9 matches found
EUVD-2021-22979
Malware in sbrugna...
CVE-2021-36359
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...
CVE-2021-39271
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...
Remote code execution
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...
CVE-2021-36359
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...
CVE-2021-39271
CVE-2021-39271 (BSCW Classic / OrbiTeam BSCW Classic) : Authenticated remote code execution is possible during archive extraction via attacker-supplied Python code embedded in the class attribute of a .bscw file. Root cause: execution of Python code during extraction in affected BSCW Classic depl...
CVE-2021-36359
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...
CVE-2021-36359
CVE-2021-36359 affects OrbiTeam BSCW Classic/BSCW Server up to version 7.4.3. The vulnerability is an XML tag injection that leads to authenticated remote code execution when reportlab/platypus/paraparser.py evaluates attacker-supplied Python code via bscw.cgi op=_editfolder.EditFolder. Impact is...
OrbiTeam BSCW Classic安全漏洞
OrbiTeam BSCW Classic is OrbiTeam Software GmbH's versatile system for any application. A security vulnerability exists in OrbiTeam BSCW Classic versions prior to 7.4.3, which can be exploited by an attacker to call Python code via XML tags, fixed in versions 5.0.12, 5.1.10, 5.2.4, 7.3.3 and 7.4....