OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect

OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2017-14524 info: name: OpenText...

CVE-2017-14526

Multiple XML external entity XXE vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a 1 crafted DT...

Open redirect

Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a 1 URL in the startat parameter to xda/help/en/default.htm or 2 /%09/ slash encoded horizontal tab slash...

CVE-2017-14526

Multiple XML external entity XXE vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a 1 crafted DT...

CVE-2017-14524

Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a 1 URL in the startat parameter to xda/help/en/default.htm or 2 /%09/ slash encoded horizontal tab slash...

CVE-2017-14524

OpenText Documentum Administrator 7.2.0180.0055 is vulnerable to multiple open redirect flaws. An attacker can redirect users to malicious sites via (1) the startat parameter in xda/help/en/default.htm or (2) the redirectUrl parameter in xda/component/virtuallinkconnect, enabling phishing or unwa...

OpenText Documentum Administrator XML External Entity Injection Vulnerability

OpenText Documentum Administrator is Canada's OpenText company's Web-based set of development tools used to perform Documentum system management tasks. An XML external entity injection vulnerability exists in OpenText Documentum Administrator version 7.2.0180.0055. A remote attacker could use thi...

CVE-2016-8213

EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and...

HTML Injection Vulnerability in Multiple EMC Products

EMC Documentum WebTop is a suite of products that allow users to access Documentum repositories and content management services in a standard browser application.Documentum Administrator is a set of Web-based development tools for performing Documentum system administration tasks. Documentum...

CVE-2016-0914

EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions...

Design/Logic Flaw

EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions...

Multiple EMC Product Privilege Bypass Vulnerabilities

EMC Documentum WebTop is a suite of products that allow users to access Documentum repositories and content management services in a standard browser application.Documentum Administrator is a set of Web-based development tools for performing Documentum system administration tasks. Documentum...

CVE-2015-4530

EMC Documentum CSRF vulnerability CVE-2015-4530 affects WebTop and related components (WebTop, WebTop-based clients; Administrator up to 7.2; DAM 6.5SP6; Web Publishers 6.5SP7; Task Space 6.7SP2). Root cause: incomplete fix for CVE-2014-2518. Impact: attackers can hijack user sessions, performing...

Cross-Site Request Forgery Vulnerability in Multiple EMC Documentum Products

EMC Documentum WebTop is a suite of products that allow users to access Documentum repositories and content management services in a standard browser application.Documentum Administrator is a Web-based development tool used to perform Documentum system management tasks. Documentum Administrator i...

Unrestricted file upload

Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25;...

CVE-2015-0551

Multiple cross-site scripting XSS vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before...

Unrestricted file upload

Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute...

CVE-2008-0656

The CVE-2008-0656 entry concerns EMC Documentum components: Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317. The vulnerability is an uncontrolled file upload in dmclTrace.jsp that allows a remote attacker to overwrite arbitrary files by supplying a crafted filename attribute. The availabl...

CVE-2008-0656

Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute...

CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop

The following pre-advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-SecurityAdvisoryDocumentumdmclTraceArbitraryfileoverwrite.pdf Advisory Name: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop ============== Vulnerability Class:...