what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 96 of 96 RSS Feed


Milton Webdav XXE Injection
Posted Nov 2, 2015
Authored by Mikhail Egorov

Milton Webdav version suffers from an XXE injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-7326
SHA-256 | 46b29fcbd281a787022982aa5892c003ff7312833ef3f70e1d8febb584ffcc1a

Related Files

Posted Sep 7, 2005
Site ingehenriksen.blogspot.com

IIS 5.1 allows for the remote viewing of source code on FAT/FAT32 volumes using WebDAV.

tags | advisory, remote
SHA-256 | 71528d3970bd932550ccf507c4fd3dfa9cae1251b3b375b64db24ec3aabd1137
iDEFENSE Security Advisory 2005-04-26.1
Posted Jun 16, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 04.25.06-1 - Remote exploitation of a stack-based buffer overflow vulnerability in MySQL MaxDB could allow attackers to execute arbitrary code. The vulnerabiltiy specifically exists because of a lack of bounds checking in the WebDAV functionality of the web tool. When an attacker issues an HTTP request with the unlock method, along with a long 'If' parameter string, a stack-based overflow occurs.

tags | advisory, remote, web, overflow, arbitrary
SHA-256 | 05c5b0f03940866f73bc2159f99ff530a95dc33e323dfd87ee1f15e5782c0aa5
iDEFENSE Security Advisory 2005-04-25.2
Posted Jun 16, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 04.25.05-2 - Remote exploitation of a stack-based buffer overflow vulnerability in MySQL MaxDB could allow attackers to execute arbitrary code. The vulnerability specifically exists due to a lack of bounds checking in the WebDAV functionality of the web tool. When an attacker issues an HTTP request with the unlock method, along with a long Lock-Token string, a stack-based overflow occurs.

tags | advisory, remote, web, overflow, arbitrary
SHA-256 | de4dd6898b596370190084b4ae7be97a5ec66c778107f7dc4d74f3b5058bea09
Posted Dec 12, 2004
Authored by Evgeny Demidov

MaxDB WebTools versions and below suffer from a denial of service flaw and a WebDav stack overflow.

tags | advisory, denial of service, overflow
SHA-256 | c20f2fce6b880245de398b94db42eb5c621021013f6b5edf715a90dea9a81f62
Posted Oct 13, 2004
Authored by Amit Klein, Ory Segal aka Watchfire

Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (IIS web server). The result of this attack is that the XML parser consumes all the CPU resources for a long period of time (from seconds to minutes, depending on the size of the payload).

tags | advisory, web, denial of service
SHA-256 | 86be4f9097197602acfd076c6401bace0c652dc337ac4d228bd232c9ba16c4cb
Secunia Security Advisory 12337
Posted Aug 26, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Davenport WebDAV-CIFS Gateway, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to insufficient validation of XML documents sent from clients. This can be exploited by using a specially crafted overly long XML document, which will require excessive resources on expansion. The vulnerability affects versions prior to 0.9.10.

tags | advisory, denial of service
SHA-256 | e69794a5a1f7e7bd97b1bfc29879ad648aec0a8c01d3bbde37f944ab688eeb90
Posted Jun 14, 2003

The ntdll.dll remote exploit through WebDAV that was originally written by kralor. This version is ported to Linux by Dotcom.

tags | exploit, remote
systems | linux
SHA-256 | 2c2a25135d00b80b6afe08a65594cfb418ba630c1c156a70363d9fcc3f00201e
Posted May 29, 2003
Authored by SPI Labs | Site spidynamics.com

Microsoft IIS versions 5.0 and 5.1 are vulnerable to a denial of service attack if an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEARCH' request methods. This results in IIS restarting itself and terminating any active sessions.

tags | exploit, denial of service
SHA-256 | 67114ae0520ebab576e477197853235affe77007a602ac27dc47708e61cc7c11
Posted Mar 19, 2003
Authored by Alexander Antipov | Site securitylab.ru

PTwebdav is a utility for Windows which checks for IIS 5.0 servers which are vulnerable to the Webdav Vulnerability using a malformed search method.

systems | windows
SHA-256 | c652dfb7340124f0b105b9dd61418eddaf74e988443a0e886ee1c8338f1c4058
Posted Mar 18, 2003
Authored by Roelof Temmingh | Site sensepost.com

Finder.pl remotely checks IIS Servers for most of the methods used by WebDAV. If the server does not complain about the method its an indication that WebDAV is in use. See ms03-007.

tags | tool, scanner
systems | unix
SHA-256 | ee03799da073c545d65ebc87a39171adc3d81c3cf8cb9ebe987ea93ca69df4d2
Posted Mar 18, 2003
Site cert.org

CERT Advisory CA-2003-09 - A buffer overflow vulnerability exists in Microsoft IIS 5.0 running on Microsoft Windows 2000. An overflow in ntdll.dll of WebDAV allows remote users to execute code in the local system context. See also ms03-007.

tags | remote, overflow, local
systems | windows
SHA-256 | 708a6e42bc3ff4aa44e0028cb77a1cc2907b40c01604aeadc7ebfc4e3a3b1b0f
Posted Mar 17, 2003
Site microsoft.com

