PT-2026-44148

Summary Pimcore's WebDAV asset endpoint exposes a MOVE operation through /asset/webdavpath without adding an authentication plugin in the WebDAV controller. The Tree::move implementation then performs asset mutation and deletion before checking a current Pimcore user or any asset permissions. An...

EUVD-2022-4965

Malicious code in bioql PyPI...

EUVD-2022-4994

Malicious code in bioql PyPI...

CVE-2023-43176

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...

CVE-2023-43176

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...

CVE-2023-43176

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...

Deserialization of untrusted data

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...

CVE-2023-43176

Afterlogic Aurora Files v9.7.3 contains a deserialization vulnerability that allows an attacker to execute arbitrary code by supplying a crafted .sabredav file. Affected component: Aurora Files (v9.7.3). Root cause: unsafe deserialization of crafted data leading to code execution. Impact: high ri...

Afterlogic Aurora Code Issue Vulnerability

Afterlogic Aurora is a set of U.S. Afterlogic Inc. using PHP language written in the enterprise mail server platform. The platform includes features such as e-mail, file storage and address book management. A code issue vulnerability exists in Afterlogic Aurora Files version v9.7.3, which stems...

CVE-2023-43176

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...

CVE-2023-43176

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file...

GHSA-QM4X-CH5W-GR62 XXE in SabreDAV

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...

XXE in SabreDAV

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...

GHSA-QG5V-JW6F-RPFJ SabreDAV Directory Traversal vulnerability

The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ backslash character...

SabreDAV Directory Traversal vulnerability

The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ backslash character...

Nextcloud: \OCA\DAV\CardDAV\ImageExportPlugin allows serving arbitrary data with user-defined or empty mimetype

The SabreDAV plugin \OCA\DAV\CardDAV\ImageExportPlugin is used for displaying pictures of a VCF. It registers on a GET request on a CardDAV element and acts when the query parameter photo is sent. The logic can be seen below: / Intercepts GET requests on addressbook urls ending with ?photo. @para...

Fedora 19 : owncloud-5.0.17-2.fc19 / php-sabredav-Sabre_CalDAV-1.7.9-1.fc19 / etc (2014-14066)

This update provides ownCloud 5.0.17, the latest release in the 5.x series, plus an extra security-related fix backported from the stable5 branch. It also provides SabreDAV 1.7.13. This is also a major upgrade from SabreDAV 1.6, and has API incompatibilities. ownCloud is the only Fedora 19 packag...

Fedora Update for php-sabredav-Sabre_HTTP FEDORA-2014-14066

Check the version of php-sabredav-SabreHTTP SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for php-sabredav-Sabre_CardDAV FEDORA-2014-14066

Check the version of php-sabredav-SabreCardDAV SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for php-sabredav-Sabre_DAVACL FEDORA-2014-14066

Check the version of php-sabredav-SabreDAVACL SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...