Vulners
Lucene search
Omnidocs - Multiple Vulnerabilities
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Omnidocs Multiple Vulnerability | 26 Sep 201100:00 | – | zdt |
 | CVE-2011-3645 | 27 Sep 201119:00 | – | cve |
 | CVE-2011-3645 | 27 Sep 201119:00 | – | cvelist |
 | EUVD-2011-3604 | 7 Oct 202500:30 | – | euvd |
 | Omnidocs - Multiple Vulnerabilities | 27 Sep 201100:00 | – | exploitpack |
 | CVE-2011-3645 | 27 Sep 201119:55 | – | nvd |
 | Omnidocs Privilege Escalation / Direct Object Access | 26 Sep 201100:00 | – | packetstorm |
 | Design/Logic Flaw | 27 Sep 201119:55 | – | prion |
 | [CVE-2011-3645] Multiple vulnerability in "Omnidocs" | 26 Sep 201100:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 26 Sep 201100:00 | – | securityvulns |
10
--------------------------------------------------------------------
# Exploit Title: Multiple Vulnerability in "Omnidocs"
# Date: 24 Sep 2011
# Author: Sohil Garg
# Software Link: http://www.newgensoft.com/omnidocs.asp
# Version: All
# Tested on: Apache-Coyote/1.1
# CVE : CVE-2011-3645
�
---------------------------------------------------
"Omnidocs" Multiple vulnerability.
---------------------------------------------------
By � � � :Sohil Garg
Email � �:[email protected]
---------------------------------------------------
�
Product Description:
OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and�
contents. Also integrates seamlessly with other enterprise applications.
�
------------------
Vulnerability
------------------
�
1.Vulnerbility Type
Privilege escalation
Affected URL:�
http://serverIP/omnidocs/doccab/doclist.jsp?DocListFolderId=927964&FolderType=G&FolderRights=010000000&FolderName=1234&FolderOwner=test&FolderLocation=G&Fold
erAccessType=I&ParentFolderIndex=100&FolderPathFlag=Y&Fetch=5&VolIndex=1&VolIndex=1
�
Vulnerable Parameter:�
FolderRights
Exploit
Omnidocs application does not validate 'FolderRights' parameter. This parameter could be modified to '111111111' to get full access including rights to add�
documents, add folders, delete folders and place orders.
2.Vulnerability Type
Direct Object Access
Sample URL:
http://serverIP/omnidocs/doccab/userprofile/editprofile.jsp
Vulnerable Parameter:
UserIndex
Exploit:
Omnidocs application does not validate 'UserIndex' parameter. 'UserIndex' parameter is used to access the personal setting page. This parameter can be�
changed to other valid numbers thereby gaining access to view or change other user's personal settings.
Timeline:
Notified Vendor: 01-Sep-2011
No response received from vendor for 3 weeks
Public Disclosure: 23-Sep-2011
-----------------------------------------------------
Greetz to:
1] Nikhil MittalData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Sep 2011 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 27.5
EPSS0.01082