168 matches found
CVE-2014-2317
SQL injection vulnerability in ajaxudf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information...
Sql injection
SQL injection vulnerability in ajaxudf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the addvalue parameter...
Sql injection
SQL injection vulnerability in ajaxudf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information...
CVE-2014-2317
SQL injection vulnerability in ajaxudf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information...
CVE-2014-1945
OpenDocMan is affected by CVE-2014-1945: a SQL Injection in the ajax_udf.php script (parameter add_value) allows remote attackers to manipulate the database. Affected product/version: OpenDocMan before 1.2.7.2. Root cause: insufficient input validation in ajax_udf.php leading to arbitrary SQL exe...
CVE-2014-2317
The CVE-2014-2317 issue affects OpenDocMan prior to version 1.2.7.2, where an SQL injection vulnerability exists in ajax_udf.php that allows an attacker to manipulate the database via the table parameter. The vulnerability is described as remote SQL command execution with potential impact on conf...
CVE-2014-1945
SQL injection vulnerability in ajaxudf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the addvalue parameter...
OpenDocMan 1.2.7 SQL Injection / Access Control
Advisory ID: HTB23202 Product: OpenDocMan Vendor: Free Document Management Software Vulnerable Versions: 1.2.7 and probably prior Tested Version: 1.2.7 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Vendor Patch: February 24, 2014 Public...
OpenDocMan 1.2.7 - Multiple Vulnerabilities
Advisory ID: HTB23202 Product: OpenDocMan Vendor: Free Document Management Software Vulnerable Versions: 1.2.7 and probably prior Tested Version: 1.2.7 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Vendor Patch: February 24, 2014 Public...
OpenDocMan 1.2.7 - Multiple Vulnerabilities
OpenDocMan 1.2.7 - Multiple Vulnerabilities Advisory ID: HTB23202 Product: OpenDocMan Vendor: Free Document Management Software Vulnerable Versions: 1.2.7 and probably prior Tested Version: 1.2.7 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12,...
OpenDocMan 1.2.7 - Multiple Vulnerabilities
OpenDocMan versions 1.2.7 and below suffer from improper access control and remote SQL injection vulnerabilities. Product: OpenDocMan Vendor: Free Document Management Software Vulnerable Versions: 1.2.7 and probably prior Tested Version: 1.2.7 Advisory Publication: February 12, 2014 without...
OpenDocMan 'ajax_udf.php'多个SQL注入漏洞
Bugtraq ID:65775 CVE ID:CVE-2014-1945 OpenDocMan是一款开源基于WEB的文档管理系统。 对通过"addvalue" GET参数和"table" GET提交给ajaxudf.php的输入缺少充分过滤,允许攻击者利用漏洞进行SQL注入攻击,可获得敏感数据库信息或控制应用系统。 0 OpenDocMan 1.2.7.1 厂商补丁: OpenDocMan ----- OpenDocMan 1.2.7.2已经修复该漏洞,建议用户下载更新: http://www.opendocman.com...
Multiple Vulnerabilities in OpenDocMan
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenDocMan, which can be exploited to perform SQL Injection and gain administrative access to the application. 1 SQL Injection in OpenDocMan: CVE-2014-1945 The vulnerability exists due to insufficient validation of...
OpenDocMan 1.2.6.5 - Persistent XSS Vulnerability
Exploit for php platform in category web applications About the Application: ====================== OpenDocMan is a free, open source web-based PHP document management system DMS designed to comply with ISO 17025 and OIE standard for document management. It features web based access, fine grained...
OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting
OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting Exploit Title: OpenDocMan 1.2.6.5 Stored/Reflective XSS Date: 05/04/2013 Exploit Author: drone @dronesec More Exploit Information: Vendor Homepage: http://www.opendocman.com/ Software Link:...
OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting
Exploit Title: OpenDocMan 1.2.6.5 Stored/Reflective XSS Date: 05/04/2013 Exploit Author: drone @dronesec More Exploit Information: Vendor Homepage: http://www.opendocman.com/ Software Link: http://sourceforge.net/projects/opendocman/files/opendocman/1.2.6.5/opendocman-1.2.6.5.zip/download Version...
OpenDocMan 1.2.6.2 - 3 Vulnerabilities
1 - Unprotected id parameter ----------------------------- In check-in.php the id variable is not filtered so that one can put in additional SQL statements. I have been able to get a UNION SELECT query to run but I do not think it's exploitable because there is a second query that runs with the i...
OpenDocMan 1.2.6.1 - Cross-Site Request Forgery (Password Change)
OpenDocMan 1.2.6.1 - Cross-Site Request Forgery Password Change Exploit Title: OpenDocMan Password Change CSRF Date: 22/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.opendocman.com/ Software Link:...
OpenDocMan v1.2.6.1 Password Change CSRF
Exploit for php platform in category web applications Exploit Title: OpenDocMan Password Change CSRF Date: 22/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.opendocman.com/ Software Link: https://github.com/downloads/opendocman/opendocman/opendocman-1.2.6.1.tar.gz...
OpenDocMan 1.2.6.1 Cross Site Request Forgery
Exploit Title: OpenDocMan Password Change CSRF Date: 22/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.opendocman.com/ Software Link: https://github.com/downloads/opendocman/opendocman/opendocman-1.2.6.1.tar.gz Version: 1.2.6.1 Gr33Tz: @aviadgolan , @benhayak,...