Office Server Security Vulnerabilities
7.8CVSS
7AI Score
0.001EPSS
Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests...
8.8CVSS
8.5AI Score
0.001EPSS
7.8CVSS
5.3AI Score
0.001EPSS
7.3CVSS
7.4AI Score
0.001EPSS
7.8CVSS
8.1AI Score
0.001EPSS
7.8CVSS
8.1AI Score
0.001EPSS
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd...
3.2CVSS
4.1AI Score
0.001EPSS
5.5CVSS
5.3AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is...
8.1CVSS
8.1AI Score
0.003EPSS
7.5CVSS
7.6AI Score
0.003EPSS
7.8CVSS
7.7AI Score
0.005EPSS
7.8CVSS
7.9AI Score
0.002EPSS
6.5CVSS
6.8AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.005EPSS
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...
8CVSS
8AI Score
0.001EPSS
Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET...
9.8CVSS
9.5AI Score
0.004EPSS
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration...
5.4CVSS
5.4AI Score
0.001EPSS
Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be...
8.8CVSS
8.5AI Score
0.003EPSS
5.5CVSS
5AI Score
0.001EPSS
8.8CVSS
8.1AI Score
0.013EPSS
5.5CVSS
5AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.002EPSS
7.8CVSS
7.5AI Score
0.002EPSS
susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI...
7.7AI Score
0.003EPSS
7.8CVSS
8.2AI Score
0.002EPSS
7.8CVSS
7.7AI Score
0.005EPSS
5.5CVSS
6.3AI Score
0.001EPSS
Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171,...
5.5CVSS
6.1AI Score
0.001EPSS
5.5CVSS
6.3AI Score
0.001EPSS
7.8CVSS
8.1AI Score
0.006EPSS
7.8CVSS
8.2AI Score
0.006EPSS
6.5CVSS
6.6AI Score
0.009EPSS
7.8CVSS
7.7AI Score
0.01EPSS
5.5CVSS
5.3AI Score
0.001EPSS
8.8CVSS
9.2AI Score
0.056EPSS
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue...
7.8CVSS
7.7AI Score
0.093EPSS
7.8CVSS
7.5AI Score
0.031EPSS
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML...
6.5CVSS
6.6AI Score
0.002EPSS
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML...
7.5CVSS
7.4AI Score
0.002EPSS
7.8CVSS
7.4AI Score
0.068EPSS
7.8CVSS
7.7AI Score
0.024EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
7.8CVSS
7.4AI Score
0.068EPSS
5.5CVSS
6AI Score
0.0004EPSS