211 matches found
CVE-2025-8532 IDOR in Bimser's eBA Document and Workflow Management System
Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing. This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166...
CVE-2025-56289
code-projects Document Management System 1.0 has a Cross Site Scripting XSS vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding files...
Code-Projects Document Management System 安全漏洞
Code-Projects Document Management System is an open source document management system from Code-Projects. A security vulnerability exists in Code-Projects Document Management System version 1.0, which stems from a failure to filter malicious cross-site scripting code in the Company field when...
CVE-2025-56289
CVE-2025-56289 affects Code-Projects Document Management System v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by failure to filter yet in the Company field during file uploads, allowing an attacker to exfiltrate the administrator’s cookies. Reported impact is limited to cook...
PT-2025-37995
Name of the Vulnerable Software and Affected Versions: code-projects Document Management System version 1.0 Description: The Document Management System contains a Cross Site Scripting XSS flaw. An attacker can exploit this issue to leak an administrator's cookie information by injecting malicious...
CVE-2025-56289
code-projects Document Management System 1.0 has a Cross Site Scripting XSS vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding files...
Linux Distros Unpatched Vulnerability : CVE-2020-13240
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions...
CVE-2025-8853
Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user...
CVE-2025-8853
Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user...
CVE-2025-8853
CVE-2025-8853 concerns the Official Document Management System by 2100 Technology, which has an authentication bypass vulnerability. An unauthenticated remote attacker can obtain a user’s connection token and use it to log in as that user, enabling full access. CVSS metrics indicate CRITICAL impa...
CVE-2025-8853 2100 Technology|Official Document Management System - Authentication Bypass
Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user...
CVE-2025-8853 2100 Technology|Official Document Management System - Authentication Bypass
Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user...
PT-2025-32533
Name of the Vulnerable Software and Affected Versions: Official Document Management System affected versions not specified Description: The Official Document Management System developed by 2100 Technology has an authentication bypass issue. This allows unauthenticated remote attackers to obtain a...
2100 TECHNOLOGY Electronic Official Document Management System 安全漏洞
2100 TECHNOLOGY Electronic Official Document Management System is an electronic office document management system from 2100 TECHNOLOGY, a China-based company. A security vulnerability exists in the 2100 TECHNOLOGY Electronic Official Document Management System, which originates from an...
CVE-2025-8433
A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to...
CVE-2025-8433
A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to...
CVE-2025-8433
A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to...
CVE-2025-8433 code-projects Document Management System dell.php unlink path traversal
A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to...
CVE-2025-8433 code-projects Document Management System dell.php unlink path traversal
A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to...
CVE-2025-8433
CVE-2025-8433 affects code-projects Document Management System 1.0 in the dell.php unlink function. The issue arises from manipulating the ID argument, enabling path traversal via the which parameter and potentially allowing deletion of arbitrary server files. Exploitation has been publicly discl...