77 matches found
CVE-2021-25832
A heap buffer overflow vulnerability inside of BMP image processing was found at core module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer...
CVE-2021-25831
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...
Input validation
An improper binary stream data handling issue was found in the core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server...
Design/Logic Flaw
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...
Design/Logic Flaw
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...
Heap overflow
A heap buffer overflow vulnerability inside of BMP image processing was found at core module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer...
Remote code execution
A file extension handling issue was found in server module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code executi...
CVE-2021-25833
An attackable bug in ONLYOFFICE DocumentServer is reported for the server module version 4.2.0.71-v5.6.0.21 where the file extension is controllable via request data, enabling arbitrary file overwriting and remote code execution. This vulnerability is described across multiple sources (NVD/CVE-20...
CVE-2021-25832
A heap buffer overflow vulnerability inside of BMP image processing was found at core module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer...
CVE-2021-25832
CVE-2021-25832 affects ONLYOFFICE DocumentServer. A heap buffer overflow in the BMP image processing of the core module (document server) can allow remote code execution on vulnerable versions: v4.0.0-9-v6.0.0. The provided documents do not include remediation steps or patch/version details beyon...
CVE-2021-25831
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...
CVE-2021-25831
ONLYOFFICE DocumentServer (core module) vulnerability CVE-2021-25831 affects v4.0.0-9-v5.6.3. A file extension handling issue arises when converting a crafted PPTT file to PPTX, exploited through a chain of two other improper string handling bugs to achieve remote code execution on the server. Th...
CVE-2021-25830
ONLYOFFICE DocumentServer (core module) v4.2.0.236-v5.6.4.13 contains a file extension handling vulnerability triggered when converting a crafted file from DOCT to DOCX. The issue relies on a chain of two other bugs related to improper string handling and can lead to remote code execution on the ...
CVE-2021-25830
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...
CVE-2021-25829
The CVE-2021-25829 entry concerns ONLYOFFICE DocumentServer core module (versions 4.0.0-9-v5.6.3). The vulnerability arises from improper binary stream data handling in the core component, enabling a denial-of-service that can shut down the target server. Connected sources confirm the affected pr...
CVE-2021-25829
An improper binary stream data handling issue was found in the core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server...
DocumentServer 安全漏洞
ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. A security vulnerability exists in the ONLYOFFICE DocumentServer core module, which can be exploited by an attacker to shut down the target server...