# COMPASS SECURITY ADVISORY http://www.csnc.ch/
########################################################################
##
#
# ID: COMPASS-2012-001
# Product: OpenKM Document Management System 5.1.7 [1]
# Vendor: OpenKM http://www.openkm.com/
# Subject: Privilege Escalation, Improper Access Control
# Risk: High
# Effect: Remotely exploitable
# Author: Cyrill Brunschwiler (cyrill.brunschwiler@csnc.ch)
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
########################################################################
##
#
# ID: COMPASS-2012-002
# Product: OpenKM Document Management System 5.1.7 [1]
# Vendor: OpenKM http://www.openkm.com/
# Subject: Cross-site Request Forgery based OS Command Execution
# Risk: High
# Effect: Remotely exploitable
# Author: Cyrill Brunschwiler (cyrill.brunschwiler@csnc.ch)
Description
-----------------------------------
TWiki® is a flexible, powerful, and easy to use enterprise wiki,
enterprise collaboration platform, and web application platform. It is
a Structured Wiki, typically used to run a project development space,
a document management system, a knowledge base, or any other groupware
tool, on an intranet, extranet or the Internet.
Details
-----------------------------------
Release: Public
[ SUMMARY ]
OpenDocMan is a free document management system (DMS) designed to
comply with ISO 17025 and OIE standard for document management. It
features web based access, fine grained control of access to files,
and automated install and upgrades.
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-2006
D. Fabian and L. Weichselbaum discovered a directory traversal
vulnerability in MyDMS, a open-source document management system based
on PHP and MySQL.
For the stable distribution (lenny), this problem has been fixed in
version 1.7.0-1+lenny1.
Description-----------------------------------TWiki® is a flexible,
powerful, and easy to use enterprise wiki,enterprise collaboration
platform, and web application platform. It isa Structured Wiki,
typically used to run a project development space,a document
management system, a knowledge base, or any other groupwaretool, on an
intranet, extranet or the Internet.
Details-----------------------------------TTWiki is affected by XSS
vulnerabilities in version 5.0.2.Example PoC url is as follows :
http://example.com/do/view/Main/Jump?create=on&newtopic=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%280x0051D1%29%3C/script%3E&template=WebCreateNewTopic&topicparent=3http://example.com/do/view/TWiki/ATasteOfTWiki?'"--></style></script><script>alert(0x002B48)</script>
Release: Public
[ SUMMARY ]
OpenDocMan is a free document management system (DMS) designed to
comply with ISO 17025 and OIE standard for document management. It
features web based access, fine grained control of access to files,
and automated install and upgrades.
L. Weichselbaum / SEC Consult / www.sec-consult.com
========================================================================
Vendor description:
-------------------
MyDMS is an open-source, web-based document management system (DMS)
written in PHP with a database backend. Originally coded by Markus
Westphal, MyDMS provides document meta-data, version control, security
and easy access to your documents.
source: http://sourceforge.net/projects/mydms/
- Unauthorized manipulation of data
Date: 25.03.2010
------------------------------------------------
EASY Enterprise is a widespread and popular document management system.
Release version 6.0f (Nov 24 2009 #1752) has been found vulnerable to multiple attacks, which affect the integrity and confidentiality of stored content, as well as a compromise of multitenancy.
- XSS, CI / Phishing
File: epctrl.jsp
Parameter: login
