Lucene search
K

85 matches found

GithubExploit
GithubExploit
added 2025/06/12 6:48 a.m.360 views

Exploit for External Control of File Name or Path in Microsoft

CVE-2025-33053 Proof Of Concept This repository provides scri...

8.8CVSS9.7AI score0.81558EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.6 views

CVE-2019-19033

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password...

9.8CVSS6.9AI score0.03347EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:42 p.m.8 views

CVE-2022-41905

WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dirbrowser.enable = Fal...

8.2CVSS5.8AI score0.00339EPSS
Exploits0References1
OSV
OSV
added 2024/11/04 7:15 p.m.3 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

6.8CVSS5.8AI score0.0029EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2024/08/02 7:2 a.m.30 views

Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware

Cybersecurity companies are warning about an uptick in the abuse of Clouflare's TryCloudflare free service for malware delivery. The activity, documented by both eSentire and Proofpoint, entails the use of TryCloudflare to create a rate-limited tunnel that acts as a conduit to relay traffic from ...

7.5AI score
Exploits0
Prion
Prion
added 2022/11/11 9:15 p.m.9 views

Cross site scripting

WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dirbrowser.enable = Fal...

5.8CVSS5.9AI score0.00339EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/11/11 12:0 a.m.2 views

WsgiDAV 跨站脚本漏洞

WsgiDAV is a WSGI-based general-purpose extensible WebDAV server from Martin Wendt, a personal developer. A security vulnerability exists in WsgiDAV that stems from vulnerability to cross-site scripting XSS attacks...

8.2CVSS6.6AI score0.00339EPSS
Exploits0References3
CVE
CVE
added 2022/11/11 12:0 a.m.77 views

CVE-2022-41905

WsgiDAV (WebDAV server) is affected by CVE-2022-41905 when directory browsing is enabled. The vulnerability enables Cross-Site Scripting (XSS) in scenarios where untrusted data is displayed in the directory browser UI. The issue has been patched; upgrading to WsgiDAV 4.1.0 is recommended. As a wo...

8.2CVSS6.6AI score0.00339EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.5 views

PT-2022-5244 · Microsoft · Windows Graphics +1

Name of the Vulnerable Software and Affected Versions: Windows Graphics Component affected versions not specified Description: The issue is related to an information disclosure vulnerability in the Windows Graphics component, which can allow an attacker to gain unauthorized access to protected...

5.5CVSS5.6AI score0.38347EPSS
Exploits0References8
NVD
NVD
added 2022/07/28 7:15 a.m.17 views

CVE-2022-22685

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors...

8.7CVSS0.01097EPSS
Exploits0References1
OSV
OSV
added 2022/07/28 7:15 a.m.6 views

CVE-2022-22685

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors...

8.1CVSS5.9AI score0.01097EPSS
Exploits0References1
Prion
Prion
added 2022/07/28 7:15 a.m.21 views

Path traversal

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors...

5.5CVSS7.5AI score0.01097EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/07/28 6:45 a.m.22 views

CVE-2022-22685

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors...

8.7CVSS8.3AI score0.01097EPSS
Exploits0References1
CVE
CVE
added 2022/07/28 6:45 a.m.73 views

CVE-2022-22685

Synology WebDAV Server (webapi component) is affected by a path traversal vulnerability prior to version 2.4.0-0062. An authenticated remote attacker could delete arbitrary files via unspecified vectors due to improper restriction of pathnames. The CVE entry (CVE-2022-22685) documents a high-seve...

8.7CVSS7.5AI score0.01097EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/07/28 12:0 a.m.4 views

Synology WebDAV Server 路径遍历漏洞

Synology WebDAV Server is an HTTP expansion service that allows users to edit and manage files stored on remote servers. A path traversal vulnerability exists in Synology WebDAV Server, which stems from an improper restriction of the pathname of a restricted directory by the webapi component, and...

8.7CVSS5.9AI score0.01097EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/28 12:0 a.m.6 views

PT-2022-15631 · Synology · Synology Webdav Server

Name of the Vulnerable Software and Affected Versions: Synology WebDAV Server versions prior to 2.4.0-0062 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the webapi component. This allows remo...

8.7CVSS7.7AI score0.01097EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/07/25 2:34 p.m.9 views

CVE-2022-22685

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors...

8.7CVSS7.4AI score0.01097EPSS
Exploits0References2
0day.today
0day.today
added 2019/11/25 12:0 a.m.183 views

Jalios JCMS 10 Backdoor Account / Authentication Bypass Vulnerabilities

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account using any username and a specific password. Jalios JCMS 10 Backdoor Account / Authentication Bypass Vulnerabilities I. VULNERABILITY...

1.5AI score0.03347EPSS
Exploits3
CNVD
CNVD
added 2019/11/25 12:0 a.m.3 views

Jalios JCMS Authentication Bypass Vulnerability

Jalios JCMS is a suite of integrated enterprise information management solutions from Jalios, a French company. The product includes enterprise social networking, social learning, document management and content management systems. A security vulnerability exists in Jalios JCMS version 10. The...

9.8CVSS6.7AI score0.03347EPSS
Exploits3References1
OSV
OSV
added 2019/11/21 6:15 p.m.3 views

CVE-2019-19033

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password...

9.8CVSS7.3AI score0.03347EPSS
Exploits3References3
Rows per page
Query Builder