Vulnerabilities > Newgensoft

DATE CVE VULNERABILITY TITLE RISK
2020-12-30 CVE-2020-35737 Unspecified vulnerability in Newgensoft Egov 12.0
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
network
low complexity
newgensoft
5.0
2019-08-21 CVE-2018-17791 Incorrect Resource Transfer Between Spheres vulnerability in Newgensoft Omniflow Intelligent Business Process Suite 7.0
Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business confusion.
network
low complexity
newgensoft CWE-669
5.0
2011-09-27 CVE-2011-3645 Permissions, Privileges, and Access Controls vulnerability in Newgensoft Omnidocs
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.
network
low complexity
newgensoft CWE-264
7.5
2010-02-23 CVE-2010-0701 SQL Injection vulnerability in Newgensoft Omnidocs
SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
newgensoft CWE-89
7.5