CVE-2021-45834

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution...

CVE-2014-2317

SQL injection vulnerability in ajaxudf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information...

CVE-2014-4853

Cross-site scripting XSS vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file...

CVE-2008-2788

Cross-site scripting XSS vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter...

CVE-2009-3801

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass aka Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2021-45834

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution...

CVE-2021-45834

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution...

Design/Logic Flaw

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution...

CVE-2021-45834

OpenDocMan 1.4.4 is affected by CVE-2021-45834 via add.php, where lack of file-upload restrictions enables MIME-bypass and may allow uploading or transferring dangerous file types. This could be automatically processed in the product environment and potentially lead to arbitrary code execution. R...

CVE-2021-45834

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution...

OpenDocMan Document Management System 1.3.5 Database Disclosure

Exploit Title : OpenDocMan Document Management System 1.3.5 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/04/2019 Vendor Homepage : opendocman.com Software Download Link : opendocman.com/free-download/...

OpenDocMan 1.3.4 - search.php where SQL Injection

OpenDocMan 1.3.4 - search.php where SQL Injection =========================================================================================== Exploit Title: OpenDocMan 1.3.4 - ’where’ SQL Injection CVE: N/A Date: 05/03/2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

OpenDocMan 1.3.4 - (search.php where) SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: OpenDocMan 1.3.4 - ’where’ SQL Injection Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

OpenDocMan 1.3.4 SQL Injection

=========================================================================================== Exploit Title: OpenDocMan 1.3.4 - awherea SQL Injection CVE: N/A Date: 05/03/2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/opendocman/files/ Software Link:...

Design/Logic Flaw

OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php...

CVE-2014-1946

OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php...

CVE-2014-1946

OpenDocMan vulnerability CVE-2014-1946 affects OpenDocMan versions 1.2.7 and earlier. The issue is improper access control in signup.php, where insufficient validation of allowed actions lets a remote authenticated user assign administrative privileges to their account. The advisory confirms the ...

CVE-2014-1946

OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php...

OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability

Document Title: =============== OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1868 Release Date: ============= 2016-07-04 Vulnerability Laboratory ID VL-ID: ==================================== 186...

OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability

Document Title: =============== OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1868 Release Date: ============= 2016-07-03 Vulnerability Laboratory ID VL-ID: ==================================== 186...