Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bscw bscw vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2001-0973
BSCW groupware system 3.3 up to and including 4.0.2 beta allows remote malicious users to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.
Fraunhofer Fit Bscw 3.4.3
Fraunhofer Fit Bscw
Fraunhofer Fit Bscw 3.3
Fraunhofer Fit Bscw 3.3.1
Fraunhofer Fit Bscw 3.4.1
Fraunhofer Fit Bscw 4.0.1 Beta
NA
CVE-2014-2301
OrbiTeam BSCW prior to 5.0.8 allows remote malicious users to obtain sensitive metadata via the inf operations (op=inf) to an object in pub/bscw.cgi/.
Bscw Bscw
8.8
CVSSv3
CVE-2021-36359
OrbiTeam BSCW Classic prior to 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5....
Bscw Bscw Classic
8.8
CVSSv3
CVE-2021-39271
OrbiTeam BSCW Classic prior to 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.
Bscw Bscw Classic
NA
CVE-2002-0095
The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote malicious users to upload files and possibly join a user community that was intended to be closed.
Fraunhofer Fit Bscw 3.4
Fraunhofer Fit Bscw 4.0.6
Fraunhofer Fit Bscw 4.0
1 EDB exploit
NA
CVE-2002-0094
config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions prior to 4.06 allows remote malicious users to execute arbitrary commands via shell metacharacters in the file name during filename conversion.
Fraunhofer Fit Bscw 3.4
Fraunhofer Fit Bscw 4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started