manhinyeung / poc_exploits

🕳️ Proof of Concept exploits and their descriptions for various products

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Proofs of Concepts, Exploits, CVE

ONLYOFFICE

ONLYOFFICE offers a secure online office suite, as it says on their website. Here are vulnerabilities that I found in their product.

CVE ID Score Description
CVE-2021-3199 9.8 CRITICAL Directory traversal with Remote Code Execution when JWT is used in Document Server before 5.6.3
CVE-2022-29776 9.8 CRITICAL Classic stack buffer overflow leading to Remote Code Execution in DocumentServer 6.0.0 and earlier
CVE-2022-29777 9.8 CRITICAL Heap buffer overflow (underflow) allows writing the pointer of a heap-chunk with a data controlled by the attacker, into a neighboring (located at a lower address) heap-chunk (DocumentServer 6.0.0 and earlier). Strong primitive, leads to Remote Code Execution

Automotive

Not disclosed

About

🕳️ Proof of Concept exploits and their descriptions for various products


Languages

Language:Python 100.0%