OpenDocMan 1.2.6.1 - Cross-Site Request Forgery (Password Change)

Exploit Title: OpenDocMan Password Change CSRF Date: 22/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.opendocman.com/ Software Link: https://github.com/downloads/opendocman/opendocman/opendocman-1.2.6.1.tar.gz Version: 1.2.6.1 Gr33Tz: @aviadgolan , @benhayak,...

CVE-2011-3764

OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by UserPermsclass.php and certain other files...

Information disclosure

OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by UserPermsclass.php and certain other files...

CVE-2011-3764

CVE-2011-3764 affects OpenDocMan 1.2.6-svn-2011-01-21. The issue is an information-disclosure vulnerability where remote attackers can obtain sensitive data by directly requesting certain PHP files, causing error messages that reveal the installation path (e.g., User_Perms_class.php). There is no...

CVE-2011-3764

OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by UserPermsclass.php and certain other files...

OpenDocMan Multiple XSS and SQL Injection Vulnerabilities

This host is running OpenDocMan and is prone to multiple Cross-Site Scripting and SQL Injection vulnerabilities. OpenVAS Vulnerability Test $Id: secpodopendocmanxssnsqlinjvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ OpenDocMan Multiple XSS and SQL Injection Vulnerabilities Authors: Sharath S...

OpenDocMan Version Detection

This script detects the installed OpenDocMan version. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenDocMan Multiple XSS and SQL Injection Vulnerabilities

OpenDocMan is prone to multiple Cross-Site Scripting and SQL Injection vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Sql injection

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass aka Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-3801

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass aka Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-3801

OpenDocMan 1.2.5 is affected by a SQL injection in index.php triggered through the frmpass parameter, enabling remote attackers to execute arbitrary SQL commands. This is corroborated by multiple sources in the connected set (NVD entry and OpenVAS/Red Hat redundancy). Root cause centers on improp...

CVE-2009-3801

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass aka Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Sql injection

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser aka Username parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the lastmessage parameter to 1 add.php, 2 toBePublished.php, 3 index.php, and 4 admin.php; the PATHINFO to the default URI to 5 category.php, 6 department.php, 7...

CVE-2009-3788

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser aka Username parameter...

CVE-2009-3789

Multiple cross-site scripting XSS vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the lastmessage parameter to 1 add.php, 2 toBePublished.php, 3 index.php, and 4 admin.php; the PATHINFO to the default URI to 5 category.php, 6 department.php, 7...

CVE-2009-3789

Multiple cross-site scripting XSS vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the lastmessage parameter to 1 add.php, 2 toBePublished.php, 3 index.php, and 4 admin.php; the PATHINFO to the default URI to 5 category.php, 6 department.php, 7...

CVE-2009-3788

OpenDocMan 1.2.5 is affected by a SQL injection in index.php via the frmuser (Username) parameter, enabling remote attackers to alter the database by crafting input that leads to arbitrary SQL execution. The available documents identify the affected product/version and the vulnerable parameter bu...

CVE-2009-3789

OpenDocMan 1.2.5 is affected by multiple Cross-Site Scripting (XSS) vulnerabilities (CVE-2009-3789). The disclosed vectors include user-supplied data in last_message across endpoints (add.php, toBePublished.php, index.php, admin.php) and in PATH_INFO across several pages (category.php, department...

CVE-2009-3788

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser aka Username parameter...