70 matches found
EUVD-2014-2543
Malware in sbrugna...
EUVD-2014-4555
Malware in sbrugna...
CVE-2011-4144
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveraging system administrator privileges...
CVE-2023-31871
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dmsecurewriter. The binary has security controls in place preventing creation of a file in a...
PT-2023-23499 · Opentext · Opentext Documentum Content Server
Name of the Vulnerable Software and Affected Versions: OpenText Documentum Content Server versions prior to 23.2 Description: The issue allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root-owned SUID binary dm secure writer. Thi...
OpenText Documentum Content Server - dmr_content Privilege Escalation
OpenText Documentum Content Server - dmrcontent Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server stores...
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of PUTFILE RPC-command which allows any authenticated user to hijack arbitrary...
OpenText Documentum Content Server - Arbitrary File Download Privilege Escalation
!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of PUTFILE RPC-command which allows any authenticated user to hijack arbitrary file from Content Server filesystem, because some files on Content Server...
OpenText Documentum Content Server - Privilege Escalation
!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server allows to upload content using batches TAR archives, when unpacking TAR archives...
OpenText Documentum Content Server - Arbitrary File Download
OpenText Documentum Content Server - Arbitrary File Download !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to download arbitrary content files regardless attacker's repository...
OpenText Documentum Content Server - 'dmr_content' Privilege Escalation
!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server stores information about uploaded files in dmrcontent objects, which are queryable...
OpenText Documentum Content Server - Arbitrary File Download
!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to download arbitrary content files regardless attacker's repository permissions: when authenticated user upload content to...
Opentext Documentum Content Server File Download Exploit
Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains a design gap that allows authenticated user to download arbitrary content files regardless of the attacker's repository permissions. !/usr/bin/env python Opentext Documentum Content Server formerly known a...
Opentext Documentum Content Server File Hijack / Privilege Escalation Exploit
Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of the PUTFILE RPC command which allows any authenticated user to hijack arbitrary file from the Content Server filesystem. Because some files on the Content Server filesystem are...
Opentext Documentum Content Server File Hijack / Privilege Escalation
!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of PUTFILE RPC-command which allows any authenticated user to hijack arbitrary file from Content Server filesystem, because some files on Content Server...
CVE-2017-15012
OpenText Documentum Content Server formerly EMC Documentum Content Server through 7.3 does not properly validate the input of the PUTFILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server...
CVE-2017-15014
OpenText Documentum Content Server formerly EMC Documentum Content Server through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the...
CVE-2017-15014
OpenText Documentum Content Server formerly EMC Documentum Content Server through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the...
CVE-2017-15276
OpenText Documentum Content Server formerly EMC Documentum Content Server through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches TAR archives. When unpacking TAR archives, Content Server...
OpenText Documentum Content Server "RPC save-command" elevation vulnerability
OpenText Documentum Content Server is a platform for managing content in a repository and consists of three parts: a content server, a relational database, and a location to store documents. OpenText Documentum Content Server "RPC save-command" has an elevation vulnerability that can be exploited...