Lucene search
K

125 matches found

NVD
NVD
added 2015/07/04 10:59 a.m.19 views

CVE-2015-0548

The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

4CVSS6.5AI score0.0144EPSS
Exploits0References2
Prion
Prion
added 2015/07/04 10:59 a.m.14 views

Design/Logic Flaw

The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

4CVSS6.9AI score0.0144EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2015/07/04 10:59 a.m.19 views

CVE-2015-0547

The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

4CVSS6.5AI score0.0144EPSS
Exploits0References2
Prion
Prion
added 2015/07/04 10:59 a.m.18 views

Design/Logic Flaw

The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

4CVSS6.9AI score0.0144EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/07/04 10:0 a.m.53 views

CVE-2015-0548

EMC Documentum D2 contains DQL injection vulnerabilities in D2DownloadService.getDownloadUrls (affecting D2 4.1/4.2 before 4.2 P16 and 4.5 before P03). A remote authenticated attacker can bypass read-access restrictions and disclose database data. Related advisory ESA-2015-108 and vendor/NVD entr...

4CVSS6.6AI score0.0144EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/07/04 10:0 a.m.48 views

CVE-2015-0547

EMC Documentum D2 is affected by CVE-2015-0547 due to DQL injection in the D2CenterstageService.getComments method. The vulnerability affects D2 versions 4.1 and 4.2 prior to 4.2 P16 and 4.5 prior to P03, enabling remote authenticated users to bypass read-access restrictions and potentially discl...

4CVSS6.6AI score0.0144EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/07/04 10:0 a.m.24 views

CVE-2015-0548

The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

6.5AI score0.0144EPSS
Exploits0References2
CNVD
CNVD
added 2015/07/02 12:0 a.m.3 views

EMC Documentum D2 SQL Injection Vulnerability (CNVD-2015-04194)

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. EMC Documentum D2 has a DQL injection vulnerability in the D2CenterstageService.getComments service method that can lead to database information disclosu...

4CVSS7.1AI score0.0144EPSS
Exploits0References1
CNVD
CNVD
added 2015/07/02 12:0 a.m.2 views

EMC Documentum D2 SQL Injection Vulnerability (CNVD-2015-04195)

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. EMC Documentum D2 suffers from a SQL injection vulnerability in the D2DownloadService.getDownloadUrls service method, which could lead to the disclosure ...

4CVSS7.8AI score0.0144EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/06/29 12:0 a.m.45 views

ESA-2015-109: EMC Documentum D2 Cross-Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-109: EMC Documentum D2 Cross-Site Scripting Vulnerability EMC Identifier: ESA-2015-109 CVE Identifier: CVE-2015-0549 Severity Rating: CVSS v2 Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Affected products: EMC Documentum D2 version 4.1 EMC...

3.5CVSS0.2AI score0.01075EPSS
Exploits0
NVD
NVD
added 2015/06/28 7:59 p.m.15 views

CVE-2015-0549

Cross-site scripting XSS vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.2AI score0.01075EPSS
Exploits0References2
Prion
Prion
added 2015/06/28 7:59 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.6AI score0.01075EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/06/28 7:0 p.m.49 views

CVE-2015-0549

EMC Documentum D2 is affected by a stored cross-site scripting (XSS) vulnerability (CVE-2015-0549) in versions prior to 4.5. The issue affects D2 components handling user-supplied input, allowing an authenticated remote attacker to inject script/HTML. Public advisories (ESA-2015-109) indicate aff...

3.5CVSS5.3AI score0.01075EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/06/28 7:0 p.m.22 views

CVE-2015-0549

Cross-site scripting XSS vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

5.2AI score0.01075EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/06/26 12:0 a.m.29 views

EMC Documentum D2 4.1.x < 4.5 XSS (ESA-2015-109)

The remote host is running a version EMC Documentum D2 that is 4.1.x or 4.2.x prior to 4.5. It is, therefore, affected by a stored cross-site scripting vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted...

3.5CVSS5.8AI score0.01075EPSS
Exploits0References2
CNVD
CNVD
added 2015/06/24 12:0 a.m.3 views

EMC Documentum D2 Cross-Site Scripting Vulnerability

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. EMC Documentum D2 version 4.5 contains a cross-site scripting vulnerability that could allow an attacker to inject malicious HTML or script...

3.5CVSS6.1AI score0.01075EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/02/23 12:0 a.m.44 views

ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities EMC Identifier: ESA-2015-010 CVE Identifier: CVE-2015-0517, CVE-2015-0518 Affected products: • EMC Documentum D2 3.1 and all patch versions • EMC Documentum D2 3.1 SP1 and all patch versions • E...

9CVSS1.1AI score0.03657EPSS
Exploits0
NVD
NVD
added 2015/02/14 3:59 p.m.19 views

CVE-2015-0518

The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions...

9CVSS6.2AI score0.03657EPSS
Exploits0References4
NVD
NVD
added 2015/02/14 3:59 p.m.23 views

CVE-2015-0517

The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file...

4CVSS5.7AI score0.01228EPSS
Exploits0References4
CVE
CVE
added 2015/02/14 3:0 p.m.49 views

CVE-2015-0518

EMC Documentum D2 (D2FS web service Properties component) is affected by CVE-2015-0518. A flaw in the D2FS Properties service allows a remote authenticated, low-privilege D2 user to modify group permissions and escalate to superuser privileges. Affected products/versions include D2 3.1 through SP...

9CVSS6.3AI score0.03657EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder