Lucene search
K

5 matches found

NVD
NVD
added 2014/10/17 11:55 p.m.19 views

CVE-2014-2279

Multiple directory traversal vulnerabilities in SeedDMS formerly LetoDMS and MyDMS before 4.3.4 allow 1 remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. dot dot in the logname parameter to out/out.LogManagement.php or 2 remote attackers to...

6.4CVSS7.2AI score0.05205EPSS
Exploits3References6
CVE
CVE
added 2014/10/17 11:0 p.m.84 views

CVE-2014-2278

SeedDMS (formerly LetoDMS/MyDMS) before 4.3.4 has an unrestricted file upload in op/op.AddFile2.php. An attacker can specify an executable extension via partitionIndex and, using CVE-2014-2279’s path traversal in fileId, upload and later access the file to gain remote code execution. The issue is...

5.1CVSS7.7AI score0.03871EPSS
Exploits3References5Affected Software1
Cvelist
Cvelist
added 2014/10/17 11:0 p.m.32 views

CVE-2014-2278

Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS formerly LetoDMS and MyDMS before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it...

7.5AI score0.03871EPSS
Exploits3References5
0day.today
0day.today
added 2014/03/15 12:0 a.m.46 views

SeedDMS XSS / Traversal / Shell Upload Vulnerabilities

SeedDMS versions prior to 4.3.4 suffer from cross site scripting, remote shell upload, and path traversal vulnerabilities. Product description: ============ SeedDMS is the continuation of LetoDMS because it has lost its main developer. SeedDMS is an easy to use but powerful Open Source Document...

6.4CVSS6.5AI score0.05205EPSS
Exploits4
Packet Storm
Packet Storm
added 2014/03/14 12:0 a.m.40 views

SeedDMS XSS / Traversal / Shell Upload

Product description: ============ SeedDMS is the continuation of LetoDMS because it has lost its main developer. SeedDMS is an easy to use but powerful Open Source Document Management System. http://www.seeddms.org/index.php?id=2 ============ SeedDMS Unprivileged User Remote Code Execution...

6.4CVSS0.05205EPSS
Exploits4
Rows per page
Query Builder