Oleg Korshul

5 exploits Active since Jun 2022
CVE-2023-30187 WRITEUP CRITICAL WRITEUP
ONLYOFFICE DocumentServer 4.0.3-7.3.2 - Remote Code Execution via Crafted JavaScript File
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
CVSS 9.8
CVE-2023-30188 WRITEUP HIGH WRITEUP
ONLYOFFICE Document Server 4.0.3-7.3.2 - Denial of Service via Crafted JavaScript File
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.
CVSS 7.5
CVE-2022-29776 WRITEUP CRITICAL WRITEUP
ONLYOFFICE Document Server < 6.0.0 and Core < 6.1.0.26 - Stack Overflow in File.cpp
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.
CVSS 9.8
CVE-2022-29777 WRITEUP CRITICAL WRITEUP
ONLYOFFICE Document Server < 6.0.0 and Core < 6.1.0.26 - Heap Overflow in Font File Processing
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.
CVSS 9.8
CVE-2023-30186 WRITEUP CRITICAL WRITEUP
ONLYOFFICE DocumentServer 4.0.3-7.3.2 - Remote Code Execution via Use-After-Free
A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
CVSS 9.8