Maarch
Products
3- 5 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1587 | 0.07 | — | 0.44 | Feb 19, 2015 | Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename… | |||
| CVE-2014-8995 | 0.03 | — | 0.02 | Nov 20, 2014 | SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | |||
| CVE-2022-37774 | 0.00 | — | 0.01 | Nov 22, 2022 | There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's… | |||
| CVE-2022-37773 | 0.00 | — | 0.01 | Nov 22, 2022 | An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases. | |||
| CVE-2019-15854 | 0.00 | — | 0.01 | Jan 17, 2020 | An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource. | |||
| CVE-2019-15855 | 0.00 | — | 0.02 | Jan 17, 2020 | An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service. | |||
| CVE-2006-5492 | 0.00 | — | 0.01 | Oct 25, 2006 | Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants." |
- CVE-2015-1587Feb 19, 2015risk 0.07cvss —epss 0.44
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename…
- CVE-2014-8995Nov 20, 2014risk 0.03cvss —epss 0.02
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
- CVE-2022-37774Nov 22, 2022risk 0.00cvss —epss 0.01
There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's…
- CVE-2022-37773Nov 22, 2022risk 0.00cvss —epss 0.01
An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases.
- CVE-2019-15854Jan 17, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource.
- CVE-2019-15855Jan 17, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service.
- CVE-2006-5492Oct 25, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants."