9 matches found
OpenDocMan 1.2.5 index.php last_message Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
OpenDocMan 1.2.5 admin.php last_message Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
CVE-2009-3801
OpenDocMan 1.2.5 is affected by a SQL injection in index.php triggered through the frmpass parameter, enabling remote attackers to execute arbitrary SQL commands. This is corroborated by multiple sources in the connected set (NVD entry and OpenVAS/Red Hat redundancy). Root cause centers on improp...
CVE-2009-3789
Multiple cross-site scripting XSS vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the lastmessage parameter to 1 add.php, 2 toBePublished.php, 3 index.php, and 4 admin.php; the PATHINFO to the default URI to 5 category.php, 6 department.php, 7...
OpenDocMan 1.2.5 - 'user.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based...
OpenDocMan 1.2.5 - department.php Cross-Site Scripting
OpenDocMan 1.2.5 - department.php Cross-Site Scripting source: https://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues...
OpenDocMan 1.2.5 xss SQL injection
No description provided by source. Security Advisory : Multiple vulnerabilities in OpenDocMan Discovered by == Amol Naik amolnaik4atgmail.com Overview -------------- OpenDocMan is a free document management system DMS designed to comply with ISO 17025 and OIE standard for document management. It...
Cross site scripting
Cross-site scripting XSS vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the lastmessage parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter...