110 matches found
CVE-2015-0551
Multiple cross-site scripting XSS vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before...
ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities
ESA-2014-059.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities EMC Identifier: ESA-2014-059 CVE Identifier: CVE-2014-2511 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Affected products: • EMC WebTop...
ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities
ESA-2014-073.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities EMC Identifier: ESA-2014-073 CVE Identifier: CVE-2014-2518 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Affected products: • EMC...
CVE-2014-2511
Multiple cross-site scripting XSS vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the 1 startat or 2 entryId parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the 1 startat or 2 entryId parameter...
CVE-2014-2511
CVE-2014-2511 maps to EMC Documentum WebTop multiple XSS vulnerabilities exploitable via startat and entryId parameters. The ESA-2014-059 advisory confirms the issue affects EMC WebTop 6.7 SP1, 6.7 SP2 (and other Documentum/WebTop family products) with fixes in specific patches/versions (e.g., We...
Caldera UnixWare 7.1.1 WebTop SCOAdminReg.CGI Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3936/info UnixWare is a commercial Unix implementation distributed originally developed by SCO. It is now maintained and distributed by Caldera. The scoadminreg.cgi program does not properly validate user input when...
CVE-2013-3281
The CVE-2013-3281 entry describes a cross-site scripting (XSS) vulnerability in EMC Documentum products (Webtop, WDK, Taskspace, Records Manager, Web Publisher, Digital Asset Manager, Administrator, Capital Projects) prior to the stated SP versions. The flaw allows remote attackers to inject arbi...
CVE-2013-0939
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting"...
CVE-2013-0937
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting"...
Session fixation
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2013-0938
Cross-site scripting XSS vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-0938
CVE-2013-0938 describes a cross-site scripting (XSS) vulnerability in EMC Documentum products prior to 6.7 SP2. Affected components include Webtop, WDK, Taskspace, and Records Manager before 6.7 SP2. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors,...
CVE-2013-0939
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting"...
CVE-2013-0937
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2013-0937
CVE-2013-0937 is a session-fixation vulnerability affecting EMC Documentum Webtop, WDK, Taskspace, and Records Manager up to version 6.7 SP2. The entry describes that remote attackers could hijack an authenticated session via unspecified vectors. Affected components include Webtop, WDK, Taskspace...
ESA-2013-021: EMC Documentum Multiple Vulnerabilities
ESA-2013-021.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-021: EMC Documentum Multiple Vulnerabilities EMC Identifier: ESA-2013-021 CVE Identifier: CVE-2013-0937, CVE-2013-0938, CVE-2013-0939 Severity Rating: See below for individual scores Affected products: • EMC Documentum Webtop...
Design/Logic Flaw
IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun...