Filtered by vendor Opendocman
Subscriptions
Total
13 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2009-3801 | 1 Opendocman | 1 Opendocman | 2022-10-03 | N/A |
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2014-2317 | 1 Opendocman | 1 Opendocman | 2022-10-03 | N/A |
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information. | ||||
CVE-2014-4853 | 1 Opendocman | 1 Opendocman | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file. | ||||
CVE-2008-2788 | 1 Opendocman | 1 Opendocman | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | ||||
CVE-2021-45834 | 1 Opendocman | 1 Opendocman | 2022-03-25 | 9.8 Critical |
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution. | ||||
CVE-2014-1946 | 1 Opendocman | 1 Opendocman | 2019-04-26 | N/A |
OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php. | ||||
CVE-2006-5655 | 1 Opendocman | 1 Opendocman | 2018-10-17 | N/A |
SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
CVE-2008-2787 | 1 Opendocman | 1 Opendocman | 2018-10-11 | N/A |
Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter. | ||||
CVE-2011-3764 | 1 Opendocman | 1 Opendocman | 2017-08-29 | N/A |
OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other files. | ||||
CVE-2009-3789 | 1 Opendocman | 1 Opendocman | 2017-08-17 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php. | ||||
CVE-2009-3788 | 1 Opendocman | 1 Opendocman | 2017-08-17 | N/A |
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter. | ||||
CVE-2015-5625 | 1 Opendocman | 1 Opendocman | 2016-12-22 | N/A |
Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | ||||
CVE-2014-1945 | 1 Opendocman | 1 Opendocman | 2014-03-10 | N/A |
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. |
Page 1 of 1.