Lucene search
K

1609 matches found

Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.5 views

WebDAV Advanced Penetration Testing Script

This Python-based WebDAV penetration testing script tests methods available, attempts directory listing with PROPFIND, file upload with PUT, and more...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/06 1:12 p.m.9 views

Malicious code in python-requirements (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 40fa77c47c3649fce85f601f8aa10bf13674e5db4a2d35f125cb48b77d65f99d The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/03/06 1:12 p.m.18 views

MAL-2026-1264 Malicious code in python-requirements (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 40fa77c47c3649fce85f601f8aa10bf13674e5db4a2d35f125cb48b77d65f99d The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/06 1:2 p.m.10 views

Malicious code in python-module-installer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61bfa181c5afb9e33e0d529138c813fc05d8130062182d9d1a5cb4ef9c8da0ea The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

5.8AI score
Exploits0References5
Fedora
Fedora
added 2026/03/02 12:57 a.m.7 views

[SECURITY] Fedora 42 Update: nextcloud-32.0.6-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

8.2CVSS6.1AI score0.02591EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/02/11 2:55 p.m.173 views

Exploit for CVE-2026-20841

CVE-2026-20841 PoC PoC of the "Windows Notepad RCE" vulnerabi...

8.8CVSS6.2AI score0.1165EPSS
Exploits9
RedhatCVE
RedhatCVE
added 2026/02/10 7:23 p.m.7 views

CVE-2026-25231

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or...

7.5CVSS5.5AI score0.00373EPSS
Exploits1References1
NVD
NVD
added 2026/02/09 8:15 p.m.16 views

CVE-2026-25230

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is...

5.4CVSS0.00203EPSS
Exploits1References4
NVD
NVD
added 2026/02/09 8:15 p.m.9 views

CVE-2026-25231

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or...

7.5CVSS0.00373EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/09 6:34 p.m.3 views

CVE-2026-25231 FileRise affected by an Unauthenticated File Read Due to Insufficient Access Control

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or...

7.5CVSS5.5AI score0.00373EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/09 6:34 p.m.4 views

CVE-2026-25231

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or...

7.5CVSS5.5AI score0.00373EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/09 6:32 p.m.6 views

CVE-2026-25230 FileRise affected by HTML Injection using color property in file tags

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is...

4.6CVSS5.7AI score0.00203EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/09 6:32 p.m.3 views

CVE-2026-25230

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is...

4.6CVSS5.6AI score0.00203EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.11 views

PT-2026-7133

FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is...

4.6CVSS5.6AI score0.00203EPSS
Exploits1References5
Snyk
Snyk
added 2026/02/04 6:41 p.m.5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the DefaultConfig function, which sets TlsInsecureSkipVerify to true, disabling TLS certificate verification for all outgoing storage driver communications. An attacker can intercept and manipulate...

9.3CVSS5.4AI score0.00234EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/04 6:41 p.m.5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the DefaultConfig function, which sets TlsInsecureSkipVerify to true, disabling TLS certificate verification for all outgoing storage driver communications. An attacker can intercept and manipulate...

9.3CVSS5.4AI score0.00234EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:47 p.m.8 views

CVE-2005-1274

Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter...

10CVSS8.4AI score0.04195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:47 a.m.10 views

CVE-2010-0361

Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to cause a denial of service daemon crash and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request...

10CVSS7.8AI score0.80521EPSS
Exploits20References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.5 views

CVE-2022-35202

A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain non-default scenarios, to gain access to the private keys used for signing SAML Authn requests. The underlying issue is a Java keystore that may become accessible and downloadable via WebDAV. This keystor...

5.1CVSS7.2AI score0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.14 views

CVE-2019-20498

cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect SEC-534...

9.8CVSS7.3AI score0.01597EPSS
Exploits0References1
Rows per page
Query Builder