168 matches found
OpenDocMan 1.2.5 view_file.php XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
OpenDocMan 1.2.5 add.php last_message Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
OpenDocMan 1.2.5 toBePublished.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
OpenDocMan 1.2.5 index.php last_message Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
OpenDocMan 1.2.5 profile.php XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
OpenDocMan 1.2.5 rejects.php XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
OpenDocMan 1.2.5 search.php XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
OpenDocMan 1.x - 'out.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29765/info OpenDocMan is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
OpenDocMan 1.2.5 user.php XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
OpenDocMan 1.2.6.5 - Persistent XSS Vulnerability
No description provided by source. Exploit Title: OpenDocMan 1.2.6.5 Stored/Reflective XSS Date: 05/04/2013 Exploit Author: drone @dronesec More Exploit Information: Vendor Homepage: http://www.opendocman.com/ Software Link:...
OpenDocMan 1.2.6.1 - Password Change CSRF
No description provided by source. Exploit Title: OpenDocMan Password Change CSRF Date: 22/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.opendocman.com/ Software Link: https://github.com/downloads/opendocman/opendocman/opendocman-1.2.6.1.tar.gz Version: 1.2.6.1 Gr33Tz:...
OpenDocMan 1.2.7 - Multiple Vulnerabilities
No description provided by source...
OpenDocMan 1.2.5 xss, SQL injection
No description provided by source. Security Advisory : Multiple vulnerabilities in OpenDocMan Discovered by == Amol Naik amolnaik4atgmail.com Overview -------------- OpenDocMan is a free document management system DMS designed to comply with ISO 17025 and OIE standard for document management. It...
OpenDocMan 1.2.5 admin.php last_message Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
OpenDocMan 1.2.5 department.php XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
OpenDocMan 1.2.5 category.php XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
Multiple Vulnerabilities in OpenDocMan
Advisory ID: HTB23202 Product: OpenDocMan Vendor: Free Document Management Software Vulnerable Versions: 1.2.7 and probably prior Tested Version: 1.2.7 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Vendor Patch: February 24, 2014 Public...
OpenDocMan 'ajax_udf.php' Multiple SQL Injection Vulnerabilities
OpenDocMan is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
OpenDocMan不正确访问控制漏洞
CVE ID:CVE-2014-1946 OpenDocMan是一款开源基于WEB的文档管理系统。 由于在更新用户的个人资料时“/ signup.php”脚本允许的动作未充分验证,远程身份验证的攻击者可以分配管理权限和完全控制应用程序。 0 OpenDocMan 1.2.7 厂商补丁: OpenDocMan ----- OpenDocMan 1.2.7.2已经修复该漏洞,建议用户下载更新: http://www.opendocman.com The exploitation example below assigns administrative privileges for the...
CVE-2014-1945
SQL injection vulnerability in ajaxudf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the addvalue parameter...