSS triggers for everyone viewing the document. Proof of Concept PoC file is different for each vulnerable embed. See...

4.9CVSS6.3AI score0.00429EPSS
Exploits1
Total number of security vulnerabilities4072