MidnightBSD

Advisories for fraunhofer_fit

CVE-2001-0973 MEDIUM

BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fraunhofer_fit bscw *
fraunhofer_fit bscw 3.4.1
fraunhofer_fit bscw 3.3.1
fraunhofer_fit bscw 3.3
fraunhofer_fit bscw 4.0.1_beta
fraunhofer_fit bscw 3.4.3
CVE-2002-0094 HIGH

config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fraunhofer_fit bscw 4.0
fraunhofer_fit bscw 3.4
CVE-2002-0095 HIGH

The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fraunhofer_fit bscw 4.0.6
fraunhofer_fit bscw 4.0
fraunhofer_fit bscw 3.4