CVE-2019-25257

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command,...

CVE-2019-25257

CVE-2019-25257 affects LogicalDOC Enterprise 7.7.4. The vulnerability arises from insufficient validation of binary paths when modifying system settings, allowing authenticated users to manipulate configuration parameters (e.g., antivirus.command, ocr.Tesseract.path) to execute arbitrary OS comma...

CVE-2019-25257 LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command,...

CVE-2019-25258

LogicalDOC Enterprise 7.7.4 is affected by post-authentication file disclosure vulnerabilities. The issue arises from insufficient validation of suffix and fileVersion parameters, enabling directory traversal in the /thumbnail and /convertpdf endpoints to read arbitrary files (e.g., win.ini, /etc...

CVE-2019-25258 LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vulnerabilities

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to...

CVE-2019-25258 LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vulnerabilities

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to...

CVE-2019-25257 LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command,...

LogicalDOC Enterprise 安全漏洞

LogicalDOC Enterprise is a document management system from LogicalDOC Italy. A security vulnerability exists in LogicalDOC Enterprise version 7.7.4, which originates from insufficient validation of binary paths when modifying system settings, and may result in the execution of operating system...

PT-2025-53343

Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise version 7.7.4 Description The software contains multiple authenticated operating system command execution flaws. These flaws permit attackers to manipulate binary paths when altering system settings. Exploitation involves...

PT-2025-53344

Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise version 7.7.4 Description The software contains multiple post-authentication file disclosure issues that allow attackers to read arbitrary files through unverified suffix and fileVersion parameters. Attackers can exploit...

LogicalDOC Enterprise 安全漏洞

LogicalDOC Enterprise is a document management system from the Italian company LogicalDOC. A security vulnerability exists in LogicalDOC Enterprise version 7.7.4, which stems from insufficient validation of the suffix and fileVersion parameters and could lead to arbitrary file disclosure...

EUVD-2022-50179

Malicious code in bioql PyPI...

EUVD-2024-54140

Malicious code in bioql PyPI...

CVE-2024-12020

There is a reflected cross-site scripting XSS within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security flags, however the...

CVE-2024-12020

There is a reflected cross-site scripting XSS within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security flags, however the...

CVE-2024-12020 Reflected Cross-Site Scripting (XSS)

There is a reflected cross-site scripting XSS within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security flags, however the...

CVE-2024-12020

CVE-2024-12020 describes a reflected cross-site scripting (XSS) in JSP files used to control application appearance affecting LogicalDOC Enterprise. The root cause is input echoed into JSP pages without proper sanitization, enabling an unauthenticated attacker to lure a user into clicking a craft...

CVE-2024-12020 Reflected Cross-Site Scripting (XSS)

There is a reflected cross-site scripting XSS within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security flags, however the...

CVE-2022-47418

LogicalDOC Enterprise and Community Edition CE are vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the document version comments...

CVE-2022-47418

LogicalDOC Enterprise and Community Edition CE are vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the document version comments...