Lucene search
K

4 matches found

OSV
OSV
added 2026/06/11 8:28 p.m.6 views

GHSA-WXQ4-CC2Q-338Q WsgiDAV encoded dot segments can escape filesystem share roots

Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. Patches The issue is fixed with version 4.3.4. Preconditions The practical impact depends on the deployment. The deployment...

7.1CVSS5.5AI score0.00072EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/19 3:38 p.m.13 views

zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

5.8AI score0.00061EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.10 views

CVE-2025-12003

A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information...

8.2CVSS0.00627EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.4 views

PT-2023-29651 · South River Technologies · Titan Mft +1

Name of the Vulnerable Software and Affected Versions: South River Technologies' Titan MFT and Titan SFTP servers affected versions not specified Description: The issue is related to insufficient path validation when writing a file via WebDAV, allowing an authenticated attacker to write a file to...

9.1CVSS5.7AI score0.01481EPSS
Exploits3References6
Rows per page
Query Builder