74 matches found
EUVD-2021-26539
Malware in sbrugna...
EUVD-2020-3888
Malware in sbrugna...
EUVD-2020-3887
Malware in sbrugna...
EUVD-2020-3886
Malware in sbrugna...
EUVD-2020-3889
Malware in sbrugna...
EUVD-2022-29136
Malicious code in bioql PyPI...
EUVD-2021-28020
Malicious code in bioql PyPI...
EUVD-2023-34613
Malicious code in bioql PyPI...
CVE-2023-30188
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file...
CVE-2022-29776
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp...
CVE-2022-29777
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h...
CVE-2022-24229
A cross-site scripting XSS vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor...
CVE-2021-3199
Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter...
CVE-2020-11536
An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server...
CVE-2020-11534
An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass parameters to a binary such as curl or wget and remotely execute code on a victim's server...
CVE-2020-11537
A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...
CVE-2023-46988
Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service DoS...
CVE-2023-46988
Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service DoS...
CVE-2023-46988
Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service DoS...
CVE-2023-46988
CVE-2023-46988 is a path-traversal vulnerability in ONLYOFFICE Document Server prior to 8.0.1. The issue allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter at the /example/editor endpoint, potentially leading to unauthorized access to sensitive files (and DoS)....