24 matches found
EUVD-2014-2339
Malware in sbrugna...
EUVD-2021-25633
Malware in sbrugna...
CVE-2021-36359
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...
CVE-2021-39271
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...
OrbiTeam BSCW Server XSS / LFI / User Enumeration Vulnerabilities
OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal, cross site scripting, HTTP header, session object manipulation, local file inclusion, and user enumeration vulnerabilities...
CVE-2021-36359
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...
CVE-2021-39271
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...
CVE-2021-39271
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...
CVE-2021-36359
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...
Remote code execution
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...
Design/Logic Flaw
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...
CVE-2021-39271
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution RCE during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3...
CVE-2021-39271
CVE-2021-39271 (BSCW Classic / OrbiTeam BSCW Classic) : Authenticated remote code execution is possible during archive extraction via attacker-supplied Python code embedded in the class attribute of a .bscw file. Root cause: execution of Python code during extraction in affected BSCW Classic depl...
CVE-2021-36359
CVE-2021-36359 affects OrbiTeam BSCW Classic/BSCW Server up to version 7.4.3. The vulnerability is an XML tag injection that leads to authenticated remote code execution when reportlab/platypus/paraparser.py evaluates attacker-supplied Python code via bscw.cgi op=_editfolder.EditFolder. Impact is...
CVE-2021-36359
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...
OrbiTeam BSCW Classic 安全漏洞
OrbiTeam BSCW Classic is OrbiTeam Software GmbH's versatile system for any application. A security vulnerability in OrbiTeam BSCW Classic versions prior to 7.4.3, which could be exploited by an attacker to provide Python code in the class attribute of a .BSCW file to execute authenticated Remote...
OrbiTeam BSCW 'op' Parameter Information Disclosure Vulnerability
OrbiTeam BSCW is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
CVE-2014-2301
OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive metadata via the inf operations op=inf to an object in pub/bscw.cgi/...
Buffer overflow
OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive metadata via the inf operations op=inf to an object in pub/bscw.cgi/...
CVE-2014-2301
OrbiTeam BSCW contains an information-disclosure flaw in the pub/bscw.cgi/?op=inf path. Versions ≤ 5.0.7 (pre-5.0.8) allow unauthenticated attackers to read metadata for internal objects (e.g., filenames, and potentially email addresses). The root cause is information leakage via the inf operatio...