Vulnerabilities (CVE)

Filtered by vendor Fraunhofer Fit Subscribe
Filtered by product Bscw
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0095 1 Fraunhofer Fit 1 Bscw 2023-12-10 7.5 HIGH N/A
The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.
CVE-2001-0973 1 Fraunhofer Fit 1 Bscw 2023-12-10 6.4 MEDIUM N/A
BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.
CVE-2002-0094 1 Fraunhofer Fit 1 Bscw 2023-12-10 7.5 HIGH N/A
config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.