Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
document server vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-25830
A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker...
Onlyoffice Document Server
668
VMScore
CVE-2021-25831
A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacke...
Onlyoffice Document Server
668
VMScore
CVE-2021-25832
A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer.
Onlyoffice Document Server
383
VMScore
CVE-2022-24229
A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.
Onlyoffice Document Server
270
VMScore
CVE-2006-1786
Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote malicious users to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether th...
Adobe Document Server 6.0
2 EDB exploits
231
VMScore
CVE-2006-1788
Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote malicious users to more easily identify valid user IDs via brute force attacks.
Adobe Document Server 6.0
187
VMScore
CVE-2006-1785
Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the ven...
Adobe Document Server 6.0
231
VMScore
CVE-2006-1787
Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote malicious users to gain access to PDF files that are being processed within that session.
Adobe Document Server 6.0
668
VMScore
CVE-2020-11535
An issue exists in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit XML injection to enter an attacker-controlled parameter into the x2t binary, to rewrite this binary and/or libxcb.so.1, and execute code on a victim's server.
Onlyoffice Document Server 5.5.0
668
VMScore
CVE-2020-11536
An issue exists in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server.
Onlyoffice Document Server 5.5.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »