Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-22979

Malware in sbrugna...

8.8CVSS8.6AI score0.03975EPSS
Exploits3References5
RedhatCVE
RedhatCVE
added 2025/05/22 9:13 p.m.7 views

CVE-2021-36359

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...

8.8CVSS7.9AI score0.03975EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:44 p.m.3 views

CVE-2021-39271

OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...

8.8CVSS7.8AI score0.03679EPSS
Exploits3References1
Prion
Prion
added 2021/08/30 5:15 a.m.17 views

Remote code execution

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...

6.5CVSS8.9AI score0.03975EPSS
Exploits3References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/08/30 5:15 a.m.5 views

CVE-2021-36359

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...

8.8CVSS6.2AI score0.03975EPSS
Exploits3References4
CVE
CVE
added 2021/08/30 4:58 a.m.85 views

CVE-2021-39271

CVE-2021-39271 (BSCW Classic / OrbiTeam BSCW Classic) : Authenticated remote code execution is possible during archive extraction via attacker-supplied Python code embedded in the class attribute of a .bscw file. Root cause: execution of Python code during extraction in affected BSCW Classic depl...

8.8CVSS8.7AI score0.03679EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2021/08/30 4:42 a.m.44 views

CVE-2021-36359

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...

9.2AI score0.03975EPSS
Exploits3References3
CVE
CVE
added 2021/08/30 4:42 a.m.74 views

CVE-2021-36359

CVE-2021-36359 affects OrbiTeam BSCW Classic/BSCW Server up to version 7.4.3. The vulnerability is an XML tag injection that leads to authenticated remote code execution when reportlab/platypus/paraparser.py evaluates attacker-supplied Python code via bscw.cgi op=_editfolder.EditFolder. Impact is...

8.8CVSS9AI score0.03975EPSS
Exploits3References3Affected Software1
CNNVD
CNNVD
added 2021/08/30 12:0 a.m.8 views

OrbiTeam BSCW Classic安全漏洞

OrbiTeam BSCW Classic is OrbiTeam Software GmbH's versatile system for any application. A security vulnerability exists in OrbiTeam BSCW Classic versions prior to 7.4.3, which can be exploited by an attacker to call Python code via XML tags, fixed in versions 5.0.12, 5.1.10, 5.2.4, 7.3.3 and 7.4....

8.8CVSS8AI score0.03975EPSS
Exploits3References4
Rows per page
Query Builder