Bscw

CVEs (4)

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2002-0095	0.04	—	0.07	Mar 25, 2002	The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.
CVE-2014-2301	0.00	—	0.00	May 12, 2014	OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive metadata via the inf operations (op=inf) to an object in pub/bscw.cgi/.
CVE-2002-0094	0.00	—	0.01	Mar 25, 2002	config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.
CVE-2001-0973	0.00	—	0.03	Aug 31, 2001	BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.

CVE-2002-0095Mar 25, 2002
risk 0.04cvss —epss 0.07
The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.
CVE-2014-2301May 12, 2014
risk 0.00cvss —epss 0.00
OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive metadata via the inf operations (op=inf) to an object in pub/bscw.cgi/.
CVE-2002-0094Mar 25, 2002
risk 0.00cvss —epss 0.01
config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.
CVE-2001-0973Aug 31, 2001
risk 0.00cvss —epss 0.03
BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.