27 matches found
Exploit for Improper Input Validation in Microsoft
A Simple PoC in PowerShell for CVE-2023-23397 CVE-2023-23397...
Improper Input Validation in Apache Jackrabbit
XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...
Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2 Multiple Vulnerabilities
Binary data 700661.prm...
Debian Security Advisory DSA 3298-1 (jackrabbit - security update)
It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as https or file. Dependi...
MGASA-2015-0242 Updated jackrabbit packages fix CVE-2015-1833
Updated jackrabbit packages fix security vulnerability: In Apache Jackrabbit before 2.4.6, When processing a WebDAV request body containing XML, the XML parser can be instructed to read content from network resources accessible to the host, identified by URI schemes such as "https" or "file"...
CVE-2015-1833
XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...
CVE-2015-1833
XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...
Xxe
XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...
CVE-2015-1833
XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...
CVE-2015-1833
XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...
CVE-2015-1833
The CVE-2015-1833 issue is an XXE vulnerability in Apache Jackrabbit’s WebDAV handling where the XML parser can be coerced to read local/network resources. Affected versions include Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10....
Liferay Portal 6.0.5 / 6.0.6 Arbitrary File Download
According to its self-reported version number, the installation of Liferay Portal hosted on the remote web server is affected by an arbitrary file download vulnerability. A remote, authenticated attacker may be able to download arbitrary files using a specially crafted WebDAV request. Note that...
Specially crafted webdav request allows reading of local files on liferay 6.0.x
Specially crafted webdav request allows reading of local files on liferay 6.0.x Description: Liferay Portal is an enterprise portal written in Java By creating a specially crafted webdav request that contains an external entity it is possible to read files from a liferay server. and echo these ba...
CVE-2008-4259
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory...
Memory corruption
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory...
Microsoft Windows Web Client缓冲区溢出漏洞(MS06-008)
Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows的Web Client服务中存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在主机上执行任意指令。 远程攻击者可以通过向有漏洞系统发送特制的WebDAV请求导致执行任意指令。但是,攻击者必须拥有有效的登录凭据才可以利用这个漏洞。 Microsoft Windows XP SP2 Microsoft Windows XP SP1 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003...
CVE-2005-1207
Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters...
CVE-2003-0226
Microsoft Internet Information Services IIS 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a 1 PROPFIND or 2 SEARCH method, which generates an error condition that is not properly handled...
Internet Information Services 5.0 Denial of service
Internet Information Services 5.0 Denial of service Release Date May 29th, 2003 Severity: High Systems Affected Microsoft Information Server 5.0 Microsoft Information Server 5.1 Description If an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' reques...
iisDoS.txt
Internet Information Services 5.0 Denial of service Release Date May 29th, 2003 Severity: High Systems Affected Microsoft Information Server 5.0 Microsoft Information Server 5.1 Description If an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' reques...