Microsoft Security Advisory MS03-007 - A critical buffer overflow vulnerability in Windows 2000's WebDAV protocol allows remote code execution via IIS as the LocalSystem user. This vulnerability is being exploited in the wild. URLScan, a part of the IIS Lockdown Tool, will block this attack.

tags | remote, overflow, code execution, protocol
systems | windows
SHA-256 | 228598fd496fa3d0bbdf98a8f5094d8923d56e083bc7b109b4eca59861da6d9d
Posted May 19, 2002
Authored by Gerald Combs | Site ethereal.com

Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here. Now includes a brand new NetWare Core Protocol dissector. Several bugs were fixed and support for new protocols was added, including AFP, AODV, ASAP, ASP, ATP, DCCP, LMP, M2UA, and WebDAV (HTTP).

tags | tool, web, sniffer, protocol, asp
systems | unix
SHA-256 | 6e8b86b17cefe3c4b762179fffaedaea98948dfcad366fdf1750976457a009cc
Internet Security Systems Security Alert Summary May 10, 2001
Posted May 16, 2001
Site xforce.iss.net

This advisory holds 120 vulnerabilities.

tags | remote, web, kernel, cgi, perl, php, javascript, tcp, vulnerability, activex
systems | cisco, linux, unix, solaris, irix
SHA-256 | 00cf12d8a5a8701f90a38c209a88b00c8028def67321206fa40aca19a90f593d
Posted Apr 22, 2001

Microsoft Security Advisory MS01-022 - The Microsoft Data Access Component Internet Publishing Provider provides access to WebDAV resources over the Internet. It contains an implementation flaw causing it to handle all requests in the security context of the user. As a result, if a user browsed to a web page or opened an HTML e-mail that contained script, that script could access web-based resources as the user. It is likely that at a minimum, the attacker could browse the user's intranet, and access web-based e-mail as well. Microsoft FAQ on this issue available here.

tags | web
SHA-256 | 44db5213ed41bbd17999a666108a7c3f4de1bd1b055a49df7f1da3d7e837ddc5
Posted Apr 9, 2001
Site xforce.iss.net

ISS Security Alert Summary for April 5, 2001 - Volume 6 Number 5. 80 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: palm-debug-bypass-password, exchange-malformed-url-dos, mailx-bo, sunftp-gain-access, winzip-zipandemail-bo, broker-ftp-delete-files, broker-ftp-list-directories, indexu-gain-access, fastream-ftp-directory-traversal, slimserve-httpd-directory-traversal, wftpd-pro-bo, irc-tkserv-bo, warftp-directory-traversal, ie-telnet-execute-commands, cisco-aironet-web-access, netscape-directory-server-bo, proftpd-postinst-root, proftpd-var-symlink, man2html-remote-dos, linux-eperl-bo, novell-netware-unauthorized-access, sgmltools-symlink, hp-asecure-dos, ascdc-afterstep-bo, iis-webdav-dos, websweeper-http-dos, foldoc-cgi-execute-commands, slrn-wrapping-bo, mutt-imap-format-string, formmail-anonymous-flooding, halflife-config-file-bo, halflife-exec-bo, halflife-map-bo, halflife-map-format-string, ikonboard-cgi-read-files, timed-remote-dos, imap-ipop2d-ipop3d-bo, rwhod-remote-dos, snmpd-argv-bo, mesa-utahglx-symlink, ftpfs-bo, solaris-snmpxdmid-bo, vbulletin-php-elevate-privileges, mdaemon-webservices-dos, ssh-ssheloop-dos, eudora-html-execute-code, aspseek-scgi-bo, hslctf-http-dos, licq-url-execute-commands, superscout-bypass-filtering, dgux-lpsched-bo, rediplus-weak-security, fcheck-open-execute-commands, ntmail-long-url-dos, vim-elevate-privileges, ufs-ext2fs-data-disclosure, microsoft-invalid-digital-certificates, akopia-interchange-gain-access, solaris-perfmon-create-files, win-userdmp-insecure-permission, compaq-wbm-bypass-proxy, mdaemon-imap-command-dos, hp-newgrp-additional-privileges, lan-suite-webprox-dos, weblogic-browse-directories, solaris-tip-bo, sonicwall-ike-shared-keys, anaconda-clipper-directory-traversal, visual-studio-vbtsql-bo, sco-openserver-deliver-bo, sco-openserver-lpadmin-bo, sco-openserver-lpforms-bo, sco-openserver-lpshut-bo, sco-openserver-lpusers-bo, sco-openserver-recon-bo, sco-openserver-sendmail-bo, inframail-post-dos, cisco-vpn-telnet-dos, website-pro-remote-dos, and win-compressed-password-recovery.

tags | remote, web, cgi, root, php, vulnerability, imap
systems | cisco, linux, solaris
SHA-256 | 60fe83921f94894a09c676373d0623af6b51e719ce9ecd75f68f018ab5f57856
Posted Mar 19, 2001
Authored by Georgi Guninski | Site guninski.com

