110 matches found
CVE-2018-7660
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download docbase or username parameter...
Cross site scripting
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file...
CVE-2018-7660
Affected product : OpenText Documentum D2 Webtop v4.6.0030 build 059. Vulnerability : Reflected Cross-Site Scripting (XSS) via the servlet/Download _docbase or _username parameter. Root cause / impact : XSS could allow an attacker to potentially compromise the affected system; exploitation detail...
CVE-2018-7659
OpenText Documentum D2 Webtop 4.6.0030 build 059 is affected by a Stored Cross-Site Scripting vulnerability exploitable via the filename of an uploaded image file. The connected CNVD/NVD entries confirm the vulnerability as Stored XSS in Webtop, but the provided documents do not specify a confirm...
The vulnerability in the web interface that provides access to the OpenText Documentum Webtop repository is related to incorrect restrictions on XML links to external objects. This allows attackers to read arbitrary files or cause service failures.
The vulnerability in the web interface that provides access to the OpenText Documentum Webtop repository is related to an improper limitation on XML references to external objects XML External Entity, XXE. Exploiting this vulnerability could allow a malicious actor to read arbitrary files remotel...
webtop.com.br Open Redirect vulnerability
Vulnerable URL: http://www.webtop.com.br/linkvisita.php?id=93306=data%3Atext%2Fhtml%3Bbase64%2CPHNjcmlwdD5hbGVydCgvT1BFTkJVR0JPVU5UWS8pPC9zY3JpcHQ%2B Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.01.2018 Vulnerability type:| Open Redirect Vulnerability status:|...
CVE-2017-14527
Multiple XML external entity XXE vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a 1 crafted DTD,...
CVE-2017-14527
Multiple XML external entity XXE vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a 1 crafted DTD,...
CVE-2017-14525
Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a 1 URL in the startat parameter to xda/help/en/default.htm or 2 /%09/ slash encoded horizontal tab slash followed by...
CVE-2017-14525
Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a 1 URL in the startat parameter to xda/help/en/default.htm or 2 /%09/ slash encoded horizontal tab slash followed by...
Open redirect
Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a 1 URL in the startat parameter to xda/help/en/default.htm or 2 /%09/ slash encoded horizontal tab slash followed by...
CVE-2017-14525
Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a 1 URL in the startat parameter to xda/help/en/default.htm or 2 /%09/ slash encoded horizontal tab slash followed by...
CVE-2017-14527
CVE-2017-14527 affects OpenText Documentum Webtop 6.8.0160.0073. The vulnerability is an XML External Entity (XXE) injection in Webtop, triggered by crafted XML—specifically in a DTD within a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or via a crafted XML file in a Medi...
CVE-2017-14525
CVE-2017-14525 concerns OpenText Documentum Webtop 6.8.0160.0073 with open redirect vulnerabilities. The issue allows remote attackers to redirect users to arbitrary sites via (1) the startat parameter in xda/help/en/default.htm or (2) a slash-encoded sequence followed by a domain in the redirect...
OpenText Documentum Administrator / Webtop Open Redirection
Title: OpenText Documentum Administrator and Webtop - Open Redirection Author: Jakub Palaczynski Date: 24. September 2017 CVE Administrator: CVE-2017-14524 CVE Webtop: CVE-2017-14525 Affected software: ================== Documentum Administrator Documentum Webtop Exploit was tested on:...
OpenText Documentum Webtop XML External Entity Injection Vulnerability
OpenText Documentum Webtop is a suite of products from OpenText Canada that allow users to access Documentum repositories and content management services in standard browser applications. An XML external entity injection vulnerability exists in OpenText Documentum Webtop version 6.8.0160.0073. A...
OpenText Documentum Administrator / Webtop XXE Injection Vulnerability
OpenText Documentum Administrator version 7.2.0180.0055 and Documentum Webtop version 6.8.0160.0073 suffer from XML external entity injection vulnerabilities. Title: OpenText Documentum Administrator and Webtop - XML External Entity Injection Author: Jakub Palaczynski, Pawel Gocyla Date: 24...
OpenText Documentum Administrator / Webtop Open Redirection Vulnerability
OpenText Documentum Administrator version 7.2.0180.0055 and Documentum Webtop version 6.8.0160.0073 suffer from an open redirection vulnerability. Title: OpenText Documentum Administrator and Webtop - Open Redirection Author: Jakub Palaczynski Date: 24. September 2017 CVE Administrator:...
CVE-2016-8213
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and...
CVE-2016-8213
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and...