Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bscw bscw vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2001-0973
BSCW groupware system 3.3 up to and including 4.0.2 beta allows remote malicious users to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.
Fraunhofer Fit Bscw
Fraunhofer Fit Bscw 3.3.1
Fraunhofer Fit Bscw 3.3
Fraunhofer Fit Bscw 3.4.1
Fraunhofer Fit Bscw 3.4.3
Fraunhofer Fit Bscw 4.0.1 Beta
5
CVSSv2
CVE-2014-2301
OrbiTeam BSCW prior to 5.0.8 allows remote malicious users to obtain sensitive metadata via the inf operations (op=inf) to an object in pub/bscw.cgi/.
Bscw Bscw
6.5
CVSSv2
CVE-2021-36359
OrbiTeam BSCW Classic prior to 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5....
Bscw Bscw Classic
6.5
CVSSv2
CVE-2021-39271
OrbiTeam BSCW Classic prior to 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.
Bscw Bscw Classic
7.5
CVSSv2
CVE-2002-0095
The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote malicious users to upload files and possibly join a user community that was intended to be closed.
Fraunhofer Fit Bscw 3.4
Fraunhofer Fit Bscw 4.0.6
Fraunhofer Fit Bscw 4.0
1 EDB exploit
7.5
CVSSv2
CVE-2002-0094
config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions prior to 4.06 allows remote malicious users to execute arbitrary commands via shell metacharacters in the file name during filename conversion.
Fraunhofer Fit Bscw 3.4
Fraunhofer Fit Bscw 4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started