The vulnerability of the application interface for WebDAV web applications used for syncing data with ownCloud allows a perpetrator to bypass authentication procedures and gain access to read, modify, or delete data.

The vulnerability of the WebDAV application interface for data synchronization with ownCloud is related to initialization errors caused by the lack of configuration of signature keys for pre-signed URL addresses. Exploiting this vulnerability allows an attacker to bypass authentication procedures...

GHSA-9284-J4C9-779Q Improper Input Validation in Apache Jackrabbit

XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...

TLR-2005KSH Arbitrary File Upload

Exploit Title: TLR-2005KSH - Arbitrary File Upload Date: 2022-05-11 Shodan Dork: title:"Login to TLR-2021" Exploit Author: Ahmed Alroky Author Company : Aiactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-45428...

UiPath Assistant安全漏洞

UiPath Assistant is a specialized tool from UiPath designed to make interacting with bots from the desktop easy and fun.A security vulnerability exists in UiPath Assistant 21.4.4, which stems from a lack of effective trust management mechanisms in networked systems or products. An attacker could...

Intland Software codeBeamer ALM 跨站脚本漏洞

Intland Software codeBeamer ALM is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. A security vulnerability exists in Intland that can be exploit...

cPanel WebDAV Authentication Bypass Vulnerability

cPanel is a set of Web-based host control management system of the U.S. cPanel. A WebDAV authentication bypass vulnerability exists in cPanel versions prior to 82.0.18. The vulnerability stems from incorrect connection sharing logic. An attacker can exploit this vulnerability to achieve WebDAV...

CVE-2020-5318

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are...

Microsoft Windows WebDAV Denial of Service Vulnerability

Microsoft Windows 10 is a series of operating systems released by Microsoft Corporation.Microsoft Windows 10 is a set of operating systems for personal computers.Windows Server Version 1709 and Windows Server Version 1803 are server operating systems. Windows Server Version 1709 and Windows Serve...

OwnCloud WebDAV 'COPY' Security Bypass Vulnerability

OwnCloud is a free and open source personal cloud storage solution from German company OwnCloud. The solution offers file management, music storage, calendars and more. A security bypass vulnerability exists in OwnCloud WebDAV 'COPY', which allows attackers to bypass security restrictions and...

Microsoft Windows WebDav Mini-Redirector Heap Buffer Overflow (MS08-007) - Ver2 (CVE-2008-0080)

Web Distributed Authoring and Versioning WebDAV is a set of extensions for HTTP that allows allow clients to publish, lock, and manage resources on the Web. . The vulnerability is due to an error in the Microsoft Windows WebDAV Mini-Redirector that fails to properly handle malformed WebDAV...

UBUNTU-CVE-2013-1832

repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance...

Oracle Database Multiple Vulnerabilities (July 2006 CPU)

The remote Oracle database server is missing the July 2006 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Change Data Capture CDC - Core RDBMS - Data Pump Metadata API - Dictionary - Export - InterMedia - OCI - Oracle ODBC Driver...

DEBIAN-CVE-2011-1752

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a request for a baselined WebDAV resource, as exploited in the wild in May 2011...

Absolute path traversal Apache Tomcat WEBDAV

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag...

Absolute path traversal Apache Tomcat WEBDAV

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag...

Microsoft Windows WebDav Mini-Redirector Heap Buffer Overflow (MS08-007; CVE-2008-0080)

Web Distributed Authoring and Versioning WebDAV is a set of extensions for HTTP that allows allow clients to publish, lock, and manage resources on the Web. The vulnerability is due to an error in the Microsoft Windows WebDAV Mini-Redirector that fails to properly handle malformed WebDAV response...

security flaw

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...

CVE-2006-3700

Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln 1 DB04 for Web Distributed Authoring and Versioning DAV and 2 DB23 for XMLDB...

CVE-2006-3700

Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln 1 DB04 for Web Distributed Authoring and Versioning DAV and 2 DB23 for XMLDB...

DEBIAN-CVE-2004-0398

Heap-based buffer overflow in the nerfc1036parse date parsing function for the neon library libneon 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client...