CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1938 matches found

Prion•added 2017/10/03 1:29 a.m.•15 views

Xxe

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory...

7.5CVSS9.3AI score0.00464EPSS

Exploits1References2Affected Software1

Prion•added 2017/10/03 1:29 a.m.•10 views

Cross site scripting

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId...

4.3CVSS6.2AI score0.00301EPSS

Exploits3References2Affected Software1

Prion•added 2017/10/03 1:29 a.m.•14 views

Design/Logic Flaw

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to Arbitrary File Read: /xAdmin/html/cmdatasourcegroupxsd.jsp, parameter: xsddatasourceschemafile filename. In order for this vulnerability to be...

6.8CVSS6.4AI score0.00373EPSS

Exploits2References2Affected Software1

Cvelist•added 2017/10/02 5:0 p.m.•20 views

CVE-2017-14754

6.5AI score0.00373EPSS

Exploits2References2

CVE•added 2017/10/02 5:0 p.m.•60 views

CVE-2017-14758

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 is vulnerable to SQL Injection via /xAdmin/html/cm_doclist_view_uc.jsp with the documentId parameter. The vulnerability requires authentication to the application. Root cause: lack of prepared stateme...

8.8CVSS8.7AI score0.00329EPSS

Exploits6References3Affected Software1

Cvelist•added 2017/10/02 5:0 p.m.•22 views

CVE-2017-14756

6.3AI score0.00301EPSS

Exploits3References2

Cvelist•added 2017/10/02 5:0 p.m.•23 views

CVE-2017-14757

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an...

8.8AI score0.00329EPSS

Exploits6References3

Cvelist•added 2017/10/02 5:0 p.m.•29 views

CVE-2017-14758

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to SQL Injection: /xAdmin/html/cmdoclistviewuc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticat...

8.8AI score0.00329EPSS

Exploits6References3

CVE•added 2017/10/02 5:0 p.m.•50 views

CVE-2017-14754

Affected product: OpenText Document Sciences xPression (formerly EMC Document Sciences xPression), v4.5SP1 Patch 13 (and possibly older versions). Vulnerability type & cause: Arbitrary File Read due to a directory traversal flaw in the xsd_datasource_schema_file parameter used by /xAdmin/html/cm_...

6.8CVSS6.4AI score0.00373EPSS

Exploits2References2Affected Software1

CVE•added 2017/10/02 5:0 p.m.•43 views

CVE-2017-14756

OpenText Document Sciences xPression, v4.5SP1 Patch 13 (and older) is affected by CVE-2017-14756: a Cross-Site Scripting vulnerability in /xAdmin/html/Deployment (cat_id) that can inject JavaScript reflected to users. Exploitation requires user interaction and can be triggered remotely via crafte...

6.1CVSS6.2AI score0.00301EPSS

Exploits3References2Affected Software1

CVE•added 2017/10/02 5:0 p.m.•45 views

CVE-2017-14755

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 is vulnerable to Cross-Site Scripting via /xAdmin/html/XPressoDoc with the categoryId parameter. The CNVD entry confirms a remote attacker can inject arbitrary JavaScript to be reflected to users, ena...

6.1CVSS6.2AI score0.00301EPSS

Exploits3References2Affected Software1

CVE•added 2017/10/02 5:0 p.m.•47 views

CVE-2017-14759

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 is affected by an XML External Entity (XXE) vulnerability in the QuickDocHttpSoap11Endpoint SOAP service. An unauthenticated attacker can read directory listings or system files, or cause SSRF/Denial ...

9.8CVSS9.2AI score0.00464EPSS

Exploits1References2Affected Software1

CVE•added 2017/10/02 5:0 p.m.•66 views

CVE-2017-14757

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 is vulnerable to SQL Injection in /xDashboard/html/jobhistory/downloadSupportFile.action via jobRunId. An attacker must authenticate to exploit. Older versions might be affected. Attack could retrieve...

8.8CVSS8.7AI score0.00329EPSS

Exploits6References3Affected Software1

Cvelist•added 2017/10/02 5:0 p.m.•19 views

CVE-2017-14755

6.3AI score0.00301EPSS

Exploits3References2

Cvelist•added 2017/10/02 5:0 p.m.•14 views

CVE-2017-14759

9.4AI score0.00464EPSS

Exploits1References2

0day.today•added 2017/10/02 12:0 a.m.•36 views

OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection Vulnerability

Exploit for jsp platform in category web applications Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: ================== OpenText Document Sciences xPressio...

6.5CVSS8.7AI score0.00329EPSS

Exploits6

Exploit DB•added 2017/10/02 12:0 a.m.•65 views

OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection

Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression Exploit was...

8.8CVSS8.8AI score0.00329EPSS

Exploits6

0day.today•added 2017/10/02 12:0 a.m.•42 views

OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection Vulnerability

Exploit for jsp platform in category web applications Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText Document Sciences xPressio...

6.5CVSS0.2AI score0.00329EPSS

Exploits6

exploitpack•added 2017/10/02 12:0 a.m.•32 views

OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection

OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText...

6.5CVSS0.3AI score0.00329EPSS

Exploits6

exploitpack•added 2017/10/02 12:0 a.m.•31 views

OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection

OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: ================== OpenText...

6.5CVSS0.6AI score0.00329EPSS

Exploits6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by