28 matches found
CVE-2019-18211
An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user...
EUVD-2019-8011
Malware in sbrugna...
EUVD-2022-6820
Malicious code in bioql PyPI...
CVE-2021-34992
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied...
CVE-2022-39256
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform t...
GHSA-GFHP-JGP6-838J Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.
Impact This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. Patches Patched in ...
Orckestra C1 CMS Deserialization Vulnerability
C1 CMS is an open source web content management system CMS based on .NET. A deserialization vulnerability exists in versions of Orckestra C1 CMS prior to 6.13. An authenticated attacker can exploit this vulnerability to execute arbitrary code...
CVE-2022-39256
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform t...
Design/Logic Flaw
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform t...
CVE-2022-39256 Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform t...
CVE-2022-39256 Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform t...
CVE-2022-39256
Orckestra C1 CMS before 6.13 has a deserialization vulnerability that allows an authenticated attacker to execute arbitrary code on affected installations. The issue affects the .NET-based C1 CMS and is triggered by authenticated actions (user must visit a crafted site). The root cause described ...
CVE-2022-39256 Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform t...
Orckestra C1 CMS 代码问题漏洞
C1 CMS is an open source web content management system CMS based on .NET. A deserialization vulnerability exists in versions of Orckestra C1 CMS prior to 6.13. An authenticated attacker can exploit this vulnerability to execute arbitrary code...
PT-2022-24848 · Orckestra · Orckestra C1 Cms
Name of the Vulnerable Software and Affected Versions: Orckestra C1 CMS versions prior to 6.13 Description: A vulnerability in Orckestra C1 CMS allows remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this issue. The authenticated user may...
Orckestra C1 CMS 代码问题漏洞
Orckestra C1 CMS is an open source web content management system CMS based on . A code issue vulnerability exists in Orckestra C1 CMS versions prior to 6.12 that allows an authenticated attacker to send arbitrary GET requests through the server to other servers on the local network or localhost...
CVE-2021-34992
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied...
Deserialization of untrusted data
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied...
CVE-2021-34992
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied...
CVE-2021-34992
CVE-2021-34992 affects Orckestra C1 CMS 6.10 with the vulnerability in Composite.dll where improper validation leads to deserialization of untrusted data and remote code execution in the service account context. Exploitation requires authentication; ZDI-14740 is cited. Red Hat/NVD/OSV references ...