logicaldoc enterprise vulnerabilities and exploits

(subscribe to this query)

The API used to interact with documents in the application contains a flaw that allows an authenticated malicious user to read the contents of files on the underlying operating system. An account with ‘read’ and ‘download’ privileges on at least one existi...

Logicaldoc Logicaldoc Community Logicaldoc Logicaldoc Enterprise

Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entri...

Logicaldoc Logicaldoc Community Logicaldoc Logicaldoc Enterprise

Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entrie...

Logicaldoc Logicaldoc Community Logicaldoc Logicaldoc Enterprise

Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack there...

Logicaldoc Logicaldoc Community Logicaldoc Logicaldoc Enterprise

Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof e...

Logicaldoc Logicaldoc Community Logicaldoc Logicaldoc Enterprise

The Automation Scripting functionality can be exploited by malicious users to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out t...

Logicaldoc Logicaldoc Community Logicaldoc Logicaldoc Enterprise

The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated malicious user to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An accoun...

Logicaldoc Logicaldoc Community Logicaldoc Logicaldoc Enterprise

There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security ...

Logicaldoc Logicaldoc Enterprise

LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name.

Logicaldoc Logicaldoc 8.7.3 Logicaldoc Logicaldoc 8.8.2

LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments.

Logicaldoc Logicaldoc 8.7.3 Logicaldoc Logicaldoc 8.8.2

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook