CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

OSV•added 2026/04/10 7:50 p.m.•0 views

GHSA-VJ8V-P5VW-M6V5 xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern

Summary A path traversal vulnerability in XRootD allows users to escape the exported directory scope and enumerate the contents of the parent directory by appending /.. specifically without trailing slash to an exported path in xrdfs ls or HTTP PROPFIND requests. This bypass ignores the all.expor...

5.3CVSS5.9AI score

Exploits0References4

SUSE CVE•added 2023/02/15 6:3 a.m.•3 views

SUSE CVE-2009-1955

The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...

7.5CVSS8.7AI score0.02329EPSS

Exploits2References8

CISA KEV Catalog•added 2021/11/03 12:0 a.m.•38 views

Microsoft Windows Server Buffer Overflow Vulnerability

Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services IIS 6.0 which allows remote attackers to execute code via a long header beginning with "If: http://" in a PROPFIND request...

10CVSS9.3AI score0.94411EPSS

In wildExploits39

NVD•added 2018/01/29 4:29 p.m.•7 views

CVE-2017-14699

Multiple XML external entity XXE vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated...

6.5CVSS6.3AI score0.00315EPSS

Exploits0References2

Prion•added 2017/03/27 2:59 a.m.•29 views

Buffer overflow

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: http://" in a PROPFIND request, as exploited in the wild ...

10CVSS9.6AI score0.94411EPSS

Exploits39References10Affected Software1

NVD•added 2017/03/27 2:59 a.m.•27 views

CVE-2017-7269

10CVSS9.7AI score0.94411EPSS

Exploits39References11

VulnCheck KEV•added 2017/03/27 12:0 a.m.•0 views

VulnCheck KEV: CVE-2017-7269

10CVSS7.9AI score0.94411EPSS

Exploits39References1

exploitpack•added 2017/03/27 12:0 a.m.•38 views

Microsoft IIS 6.0 - WebDAV ScStoragePathFromUrl Remote Buffer Overflow

Microsoft IIS 6.0 - WebDAV ScStoragePathFromUrl Remote Buffer Overflow ''' Description:Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a lo...

Exploits0

Exploit DB•added 2017/03/27 12:0 a.m.•303 views

Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow

''' Description:Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: http://" in a PROPFIND request, as...

7.4AI score

Exploits0

0day.today•added 2015/05/27 12:0 a.m.•126 views

Apache Jackrabbit WebDAV XXE Exploit

Exploit for java platform in category web applications !/usr/bin/env python """ Exploit Title: Jackrabbit WebDAV XXE Date: 25-05-2015 Software Link: http://jackrabbit.apache.org/jcr/ Exploit Author: Mikhail Egorov Contact: 0ang3el gmail com Website: http://0ang3el.blogspot.com CVE: CVE-2015-1833...

6.4CVSS0.1AI score0.31034EPSS

Exploits6

OSV•added 2013/05/02 2:55 p.m.•1 views

DEBIAN-CVE-2013-1849

The moddavsvn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a PROPFIND request for an activity URL...

4.3CVSS6.8AI score0.08746EPSS

Exploits0References1

Prion•added 2013/05/02 2:55 p.m.•23 views

Null pointer dereference

4.3CVSS6.9AI score0.08746EPSS

Exploits0References11Affected Software1

Debian CVE•added 2013/05/02 2:0 p.m.•20 views

CVE-2013-1849

4.3CVSS5AI score0.08746EPSS

Exploits0

Cvelist•added 2013/05/02 2:0 p.m.•21 views

CVE-2013-1849

6.2AI score0.08746EPSS

Exploits0References11

UbuntuCve•added 2013/05/02 12:0 a.m.•19 views

CVE-2013-1849

4.3CVSS7.2AI score0.08746EPSS

Exploits0References4

RedHat Linux•added 2013/04/11 5:46 p.m.•1 views

(mod_dav_svn): DoS (crash) via PROPFIND request made against activity URLs

4.3CVSS5.9AI score0.08746EPSS

Exploits0References4

FreeBSD•added 2013/04/05 12:0 a.m.•28 views

Subversion -- multiple vulnerabilities

Subversion team reports: Subversion's moddavsvn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. Subversion's moddavsvn Apache HTTPD server module will crash when a LOCK request is made against activity URLs...

5CVSS6.4AI score0.31605EPSS

Exploits0

RedHat Linux•added 2010/08/04 9:30 p.m.•4 views

apr-util billion laughs attack

9.3CVSS7AI score0.02329EPSS

Exploits2References4

NVD•added 2010/01/25 7:30 p.m.•14 views

CVE-2010-0388

Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service daemon crash and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaratio...

7.5CVSS7.1AI score0.01951EPSS

Exploits1References3

Prion•added 2010/01/25 7:30 p.m.•16 views

Format string

7.5CVSS7.6AI score0.01951EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by