Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
document server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-37290
InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated malicious users to load remote or local resources through HTML tags such as iframe. This vulner...
Infodoc Document On-line Submission And Approval System 22567
Infodoc Document On-line Submission And Approval System 22547
6.5
CVSSv2
CVE-2007-3255
Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) prior to 5.0.25.8, and 6.x prior to 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP...
Xythos Enterprise Document Manager
NA
CVE-2023-49108
Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges.
Sei-info Rakrak Document Plus
6.5
CVSSv2
CVE-2021-4225
The SP Project & Document Manager WordPress plugin prior to 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file exte...
Smartypantsplugins Sp Project & Document Manager
6.5
CVSSv2
CVE-2021-24347
The SP Project & Document Manager WordPress plugin prior to 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It exists that php files...
Smartypantsplugins Sp Project & Document Manager
5
CVSSv2
CVE-2001-0748
Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote malicious users to read arbitrary files by prepending several / (slash) characters to the URI.
Acme Labs Acme Server 1.7
1 EDB exploit
7.5
CVSSv2
CVE-2005-0063
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote malicious users to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), a...
Microsoft Windows Xp
Microsoft Windows 2003 Server Web
Microsoft Windows 2003 Server Enterprise
Microsoft Windows 2000
Microsoft Windows 98se
Microsoft Windows Me
Microsoft Windows 2003 Server Standard
Microsoft Windows 98
Microsoft Windows 2003 Server R2
1 EDB exploit
9.3
CVSSv2
CVE-2015-0064
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote malicious users to execute arbitrary code or cause a denial of service (memory corru...
Microsoft Web Applications 2010
Microsoft Office Compatibility Pack
Microsoft Word Automation Services -
Microsoft Word 2010
Microsoft Word Viewer
Microsoft Word 2007
Microsoft Office 2010
Microsoft Sharepoint Server 2010
1 EDB exploit
9.3
CVSSv2
CVE-2007-4607
Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote malicious users to execute arbitrary code via a long argument to the SubmitToExpress method, a ...
Quicksoft Easymail Objects
Gate Comm Software Postcast Server Pro 3.0.61
2 EDB exploits
1 Github repository
7.5
CVSSv2
CVE-2005-1367
Pico Server (pServ) 3.2 and previous versions allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root.
Pico Server Pico Server 3.0
Pico Server Pico Server 3.2
Pico Server Pico Server 3.0 Beta 3
Pico Server Pico Server 3.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »