Lucene search
K

99 matches found

Cvelist
Cvelist
added 2017/09/27 5:0 p.m.19 views

CVE-2017-14524

Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a 1 URL in the startat parameter to xda/help/en/default.htm or 2 /%09/ slash encoded horizontal tab slash...

6.4AI score0.0294EPSS
Exploits2References2
CVE
CVE
added 2017/09/27 5:0 p.m.67 views

CVE-2017-14527

CVE-2017-14527 affects OpenText Documentum Webtop 6.8.0160.0073. The vulnerability is an XML External Entity (XXE) injection in Webtop, triggered by crafted XML—specifically in a DTD within a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or via a crafted XML file in a Medi...

8.8CVSS8.3AI score0.01376EPSS
Exploits3References2Affected Software2
CVE
CVE
added 2017/09/27 5:0 p.m.62 views

CVE-2017-14525

CVE-2017-14525 concerns OpenText Documentum Webtop 6.8.0160.0073 with open redirect vulnerabilities. The issue allows remote attackers to redirect users to arbitrary sites via (1) the startat parameter in xda/help/en/default.htm or (2) a slash-encoded sequence followed by a domain in the redirect...

6.1CVSS6.3AI score0.00825EPSS
Exploits2References2Affected Software2
Packet Storm
Packet Storm
added 2017/09/27 12:0 a.m.68 views

OpenText Documentum Administrator / Webtop XXE Injection

Title: OpenText Documentum Administrator and Webtop - XML External Entity Injection Author: Jakub Palaczynski, Pawel Gocyla Date: 24. September 2017 CVE Administrator: CVE-2017-14526 CVE Webtop: CVE-2017-14527 Affected software: ================== Documentum Administrator Documentum Webtop Exploi...

0.01376EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/09/27 12:0 a.m.75 views

OpenText Documentum Administrator / Webtop Open Redirection

Title: OpenText Documentum Administrator and Webtop - Open Redirection Author: Jakub Palaczynski Date: 24. September 2017 CVE Administrator: CVE-2017-14524 CVE Webtop: CVE-2017-14525 Affected software: ================== Documentum Administrator Documentum Webtop Exploit was tested on:...

6.3AI score0.0294EPSS
Exploits2
0day.today
0day.today
added 2017/09/27 12:0 a.m.103 views

OpenText Documentum Administrator / Webtop XXE Injection Vulnerability

OpenText Documentum Administrator version 7.2.0180.0055 and Documentum Webtop version 6.8.0160.0073 suffer from XML external entity injection vulnerabilities. Title: OpenText Documentum Administrator and Webtop - XML External Entity Injection Author: Jakub Palaczynski, Pawel Gocyla Date: 24...

6.5CVSS9AI score0.01376EPSS
Exploits3
CNVD
CNVD
added 2017/09/27 12:0 a.m.8 views

OpenText Documentum Webtop XML External Entity Injection Vulnerability

OpenText Documentum Webtop is a suite of products from OpenText Canada that allow users to access Documentum repositories and content management services in standard browser applications. An XML external entity injection vulnerability exists in OpenText Documentum Webtop version 6.8.0160.0073. A...

8.8CVSS7.5AI score0.01376EPSS
Exploits3References1
0day.today
0day.today
added 2017/09/27 12:0 a.m.58 views

OpenText Documentum Administrator / Webtop Open Redirection Vulnerability

OpenText Documentum Administrator version 7.2.0180.0055 and Documentum Webtop version 6.8.0160.0073 suffer from an open redirection vulnerability. Title: OpenText Documentum Administrator and Webtop - Open Redirection Author: Jakub Palaczynski Date: 24. September 2017 CVE Administrator:...

5.8CVSS6.3AI score0.0294EPSS
Exploits2
CNVD
CNVD
added 2017/04/27 12:0 a.m.7 views

OpenText Documentum Remote Code Execution Vulnerability

OpenText Documentum Content Server formerly known as EMC Documentum Content Server is a content management service system from OpenText Canada. The system is mainly used to manage the Documentum content repository, you can create, modify and track documents and other operations. A remote code...

8.8CVSS8.3AI score0.04232EPSS
Exploits5References1
Prion
Prion
added 2017/04/25 2:59 p.m.23 views

Sql injection

OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dmbptransition docbase method with a user-created dmprocedure object,...

6.5CVSS8.9AI score0.04232EPSS
Exploits6References3
Packet Storm
Packet Storm
added 2017/04/25 12:0 a.m.219 views

OpenText Documentum Content Server SQL Injection

!/usr/bin/env python import socket import sys from os.path import basename from dctmpy.docbaseclient import DocbaseClient from dctmpy.obj.typedobject import TypedObject CIPHERS = "ALL:aNULL:!eNULL" def usage: print "usage:\n\t%s host port user password" % basenamesys.argv0 def main: if lensys.arg...

9CVSS0.4AI score0.04232EPSS
Exploits6
NVD
NVD
added 2017/04/21 2:59 a.m.21 views

CVE-2017-7220

OpenText Documentum Content Server allows superuser access via sysobjsave or save of a crafted object, followed by an unauthorized "UPDATE dmdbo.dmusers SET userprivileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-453...

9CVSS8.6AI score0.02032EPSS
Exploits3References3
Prion
Prion
added 2017/04/21 2:59 a.m.17 views

Design/Logic Flaw

OpenText Documentum Content Server allows superuser access via sysobjsave or save of a crafted object, followed by an unauthorized "UPDATE dmdbo.dmusers SET userprivileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-453...

9CVSS8.6AI score0.03127EPSS
Exploits5References3
Packet Storm
Packet Storm
added 2017/04/19 12:0 a.m.35 views

OpenText Documentum Content Server Privilege Evaluation

CVE-2017-7220-01.py: !/usr/bin/env python import socket import sys from os.path import basename from dctmpy.docbaseclient import DocbaseClient from dctmpy.obj.typedobject import TypedObject CIPHERS = "ALL:aNULL:!eNULL" def usage: print "usage:\n\t%s host port user password" % basenamesys.argv0 de...

0.8AI score0.02032EPSS
Exploits3
Prion
Prion
added 2017/02/22 4:59 p.m.22 views

Design/Logic Flaw

OpenText Documentum Content Server formerly EMC Documentum Content Server 7.3, when PostgreSQL Database is used and returntopresultsrowbased config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary...

6.5CVSS8.7AI score0.02012EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2017/02/22 4:59 p.m.30 views

CVE-2017-5586

OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...

9.8CVSS9.7AI score0.25326EPSS
Exploits5References3
Prion
Prion
added 2017/02/22 4:59 p.m.14 views

Design/Logic Flaw

OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...

7.5CVSS9.6AI score0.25326EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2017/02/22 4:0 p.m.32 views

CVE-2017-5586

OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...

9.7AI score0.25326EPSS
Exploits5References3
Packet Storm
Packet Storm
added 2017/02/16 12:0 a.m.222 views

OpenText Documentum Content Server 7.3 SQL Injection

CVE Identifier: CVE-2017-5585 Vendor: OpenText Affected products: OpenText Documentum Content Server 7.3 PostgreSQL builds only Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Fix: not available Description: Previously announced fix for...

6.3CVSS0.3AI score0.02012EPSS
Exploits2
Rows per page
Query Builder