1938 matches found
CVE-2017-14960
xDashboard in OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 has SQL Injection...
CVE-2017-14960
CVE-2017-14960 affects EMC OpenText/Document Sciences xPression xDashboard. The vulnerability is a SQL Injection in xDashboard (v4.5SP1 Patch 13) via the parameter model.jobHistoryId used in jobDocHistoryList.action, enabling an attacker to retrieve data from the underlying database. The issue is...
CVE-2017-14960
xDashboard in OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 has SQL Injection...
OpenText Document Sciences xPression xDashboard SQL Injection Vulnerability
OpenText Document Sciences xPression formerly EMC Document Sciences xPression is a suite of document output management and customer communication solutions from OpenText Canada, Inc. The solution integrates an organization's Customer Relationship Management CRM, Enterprise Content Management ECM,...
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of PUTFILE RPC-command which allows any authenticated user to hijack arbitrary...
OpenText Documentum Content Server - dmr_content Privilege Escalation
OpenText Documentum Content Server - dmrcontent Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server stores...
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of PUTFILE RPC-command which allows any authenticated user to hijack arbitrary file from Content Server filesystem, because some files on Content Server...
OpenText Documentum Content Server - Privilege Escalation
!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server allows to upload content using batches TAR archives, when unpacking TAR archives...
OpenText Documentum Content Server - Arbitrary File Download
OpenText Documentum Content Server - Arbitrary File Download !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to download arbitrary content files regardless attacker's repository...
The vulnerability of the administration tool for electronic document management systems like OpenText Documentum Administrator arises from improper restrictions on XML references to external objects. This allows attackers to read arbitrary files or trigger service failures.
The vulnerability of the OpenText Documentum Administrator, a system administration tool, is related to an improper limitation on XML references to external objects XML External Entity, XXE. Exploiting this vulnerability could allow a malicious actor to read arbitrary files remotely, cause servic...
OpenText Documentum Content Server - 'dmr_content' Privilege Escalation
!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server stores information about uploaded files in dmrcontent objects, which are queryable...
The vulnerability in the web interface that provides access to the OpenText Documentum Webtop repository is related to incorrect restrictions on XML links to external objects. This allows attackers to read arbitrary files or cause service failures.
The vulnerability in the web interface that provides access to the OpenText Documentum Webtop repository is related to an improper limitation on XML references to external objects XML External Entity, XXE. Exploiting this vulnerability could allow a malicious actor to read arbitrary files remotel...
OpenText Documentum Content Server - Arbitrary File Download
!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to download arbitrary content files regardless attacker's repository permissions: when authenticated user upload content to...
OpenText Documentum Content Server Elevation of Privilege Vulnerability
OpenText Documentum Content Server formerly known as EMC Documentum Content Server is a content management service system from OpenText Canada. The system is mainly used to manage the Documentum content repository, you can create, modify and track documents and other operations. An elevation of...
Opentext Documentum Content Server File Download Vulnerability
OpenText Documentum Content Server formerly known as EMC Documentum Content Server is a content management service system from OpenText Canada. The system is mainly used to manage the Documentum content repository, you can create, modify and track documents and other operations. A file download...
Opentext Documentum Content Server elevation of privilege vulnerability (CNVD-2017-30838)
OpenText Documentum Content Server formerly known as EMC Documentum Content Server is a content management service system from OpenText Canada. The system is mainly used to manage the Documentum content repository, you can create, modify and track documents and other operations. An elevation of...
Opentext Documentum Content Server File Download Exploit
Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains a design gap that allows authenticated user to download arbitrary content files regardless of the attacker's repository permissions. !/usr/bin/env python Opentext Documentum Content Server formerly known a...
Opentext Documentum Content Server Privilege Escalation Exploit
Exploit for multiple platform in category web applications !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server allows to upload conten...
Opentext Documentum Content Server File Hijack / Privilege Escalation Exploit
Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of the PUTFILE RPC command which allows any authenticated user to hijack arbitrary file from the Content Server filesystem. Because some files on the Content Server filesystem are...
Opentext Documentum Content Server Privilege Escalation Exploit
Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains a design gap that allows any authenticated user the ability to replace content of security-sensitive dmrcontent objects for example, dmrcontent related to dmmethod objects and gain superuser privileges...