document management
Release: Public
[ SUMMARY ]
OpenDocMan is a free document management system (DMS) designed to
comply with ISO 17025 and OIE standard for document management. It
features web based access, fine grained control of access to files,
and automated install and upgrades.
Release: Public
[ SUMMARY ]
OpenDocMan is a free document management system (DMS) designed to
comply with ISO 17025 and OIE standard for document management. It
features web based access, fine grained control of access to files,
and automated install and upgrades.
Description-----------------------------------TWiki® is a flexible,
powerful, and easy to use enterprise wiki,enterprise collaboration
platform, and web application platform. It isa Structured Wiki,
typically used to run a project development space,a document
management system, a knowledge base, or any other groupwaretool, on an
intranet, extranet or the Internet.
Details-----------------------------------TTWiki is affected by XSS
vulnerabilities in version 5.0.2.Example PoC url is as follows :
http://example.com/do/view/Main/Jump?create=on&newtopic=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%280x0051D1%29%3C/script%3E&template=WebCreateNewTopic&topicparent=3http://example.com/do/view/TWiki/ATasteOfTWiki?'"--></style></script><script>alert(0x002B48)</script>
Description
-----------------------------------
TWiki® is a flexible, powerful, and easy to use enterprise wiki,
enterprise collaboration platform, and web application platform. It is
a Structured Wiki, typically used to run a project development space,
a document management system, a knowledge base, or any other groupware
tool, on an intranet, extranet or the Internet.
Details
-----------------------------------
- Unauthorized manipulation of data
Date: 25.03.2010
------------------------------------------------
EASY Enterprise is a widespread and popular document management system.
Release version 6.0f (Nov 24 2009 #1752) has been found vulnerable to multiple attacks, which affect the integrity and confidentiality of stored content, as well as a compromise of multitenancy.
- XSS, CI / Phishing
File: epctrl.jsp
Parameter: login
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-2006
D. Fabian and L. Weichselbaum discovered a directory traversal
vulnerability in MyDMS, a open-source document management system based
on PHP and MySQL.
For the stable distribution (lenny), this problem has been fixed in
version 1.7.0-1+lenny1.
*** SUMMARY ***
Plunet BusinessManager is a powerful software for traslation companies, that
offers on a single platform a solution to handle customers, traslators,
document management, data, order management e processing.
Since Plunet BusinessManager suffers of incorrect validation of some input
forms, Stored Cross Site Scripting attacks are allowed.
Moreover customers and traslators can access data and file not related to
them.
I. BACKGROUND
---------------------
"Novell GroupWise is a messaging and collaborative software platform that
supports email, calendaring, personal information management, instant
messaging, and document management." (Wikipedia)
II. DESCRIPTION
---------------------
L. Weichselbaum / SEC Consult / www.sec-consult.com
========================================================================
Vendor description:
-------------------
MyDMS is an open-source, web-based document management system (DMS)
written in PHP with a database backend. Originally coded by Markus
Westphal, MyDMS provides document meta-data, version control, security
and easy access to your documents.
source: http://sourceforge.net/projects/mydms/
Afian is an application that can add, in just minutes, powerful document management capabilities to any Web server. It provides an Web-based interface for documents residing on the Web server's file system.
This software has a secutity hole allow attackers download any files if they know the path.
Vendor: afian.com
Vulnerabilities: Bypass + Fullpath Disclosure + Local File Inclusion.
Version: Unknown (maybe 2.x.x)
Demo: http://demo.afian.com
Exploit:
I. BACKGROUND
---------------------
"Novell GroupWise is a messaging and collaborative software platform that
supports email, calendaring, personal information management, instant
messaging, and document management." (Wikipedia)
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
I. BACKGROUND
---------------------
"Novell GroupWise is a messaging and collaborative software platform that
supports email, calendaring, personal information management, instant
messaging, and document management." (Wikipedia)
II. DESCRIPTION
---------------------
Exploit Title: Multiple Vulnerability in "Omnidocs"
Author: Sohil Garg
CVE : CVE-2011-3645
Product Description:
OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and
contents. Also integrates seamlessly with other enterprise applications.
Vulnerability Details:
1.Vulnerbility Type
(used for updates)
Summary:
"IT Operations Portal: a complete open source, ITIL, web based
service management tool including a fully customizable CMDB,
a helpdesk system and a document management tool."
Several common flaws could be found in iTop like reflected
and stored XSS.
Vulnerable Scripts:
I. BACKGROUND
----------------------
Novell GroupWise is a complete collaboration software solution that
provides information workers with e-mail, calendaring, instant
messaging, task management, and contact and document management
functions. The leading alternative to Microsoft Exchange, GroupWise
has long been praised by customers and industry watchers for its
security and reliability.
http://www.novell.com/products/groupwise/
===========
Description
===========
Microsoft SharePoint is a browser-based collaboration and document
management platform. It can be used to host web sites that access shared
workspaces and documents, as well as specialized applications like wikis
and blogs from a browser.
It was found that the download facility of Microsoft SharePoint Team
Services can be abused to reveal the source code of ASP.NET files.
I. BACKGROUND
---------------------
"Novell GroupWise is a messaging and collaborative software platform that
supports email, calendaring, personal information management, instant
messaging, and document management." (Wikipedia)
II. DESCRIPTION
---------------------
*** SUMMARY ***
Plunet BusinessManager is a powerful software for traslation companies, that
offers on a single platform a solution to handle customers, traslators,
document management, data, order management e processing.
Since Plunet BusinessManager suffers of incorrect validation of some input
forms, Stored Cross Site Scripting attacks are allowed.
Moreover customers and traslators can access data and file not related to
them.
|
