Lucene search
K

169 matches found

CVE
CVE
added 2020/03/18 9:24 p.m.72 views

CVE-2020-10365

CVE-2020-10365 affects LogicalDOC before 8.3.3. The vulnerability is a SQL Injection in the document-list query, where the application builds the list of available documents by querying the database and some parameters are not properly sanitized. An authenticated attacker could leverage this to p...

6.5CVSS7.1AI score0.01255EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/03/18 9:24 p.m.14 views

CVE-2020-10365

LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary...

7.2AI score0.01255EPSS
Exploits1References1
CVE
CVE
added 2020/03/18 9:4 p.m.85 views

CVE-2020-9423

CVE-2020-9423 affects LogicalDOC before 8.3.3. The vulnerability stems from the document-add feature, which can be abused by an unauthenticated attacker to upload an arbitrary file into a restricted folder, enabling command execution with root privileges. The available sources describe the issue ...

10CVSS8.4AI score0.04885EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/03/18 9:4 p.m.27 views

CVE-2020-9423

LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users,...

9.1AI score0.04885EPSS
Exploits1References1
Core Security
Core Security
added 2020/03/18 12:0 a.m.36 views

LogicalDoc Virtual Appliance Multiple Vulnerabilities

Advisory ID Internal CORE-2020-004 1. Advisory Information Title: LogicalDoc Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2020-004 Date published: 2020-03-18 Date of last update: 2020-03-17 Vendors contacted: LogicalDoc Release mode: Coordinated release 2. Vulnerability...

10CVSS8.6AI score0.04885EPSS
Exploits2
Core Security
Core Security
added 2020/03/18 12:0 a.m.72 views

LogicalDoc Virtual Appliance Multiple Vulnerabilities

1. Advisory Information Title: LogicalDoc Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2019-004 Advisory URL: Date published: 2020-03-18 Date of last update: 2020-03-17 Vendors contacted: LogicalDoc Release mode: Coordinated release 2. Vulnerability Information Class: Unrestricted...

9.8CVSS8.9AI score0.04885EPSS
Exploits2
CNVD
CNVD
added 2019/05/31 12:0 a.m.2 views

LogicalDOC Path Traversal Vulnerability

LogicalDOC is a set of document management system developed using Java technology . The system has Lucene full-text search indexing and automatic import and other functions. A path traversal vulnerability exists in LogicalDOC Community Edition version 8.x prior to 8.2.1. The vulnerability stems...

7.1CVSS6.8AI score0.01309EPSS
Exploits1References1
NVD
NVD
added 2019/05/30 6:29 p.m.16 views

CVE-2019-9723

LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry...

7.1CVSS7AI score0.01309EPSS
Exploits1References1
OSV
OSV
added 2019/05/30 6:29 p.m.3 views

CVE-2019-9723

LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry...

7.1CVSS7.2AI score0.01309EPSS
Exploits1References1
Prion
Prion
added 2019/05/30 6:29 p.m.16 views

Path traversal

LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry...

5.5CVSS7AI score0.01309EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/05/30 5:33 p.m.15 views

CVE-2019-9723

LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry...

7AI score0.01309EPSS
Exploits1References1
CVE
CVE
added 2019/05/30 5:33 p.m.52 views

CVE-2019-9723

Summary: CVE-2019-9723 affects LogicalDOC Community Edition 8.x before 8.2.1. The vulnerability is a path traversal in the PluginRegistry that enables reading arbitrary files and creating directories outside the intended scope. Public sources in the connected set corroborate that the issue reside...

7.1CVSS6.9AI score0.01309EPSS
Exploits1References1Affected Software1
ripstech
ripstech
added 2019/03/26 11:27 a.m.31 views

LogicalDOC 8.2 Path Traversal Vulnerability

Impact In order to exploit this vulnerability an attacker needs to be an authenticated read-only user of the role guest. The attacker can read arbitrary files and create arbitrary directories on the server with the permissions of the user running the web server. It is recommended to update...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2018/02/13 12:0 a.m.14 views

LogicalDOC Detection (HTTP)

HTTP based detection of LogicalDOC. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.140769";...

7.4AI score
Exploits0References1
Packet Storm
Packet Storm
added 2018/02/12 12:0 a.m.24 views

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designe...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/02/12 12:0 a.m.30 views

LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness

LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designed to handle and share...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/02/12 12:0 a.m.26 views

LogicalDOC Enterprise 7.7.4 Directory Traversal

LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designed to handle...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/02/12 12:0 a.m.52 views

LogicalDOC Enterprise 7.7.4 Reflected Cross Site Scripting

history.pushState'', '', '/' input type="hid...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2018/02/12 12:0 a.m.24 views

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary:...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2018/02/12 12:0 a.m.22 views

LogicalDOC Enterprise 7.7.4 - Directory Traversal

LogicalDOC Enterprise 7.7.4 - Directory Traversal LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free...

Exploits0
Rows per page
Query Builder