14 matches found
PT-2025-44365
Name of the Vulnerable Software and Affected Versions Acquia DAM versions 0.0.0 through 1.1.4 Description A missing authorization issue exists in Drupal Acquia DAM, allowing for forceful browsing. This allows unauthorized access to resources. Recommendations Update Acquia DAM to version 1.1.5 or...
EUVD-2019-7743
Malware in sbrugna...
Cross site scripting
The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and...
CVE-2019-17332 TIBCO EBX Add-on For Digital Asset Manager Cross-Site Scripting Vulnerabilities
The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and...
CVE-2019-17332
The CVE-2019-17332 issue affects TIBCO EBX Add-ons’ Digital Asset Manager Web Interface. Affected releases include EBX Add-ons up to 3.20.13 and 4.1.0, 4.2.0, 4.2.1, and 4.2.2. Description: authenticated users can perform stored cross-site scripting (XSS) attacks due to improper input handling in...
TIBCO Security Advisory: November 12, 2019 - TIBCO EBX Add-on -2019-17332
TIBCO EBX Add-on For Digital Asset Manager Cross-Site Scripting Vulnerabilities Original release date: November 12,2019 Last revised: CVE-2019-17332 Source: TIBCO Software Inc. TIBCO EBX Add-on For Digital Asset Manager Cross-Site Scripting Vulnerabilities Original release date: November 12, 2019...
TIBCO Security Advisory: November 12, 2019 - TIBCO EBX Add-on -2019-17332
TIBCO EBX Add-on For Digital Asset Manager Cross-Site Scripting Vulnerabilities Original release date: November 12,2019 Last revised: CVE-2019-17332 Source: TIBCO Software Inc. TIBCO EBX Add-on For Digital Asset Manager Cross-Site Scripting Vulnerabilities Original release date: November 12, 2019...
CVE-2018-4875
Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM...
Cross-Site Request Forgery Vulnerability in Multiple EMC Documentum Products
EMC Documentum WebTop is a suite of products that allow users to access Documentum repositories and content management services in a standard browser application.Documentum Administrator is a Web-based development tool used to perform Documentum system management tasks. Documentum Administrator i...
ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities
ESA-2014-073.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities EMC Identifier: ESA-2014-073 CVE Identifier: CVE-2014-2518 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Affected products: • EMC...
ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability
ESA-2014-024.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability EMC Identifier: ESA-2014-024 CVE Identifier: CVE-2014-2503 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Affected products: • E...
Design/Logic Flaw
The thumbnail proxy server in EMC Documentum Digital Asset Manager DAM 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language DQL injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query strin...
CVE-2014-2503
The thumbnail proxy server in EMC Documentum Digital Asset Manager DAM 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language DQL injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query strin...
CVE-2013-3281
The CVE-2013-3281 entry describes a cross-site scripting (XSS) vulnerability in EMC Documentum products (Webtop, WDK, Taskspace, Records Manager, Web Publisher, Digital Asset Manager, Administrator, Capital Projects) prior to the stated SP versions. The flaw allows remote attackers to inject arbi...