EUVD-2004-1727

Malware in sbrugna...

EUVD-2004-1726

Malware in sbrugna...

CVE-2018-12941

This vulnerability allows remote attackers to execute arbitrary code in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to th...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to th...

CVE-2018-12939

A directory traversal flaw in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows an authenticated attacker to write to or potentially delete arbitrary files via a .. dot dot in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute arbitrary code by using...

CVE-2018-12942

SeedDMS (formerly LetoDMS/MyDMS) contains a SQL injection vulnerability in the Users management feature affecting versions before 5.1.8 . The flaw allows authenticated attackers to manipulate SQL queries on the application server, enabling extraction, modification, or deletion of data in the back...

CVE-2018-12941

SeedDMS is affected by a remote code execution/command injection vulnerability (CVE-2018-12941) prior to version 5.1.8. An authenticated user with Settings permissions can manipulate the Cache directory path (cacheDir) to inject arbitrary system commands via the Clear Cache workflow, enabling exe...

CVE-2018-12943

SeedDMS before 5.1.8 contains a cross-site scripting (XSS) vulnerability via the action URL parameter on every page that includes it, allowing remote attackers to inject arbitrary script or HTML. The issue is described consistently across multiple sources (NVD/CNVD), with the affected version ran...

CVE-2018-12940

SeedDMS before 5.1.8 has an unrestricted file upload in the file op/op.UploadChunks.php (parameter qqfile ). An authenticated attacker can upload a file with an executable extension, upload a malicious PHP payload, and execute OS commands from the web root. This vulnerability is documented as CVE...

CVE-2018-12944

SeedDMS (formerly LetoDMS/MyDMS) is affected by a persistent XSS in the Categories feature. The vulnerability is in the name field and affects SeedDMS versions prior to 5.1.8. Exploitation details are not provided in the available documents.

CVE-2012-4569

Multiple cross-site scripting XSS vulnerabilities in out/out.UsrMgr.php in LetoDMS formerly MyDMS before 3.3.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-4568

The vulnerability CVE-2012-4568 affects LetoDMS (formerly MyDMS) prior to version 3.3.8. Multiple cross-site request forgery (CSRF) flaws allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. The root cause is CSRF in the web application’s handling of aut...

CVE-2012-4570

Summary: CVE-2012-4570 affects LetoDMS (formerly MyDMS) up to version 3.3.7, due to an SQL injection in LetoDMS_Core/Core/inc.ClassDMS.php that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. What’s affected: LetoDMS (PHP+MySQL) deployments prior to 3.3.8. Root ...

CVE-2012-4567

LetoDMS (formerly MyDMS) before 3.3.8 contains multiple XSS vulnerabilities reachable via parameters in inc/inc.ClassUI.php and out/out.DocumentNotify.php. The issue, confirmed across CVE-2012-4567 entries, allows remote attackers to inject arbitrary scripts/HTML (no exploit details provided). Af...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the mydms package of the Debian GNU/Linux operating system can be exploited, leading to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by malicious individuals who have completed the...

Directory traversal

Multiple directory traversal vulnerabilities in SeedDMS formerly LetoDMS and MyDMS before 4.3.4 allow 1 remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. dot dot in the logname parameter to out/out.LogManagement.php or 2 remote attackers to...

CVE-2014-2278

SeedDMS (formerly LetoDMS/MyDMS) before 4.3.4 has an unrestricted file upload in op/op.AddFile2.php. An attacker can specify an executable extension via partitionIndex and, using CVE-2014-2279’s path traversal in fileId, upload and later access the file to gain remote code execution. The issue is...

MyDMS 1.4 - SQL Injection Vulnerability And Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10996/info MyDMS is reportedly susceptible to both a directory traversal vulnerability and an SQL injection vulnerability. The SQL injection vulnerability is present because a script improperly sanitizes user-supplied dat...

CVE-2014-2280

SeedDMS (formerly LetoDMS/MyDMS) before version 4.3.4 is affected by a reflected XSS in the search feature. The vulnerability arises from the query parameter used by the search, allowing attackers to inject arbitrary scripts/HTML that are returned without proper validation or sanitization. Public...

Debian: Security Advisory (DSA-2146-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...