CVE-2014-4639

EMC Documentum Web Development Kit WDK before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value...

CVE-2014-4637

Open redirect vulnerability in EMC Documentum Web Development Kit WDK before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter...

CVE-2014-4638

EMC Documentum Web Development Kit WDK before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors...

CVE-2014-4636

Cross-site request forgery CSRF vulnerability in EMC Documentum Web Development Kit WDK before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations...

CVE-2014-4635

Multiple cross-site scripting XSS vulnerabilities in EMC Documentum Web Development Kit WDK before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in EMC Documentum Web Development Kit WDK before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Design/Logic Flaw

EMC Documentum Web Development Kit WDK before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value...

Open redirect

Open redirect vulnerability in EMC Documentum Web Development Kit WDK before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter...

CVE-2014-4639

CVE-2014-4639 affects EMC Documentum Web Development Kit (WDK) before 6.8. The issue is insufficient randomness in a Webtop component parameter, enabling remote attackers to predict the parameter and carry out phishing via brute-force attempts. The ESA-2014-180 advisory lists this under multiple ...

CVE-2014-4638

EMC Documentum Web Development Kit WDK before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors...

Multiple Cross-Site Scripting Vulnerabilities in EMC Documentum Web Development Kit (WDK)

The EMC Documentum Web Development Kit WDK is a Web development kit. The EMC Documentum Web Development Kit WDK contains multiple cross-site scripting vulnerabilities that could be exploited by an attacker to execute arbitrary script code in a browser without the user's knowledge in an affected...

Unspecified Framework Injection Vulnerability in EMC Documentum Web Development Kit (WDK)

The EMC Documentum Web Development Kit WDK is a Web development kit. An unspecified frame injection vulnerability exists in EMC Documentum Web Development Kit WDK, which can be exploited by attackers to conduct phishing attacks...

EMC Documentum Web Development Kit (WDK) URL Redirection Vulnerability

The EMC Documentum Web Development Kit WDK is a Web development kit. The EMC Documentum Web Development Kit WDK contains a URL redirection vulnerability that can be exploited by an attacker to construct URLs that contain malicious Web sites, which may be redirected to an attacker-controlled Web...

Hacker Leaks Xbox One SDK that could let Developers make Homebrew Apps

Just a week ago on Christmas, the massive Distributed Denial of Service DDoS attack from the notorious hacking group Lizard Squad knocked Sony’s PlayStation Network and Microsoft’s Xbox Live offline, but as if it wasn't the end of disaster for Microsoft. This time it isn't a case of services bein...

OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509)

It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source...

JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532...

RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2014:0908)

Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

java security update

CentOS Errata and Security Advisory CESA-2014:1636 Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...

JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532...

JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...