85 matches found
Exploit for External Control of File Name or Path in Microsoft
CVE-2025-33053 Proof Of Concept This repository provides scri...
CVE-2019-19033
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password...
CVE-2022-41905
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dirbrowser.enable = Fal...
CVE-2024-34891
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...
Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware
Cybersecurity companies are warning about an uptick in the abuse of Clouflare's TryCloudflare free service for malware delivery. The activity, documented by both eSentire and Proofpoint, entails the use of TryCloudflare to create a rate-limited tunnel that acts as a conduit to relay traffic from ...
Cross site scripting
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting XSS attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set dirbrowser.enable = Fal...
WsgiDAV 跨站脚本漏洞
WsgiDAV is a WSGI-based general-purpose extensible WebDAV server from Martin Wendt, a personal developer. A security vulnerability exists in WsgiDAV that stems from vulnerability to cross-site scripting XSS attacks...
CVE-2022-41905
WsgiDAV (WebDAV server) is affected by CVE-2022-41905 when directory browsing is enabled. The vulnerability enables Cross-Site Scripting (XSS) in scenarios where untrusted data is displayed in the directory browser UI. The issue has been patched; upgrading to WsgiDAV 4.1.0 is recommended. As a wo...
PT-2022-5244 · Microsoft · Windows Graphics +1
Name of the Vulnerable Software and Affected Versions: Windows Graphics Component affected versions not specified Description: The issue is related to an information disclosure vulnerability in the Windows Graphics component, which can allow an attacker to gain unauthorized access to protected...
CVE-2022-22685
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors...
CVE-2022-22685
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors...
Path traversal
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors...
CVE-2022-22685
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors...
CVE-2022-22685
Synology WebDAV Server (webapi component) is affected by a path traversal vulnerability prior to version 2.4.0-0062. An authenticated remote attacker could delete arbitrary files via unspecified vectors due to improper restriction of pathnames. The CVE entry (CVE-2022-22685) documents a high-seve...
Synology WebDAV Server 路径遍历漏洞
Synology WebDAV Server is an HTTP expansion service that allows users to edit and manage files stored on remote servers. A path traversal vulnerability exists in Synology WebDAV Server, which stems from an improper restriction of the pathname of a restricted directory by the webapi component, and...
PT-2022-15631 · Synology · Synology Webdav Server
Name of the Vulnerable Software and Affected Versions: Synology WebDAV Server versions prior to 2.4.0-0062 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the webapi component. This allows remo...
CVE-2022-22685
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors...
Jalios JCMS 10 Backdoor Account / Authentication Bypass Vulnerabilities
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account using any username and a specific password. Jalios JCMS 10 Backdoor Account / Authentication Bypass Vulnerabilities I. VULNERABILITY...
Jalios JCMS Authentication Bypass Vulnerability
Jalios JCMS is a suite of integrated enterprise information management solutions from Jalios, a French company. The product includes enterprise social networking, social learning, document management and content management systems. A security vulnerability exists in Jalios JCMS version 10. The...
CVE-2019-19033
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password...