IIS 5.0 / Windows 2000 WebDAV remote denial of service exploit - Sends a specially crafted request, as described in MS01-016.

tags | exploit, remote, denial of service
systems | windows
SHA-256 | 025cc976603fe7243eaee030053fb6e90d63847d20684126b98f538d5ccadbca
Posted Mar 16, 2001

Microsoft Security Advisory MS01-016 - A remote denial of service attack has been discovered in WebDAV, and extension to the HTTP protocol included in Windows 2000 IIS 5.0. Microsoft FAQ on this issue available here.

tags | remote, web, denial of service, protocol
systems | windows
SHA-256 | c80117b9bf7cc43251692b9718db26d94050802d79ad071dfb50f1e55501d4d4
Posted Oct 11, 2000
Site xforce.iss.net

ISS Security Alert Summary for October 10, 2000. 91 new vulnerablities were reported this month. This document has links to more information and full advisories on each. Includes: apache-rewrite-view-files, win2k-simplified-chinese-ime, xinitrc-bypass-xauthority, slashcode-default-admin-passwords, quotaadvisor-quota-bypass, hinet-ipphone-get-bo, netscape-ie-password-dos, traceroute-heap-overflow, glibc-unset-symlink, lpr-checkremote-format-string, netscape-messaging-list-dos, palm-weak-encryption, mediaplayer-outlook-dos, unixware-scohelp-format, ie-getobject-expose-files, webplus-example-script, lprng-format-string, openview-nmm-snmp-bo, alabanza-unauthorized-access, pine-check-mail-bo, ciscosecure-tacacs-dos, suse-installed-packages-exposed, ciscosecure-csadmin-bo, ciscosecure-ldap-bypass-authentication, rbs-isp-directory-traversal, wincom-lpd-dos, webplus-reveal-path, webplus-expose-internal-ip, webplus-reveal-source-code, du-kdebugd-write-access, glint-symlink, mdaemon-url-dos, browsegate-http-dos, klogd-format-string, office-dll-execution, cisco-pix-smtp-filtering, horde-imp-sendmail-command, exchange-store-dos, doublevision-dvtermtype-bo, sambar-search-view-folder, camshot-password-bo, websphere-header-dos, win2k-telnet-ntlm-authentication, http-cgi-multihtml, hp-openview-nnm-scripts, freebsd-eject-port, webtv-udp-dos, imp-attach-file, fastream-ftp-dos, fur-get-dos, 602prolan-telnet-dos, 602prolan-smtp-dos, as400-firewall-dos, eftp-bo, eftp-newline-dos, sco-help-view-files, win2k-rpc-dos, mailform-attach-file, linux-mod-perl, pam-authentication-bo, siteminder-bypass-authentication, mailto-piped-address, winsmtp-helo-bo, yabb-file-access, linux-tmpwatch-fork-dos, muh-log-dos, documentdirect-username-bo, documentdirect-get-bo, documentdirect-user-agent-bo, interbase-query-dos, suse-apache-cgi-source-code, phpphoto-dir-traverse, apache-webdav-directory-listings, eudora-path-disclosure, phpphotoalbum-getalbum-directory-traversal, lpplus-permissions-dos, lpplus-process-perms-dos, lpplus-dccscan-file-read, xmail-long-apop-bo, xmail-long-user-bo, w2k-still-image-service, irc-trinity, wftpd-long-string-dos, wftpd-path-disclosure, iis-invald-url-dos, screen-format-string, ntmail-incomplete-http-requests, wavelink-authentication, php-file-upload, unix-locale-format-string, and aix-clear-netstat.

tags | web, overflow, cgi, udp, perl, php
systems | cisco, linux, windows, unix, freebsd, suse, aix, unixware
SHA-256 | c216ccfd7bb412d411ec6ce30d33d782e379f3b95c50042b517f1d53c6b4cbc5
Posted Oct 5, 2000
Authored by Mnemonix | Site atstake.com

Atstake Security Advisory - Microsoft's Internet Information Server 5.0 is WebDAV (RFC 2518) enabled. As part of the extra functionality provided by the WebDAV components. Microsoft has introduced the SEARCH request method to enable searching for files based upon certain criteria. This functionality can be exploited to gain what are equivalent to directory listings. These directory listings can be used by an attacker to locate files in the web directories that are not normally exposed through links on the web site. .inc files and other components of ASP applications that potentially contain sensitive information can be viewed this way.

tags | web, asp
SHA-256 | f2562bfaf09eac881c34bf6c3fc7b51eb464aca2b3cb81446d72d5bf1fc82e7c
Posted Sep 8, 2000
Site suse.de

SuSE Security Advisory - The default package selection in SuSE distributions includes apache. The configuration file that comes with the package allows remote users to read the cgi script sources of the server, and webDAV is installed by default with no access control or authentification activated.

tags | remote, cgi
systems | linux, suse
SHA-256 | f92847ba2aff6bdbefd20587d7b2ffb12c18a8eeec48d3170b3b886b024544ad
Page 4 of 4

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By