CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1938 matches found

Prion•added 2017/09/28 1:29 a.m.•20 views

Xxe

Multiple XML external entity XXE vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a 1 crafted DTD,...

6.5CVSS8.4AI score0.00558EPSS

Exploits3References2Affected Software2

Cvelist•added 2017/09/27 5:0 p.m.•23 views

CVE-2017-14525

Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a 1 URL in the startat parameter to xda/help/en/default.htm or 2 /%09/ slash encoded horizontal tab slash followed by...

6.4AI score0.0018EPSS

Exploits2References2

Cvelist•added 2017/09/27 5:0 p.m.•27 views

CVE-2017-14526

Multiple XML external entity XXE vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a 1 crafted DT...

8.5AI score0.00646EPSS

Exploits2References2

CVE•added 2017/09/27 5:0 p.m.•63 views

CVE-2017-14527

CVE-2017-14527 affects OpenText Documentum Webtop 6.8.0160.0073. The vulnerability is an XML External Entity (XXE) injection in Webtop, triggered by crafted XML—specifically in a DTD within a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or via a crafted XML file in a Medi...

8.8CVSS8.3AI score0.00558EPSS

Exploits3References2Affected Software2

CVE•added 2017/09/27 5:0 p.m.•64 views

CVE-2017-14526

CVE-2017-14526 affects OpenText Documentum Administrator 7.2.0180.0055 with XML External Entity (XXE) vulnerabilities. Remote authenticated users can cause DoS, read arbitrary files, or list directory contents, and on Windows may obtain Documentum user hashes via crafted DTDs or XML in specific t...

8.8CVSS8.3AI score0.00646EPSS

Exploits2References2Affected Software2

Cvelist•added 2017/09/27 5:0 p.m.•23 views

CVE-2017-14527

8.5AI score0.00558EPSS

Exploits3References2

Cvelist•added 2017/09/27 5:0 p.m.•15 views

CVE-2017-14524

Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a 1 URL in the startat parameter to xda/help/en/default.htm or 2 /%09/ slash encoded horizontal tab slash...

6.4AI score0.01225EPSS

Exploits2References2

CVE•added 2017/09/27 5:0 p.m.•58 views

CVE-2017-14525

CVE-2017-14525 concerns OpenText Documentum Webtop 6.8.0160.0073 with open redirect vulnerabilities. The issue allows remote attackers to redirect users to arbitrary sites via (1) the startat parameter in xda/help/en/default.htm or (2) a slash-encoded sequence followed by a domain in the redirect...

6.1CVSS6.3AI score0.0018EPSS

Exploits2References2Affected Software2

CVE•added 2017/09/27 5:0 p.m.•86 views

CVE-2017-14524

OpenText Documentum Administrator 7.2.0180.0055 is vulnerable to multiple open redirect flaws. An attacker can redirect users to malicious sites via (1) the startat parameter in xda/help/en/default.htm or (2) the redirectUrl parameter in xda/component/virtuallinkconnect, enabling phishing or unwa...

6.1CVSS6.3AI score0.01225EPSS

Exploits2References2Affected Software2

Packet Storm•added 2017/09/27 12:0 a.m.•65 views

OpenText Documentum Administrator / Webtop XXE Injection

Title: OpenText Documentum Administrator and Webtop - XML External Entity Injection Author: Jakub Palaczynski, Pawel Gocyla Date: 24. September 2017 CVE Administrator: CVE-2017-14526 CVE Webtop: CVE-2017-14527 Affected software: ================== Documentum Administrator Documentum Webtop Exploi...

0.00646EPSS

Exploits3

Packet Storm•added 2017/09/27 12:0 a.m.•72 views

OpenText Documentum Administrator / Webtop Open Redirection

Title: OpenText Documentum Administrator and Webtop - Open Redirection Author: Jakub Palaczynski Date: 24. September 2017 CVE Administrator: CVE-2017-14524 CVE Webtop: CVE-2017-14525 Affected software: ================== Documentum Administrator Documentum Webtop Exploit was tested on:...

6.3AI score0.01225EPSS

Exploits2

CNVD•added 2017/09/27 12:0 a.m.•5 views

OpenText Documentum Webtop XML External Entity Injection Vulnerability

OpenText Documentum Webtop is a suite of products from OpenText Canada that allow users to access Documentum repositories and content management services in standard browser applications. An XML external entity injection vulnerability exists in OpenText Documentum Webtop version 6.8.0160.0073. A...

8.8CVSS7.5AI score0.00558EPSS

Exploits3References1

0day.today•added 2017/09/27 12:0 a.m.•98 views

OpenText Documentum Administrator / Webtop XXE Injection Vulnerability

OpenText Documentum Administrator version 7.2.0180.0055 and Documentum Webtop version 6.8.0160.0073 suffer from XML external entity injection vulnerabilities. Title: OpenText Documentum Administrator and Webtop - XML External Entity Injection Author: Jakub Palaczynski, Pawel Gocyla Date: 24...

6.5CVSS9AI score0.00646EPSS

Exploits3

0day.today•added 2017/09/27 12:0 a.m.•55 views

OpenText Documentum Administrator / Webtop Open Redirection Vulnerability

OpenText Documentum Administrator version 7.2.0180.0055 and Documentum Webtop version 6.8.0160.0073 suffer from an open redirection vulnerability. Title: OpenText Documentum Administrator and Webtop - Open Redirection Author: Jakub Palaczynski Date: 24. September 2017 CVE Administrator:...

5.8CVSS6.3AI score0.01225EPSS

Exploits2

CNVD•added 2017/05/12 12:0 a.m.•2 views

OpenText Tempo Box Cross-Site Scripting Vulnerability

OpenText Tempo Box is an enterprise-class file management solution from OpenText Canada. The solution supports file sharing between PCs and mobile devices. A cross-site scripting vulnerability exists in OpenText Tempo Box 10.0.3. A remote attacker can exploit this vulnerability to persistently...

6.1CVSS6AI score0.00196EPSS

Exploits1References1

Prion•added 2017/05/10 5:29 p.m.•13 views

Cross site scripting

Cross-site scripting XSS vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image...

4.3CVSS6AI score0.00196EPSS

Exploits1References1Affected Software1

OSV•added 2017/05/10 5:29 p.m.•0 views

CVE-2017-8892

Cross-site scripting XSS vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image...

6.1CVSS5.9AI score

Exploits0References1

NVD•added 2017/05/10 5:29 p.m.•13 views

CVE-2017-8892

Cross-site scripting XSS vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image...

6.1CVSS6.1AI score0.00196EPSS

Exploits1References1

Cvelist•added 2017/05/10 5:0 p.m.•17 views

CVE-2017-8892

Cross-site scripting XSS vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image...

6.1AI score0.00196EPSS

Exploits1References1

CVE•added 2017/05/10 5:0 p.m.•38 views

CVE-2017-8892

CVE-2017-8892 describes a cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 where an attacker can persistently inject arbitrary web script or HTML via the name of an uploaded image. The issue is documented across multiple feeds (NVD/Red Hat/CNVD/CVE listing) with both CVSS2 (4...

6.1CVSS6AI score0.00196EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by