CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

Snyk•added 2026/04/25 11:34 p.m.•1 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the WebDAV backend process. An attacker can access and modify files outside the intended directory by exploiting symbolic links that point outside the designated root. This is only exploitable if...

9.1CVSS5.8AI score0.00054EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 9:36 a.m.•8 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

6.8CVSS7AI score0.00056EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:35 a.m.•5 views

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...

6.8CVSS7AI score0.0014EPSS

Exploits0References1

NVD•added 2024/11/04 7:15 p.m.•30 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

6.8CVSS0.00056EPSS

Exploits1References2

NVD•added 2024/11/04 6:15 p.m.•17 views

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...

6.8CVSS0.0014EPSS

Exploits0References2

Cvelist•added 2024/11/04 12:0 a.m.•14 views

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...

0.0014EPSS

Exploits0References2

Cvelist•added 2024/11/04 12:0 a.m.•11 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

0.00056EPSS

Exploits1References2

Vulnrichment•added 2024/11/04 12:0 a.m.•9 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

6.9AI score0.00056EPSS

Exploits1References2

CVE•added 2024/11/04 12:0 a.m.•57 views

CVE-2024-34891

CVE-2024-34891 affects 1C-Bitrix Bitrix24 23.300.100. The Red Hat, NVD, CNNVD and CVE lists confirm a vulnerability from insufficiently protected credentials in the DAV server settings, enabling remote administrators to read Exchange account passwords via HTTP GET. The PT-2024-7262 report restate...

6.8CVSS6.6AI score0.00056EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2024/11/04 12:0 a.m.•11 views

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...

6.9AI score0.0014EPSS

Exploits0References2

CVE•added 2024/11/04 12:0 a.m.•51 views

CVE-2024-34883

CVE-2024-34883 affects 1C-Bitrix Bitrix24 v23.300.100. The vulnerability arises from insufficient protection of credentials in the DAV server settings, enabling remote administrators to read proxy-server account passwords via an HTTP GET request. Impact is confidentiality: high. Exploitation deta...

6.8CVSS6.6AI score0.0014EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2024/04/23 12:0 a.m.•5 views

PT-2024-7264 · 1с · Bitrix24 +1

Name of the Vulnerable Software and Affected Versions: 1C-Bitrix Bitrix24 version 23.300.100 Description: The issue is related to insufficiently protected credentials in the DAV server settings, allowing remote administrators to read proxy-server accounts passwords via an HTTP GET request. This...

6.8CVSS7.2AI score0.0014EPSS

Exploits0References8

vulnersOsv•added 2022/05/13 1:14 a.m.•0 views

net.stickycode.deploy:sticky-deployer-tomcat8 (=2.1), org.sakaiproject:sakai-dav-server (>=11.0 <=11.3) potentially affected by CVE-2016-8735 via org.apache.tomcat:tomcat-catalina-jmx-remote (>=8.0.20 <=8.0.32)

org.apache.tomcat:tomcat-catalina-jmx-remote MAVEN version =8.0.20, =11.0, =11.3 Source cves: CVE-2016-8735 Source advisory: OSV:GHSA-CW54-59PW-4G8C...

9.8CVSS7AI score0.93809EPSS

Exploits1

vulnersOsv•added 2022/05/13 1:14 a.m.•1 views

org.sakaiproject:sakai-dav-server (>=10.3 <=10.7), org.testatoo.container:testatoo-container-tomcat (>=1.0-rc1 <=1.0-rc2) potentially affected by CVE-2016-8735 via org.apache.tomcat:tomcat-catalina-jmx-remote (>=7.0.5 <=7.0.65)

org.apache.tomcat:tomcat-catalina-jmx-remote MAVEN version =7.0.5, =10.3, =1.0-rc1, =1.0-rc2 Source cves: CVE-2016-8735 Source advisory: OSV:GHSA-CW54-59PW-4G8C...

9.8CVSS7AI score0.93809EPSS

Exploits1

OSV•added 2021/03/07 4:15 a.m.•2 views

CVE-2021-26294

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files such as a data/settings/settings.xml file containing admin panel credentials, as demonstrated by dav/server.php/files/personal/%2e%2e when using the...

7.5CVSS7.1AI score0.92486EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by