4 matches found
CVE-2014-2279
CVE-2014-2279 and CVE-2014-2278 affect SeedDMS (formerly LetoDMS/MyDMS) up to version 4.3.3. CVE-2014-2279: Directory traversal via logname in /out/out.LogManagement.php allows read access to arbitrary local files for remote authenticated users with LogManagement access. CVE-2014-2278: Unrestrict...
SeedDMS 'out.LogManagement.php'目录遍历漏洞
Bugtraq ID:66256 CVE ID:CVE-2014-2279 SeedDMS是一个强大易用的文档管理系统。 SeedDMS /out/out.LogManagement.php脚本不正确过滤'logname'参数数据,允许攻击者利用漏洞提交目录遍历序列,以WEB权限查看系统文件内容。 0 SeedDMS 4.3.3 SeedDMS 4.3.4已经修复该漏洞,建议用户下载更新: https://sourceforge.net/projects/seeddms/files/seeddms-4.3.4/...
SeedDMS XSS / Traversal / Shell Upload Vulnerabilities
SeedDMS versions prior to 4.3.4 suffer from cross site scripting, remote shell upload, and path traversal vulnerabilities. Product description: ============ SeedDMS is the continuation of LetoDMS because it has lost its main developer. SeedDMS is an easy to use but powerful Open Source Document...
SeedDMS XSS / Traversal / Shell Upload
Product description: ============ SeedDMS is the continuation of LetoDMS because it has lost its main developer. SeedDMS is an easy to use but powerful Open Source Document Management System. http://www.seeddms.org/index.php?id=2 ============ SeedDMS Unprivileged User Remote Code Execution...