5 matches found
CVE-2014-2279
Multiple directory traversal vulnerabilities in SeedDMS formerly LetoDMS and MyDMS before 4.3.4 allow 1 remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. dot dot in the logname parameter to out/out.LogManagement.php or 2 remote attackers to...
CVE-2014-2278
SeedDMS (formerly LetoDMS/MyDMS) before 4.3.4 has an unrestricted file upload in op/op.AddFile2.php. An attacker can specify an executable extension via partitionIndex and, using CVE-2014-2279’s path traversal in fileId, upload and later access the file to gain remote code execution. The issue is...
CVE-2014-2278
Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS formerly LetoDMS and MyDMS before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it...
SeedDMS XSS / Traversal / Shell Upload Vulnerabilities
SeedDMS versions prior to 4.3.4 suffer from cross site scripting, remote shell upload, and path traversal vulnerabilities. Product description: ============ SeedDMS is the continuation of LetoDMS because it has lost its main developer. SeedDMS is an easy to use but powerful Open Source Document...
SeedDMS XSS / Traversal / Shell Upload
Product description: ============ SeedDMS is the continuation of LetoDMS because it has lost its main developer. SeedDMS is an easy to use but powerful Open Source Document Management System. http://www.seeddms.org/index.php?id=2 ============ SeedDMS Unprivileged User Remote Code Execution...