169 matches found
CVE-2020-10365
CVE-2020-10365 affects LogicalDOC before 8.3.3. The vulnerability is a SQL Injection in the document-list query, where the application builds the list of available documents by querying the database and some parameters are not properly sanitized. An authenticated attacker could leverage this to p...
CVE-2020-10365
LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary...
CVE-2020-9423
CVE-2020-9423 affects LogicalDOC before 8.3.3. The vulnerability stems from the document-add feature, which can be abused by an unauthenticated attacker to upload an arbitrary file into a restricted folder, enabling command execution with root privileges. The available sources describe the issue ...
CVE-2020-9423
LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users,...
LogicalDoc Virtual Appliance Multiple Vulnerabilities
Advisory ID Internal CORE-2020-004 1. Advisory Information Title: LogicalDoc Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2020-004 Date published: 2020-03-18 Date of last update: 2020-03-17 Vendors contacted: LogicalDoc Release mode: Coordinated release 2. Vulnerability...
LogicalDoc Virtual Appliance Multiple Vulnerabilities
1. Advisory Information Title: LogicalDoc Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2019-004 Advisory URL: Date published: 2020-03-18 Date of last update: 2020-03-17 Vendors contacted: LogicalDoc Release mode: Coordinated release 2. Vulnerability Information Class: Unrestricted...
LogicalDOC Path Traversal Vulnerability
LogicalDOC is a set of document management system developed using Java technology . The system has Lucene full-text search indexing and automatic import and other functions. A path traversal vulnerability exists in LogicalDOC Community Edition version 8.x prior to 8.2.1. The vulnerability stems...
CVE-2019-9723
LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry...
CVE-2019-9723
LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry...
Path traversal
LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry...
CVE-2019-9723
LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry...
CVE-2019-9723
Summary: CVE-2019-9723 affects LogicalDOC Community Edition 8.x before 8.2.1. The vulnerability is a path traversal in the PluginRegistry that enables reading arbitrary files and creating directories outside the intended scope. Public sources in the connected set corroborate that the issue reside...
LogicalDOC 8.2 Path Traversal Vulnerability
Impact In order to exploit this vulnerability an attacker needs to be an authenticated read-only user of the role guest. The attacker can read arbitrary files and create arbitrary directories on the server with the permissions of the user running the web server. It is recommended to update...
LogicalDOC Detection (HTTP)
HTTP based detection of LogicalDOC. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.140769";...
LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution
LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designe...
LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness
LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designed to handle and share...
LogicalDOC Enterprise 7.7.4 Directory Traversal
LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designed to handle...
LogicalDOC Enterprise 7.7.4 Reflected Cross Site Scripting
history.pushState'', '', '/' input type="hid...
LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution
LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary:...
LogicalDOC Enterprise 7.7.4 - Directory Traversal
LogicalDOC Enterprise 7.7.4 - Directory Traversal LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free...