CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...

8.8CVSS7.9AI score0.03975EPSS

Exploits3References1

RedhatCVE•added 2025/05/22 8:44 p.m.•1 views

CVE-2021-39271

OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...

8.8CVSS7.8AI score0.03679EPSS

Exploits3References1

0day.today•added 2021/12/04 12:0 a.m.•490 views

OrbiTeam BSCW Server XSS / LFI / User Enumeration Vulnerabilities

OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal, cross site scripting, HTTP header, session object manipulation, local file inclusion, and user enumeration vulnerabilities...

7AI score

Exploits0

0day.today•added 2021/08/31 12:0 a.m.•272 views

BSCW Server XML Injection Vulnerability

BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an XML tag injection vulnerability. ======================================================================= title: XML Tag injection product: BSCW Server vulnerable version:...

8.8CVSS0.03975EPSS

Exploits3

Packet Storm•added 2021/08/31 12:0 a.m.•209 views

BSCW Server Remote Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated RCE product: BSCW Server vulnerable version: BSCW Server =5.0.11, =5.1.9, =5.2.3, =7.3.2, =7.4.2 fixed version: 5.0.12, 5.1.10, 5.2.4, 7.3.3, 7.4.3 CVE...

0.1AI score0.03679EPSS

Exploits3

0day.today•added 2021/08/31 12:0 a.m.•281 views

BSCW Server Remote Code Execution Vulnerability

BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an authenticated remote code execution vulnerability. ======================================================================= title: Authenticated RCE product: BSCW Server...

8.8CVSS0.8AI score0.03679EPSS

Exploits3

Packet Storm•added 2021/08/31 12:0 a.m.•281 views

BSCW Server XML Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML Tag injection product: BSCW Server vulnerable version: BSCW Server...

0.1AI score0.03975EPSS

Exploits3

OSV•added 2021/08/30 5:15 a.m.•3 views

CVE-2021-36359

8.8CVSS6.3AI score0.03975EPSS

Exploits3References3

NVD•added 2021/08/30 5:15 a.m.•14 views

CVE-2021-39271

8.8CVSS0.03679EPSS

Exploits3References3

NVD•added 2021/08/30 5:15 a.m.•22 views

CVE-2021-36359

8.8CVSS0.03975EPSS

Exploits3References3

Prion•added 2021/08/30 5:15 a.m.•15 views

Remote code execution

6.5CVSS8.9AI score0.03975EPSS

Exploits3References3Affected Software1

ATTACKERKB•added 2021/08/30 5:15 a.m.•4 views

CVE-2021-36359

8.8CVSS6.2AI score0.03975EPSS

Exploits3References4

Prion•added 2021/08/30 5:15 a.m.•11 views

Design/Logic Flaw

6.5CVSS8.7AI score0.03679EPSS

Exploits3References3Affected Software1

CVE•added 2021/08/30 4:58 a.m.•81 views

CVE-2021-39271

CVE-2021-39271 (BSCW Classic / OrbiTeam BSCW Classic) : Authenticated remote code execution is possible during archive extraction via attacker-supplied Python code embedded in the class attribute of a .bscw file. Root cause: execution of Python code during extraction in affected BSCW Classic depl...

8.8CVSS8.7AI score0.03679EPSS

Exploits3References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by