Lucene search
K

79 matches found

Cvelist
Cvelist
added 2016/02/12 1:0 a.m.25 views

CVE-2016-0881

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and obtain sensitive repository information by appending a query to a REST request...

6.3AI score0.01708EPSS
Exploits0References2
CVE
CVE
added 2016/02/12 1:0 a.m.44 views

CVE-2016-0881

EMC Documentum xCP is affected: versions 2.1 before patch 23 and 2.2 before patch 11 expose a DQL injection via REST requests, allowing remote authenticated attackers to obtain sensitive repository information. The root cause is improper handling of XCP REST requests, enabling execution of SQL-li...

6.5CVSS6.2AI score0.01708EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/07/09 12:0 a.m.24 views

EMC Documentum D2 4.1 / 4.2.x < 4.2 P16 / 4.5.x < 4.5 P03 Multiple DQL Injection Vulnerabilities

The EMC Documentum D2 running on the remote host is affected by DQL injection vulnerabilities in the D2CenterstageService.getComments and D2DownloadService.getDownloadUrls services due to a failure to sanitize user-supplied input. A remote, authenticated attacker can exploit these to bypass...

4CVSS5.7AI score0.0144EPSS
Exploits0References3
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.53 views

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities EMC Identifier: ESA-2015-108 CVE Identifier: CVE-2015-0547, CVE-2015-0548 Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual CVEs Affected products: • EM...

4CVSS0.6AI score0.0144EPSS
Exploits0
NVD
NVD
added 2015/07/04 10:59 a.m.19 views

CVE-2015-0548

The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

4CVSS6.5AI score0.0144EPSS
Exploits0References2
Prion
Prion
added 2015/07/04 10:59 a.m.14 views

Design/Logic Flaw

The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

4CVSS6.9AI score0.0144EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2015/07/04 10:59 a.m.19 views

CVE-2015-0547

The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

4CVSS6.5AI score0.0144EPSS
Exploits0References2
Prion
Prion
added 2015/07/04 10:59 a.m.18 views

Design/Logic Flaw

The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

4CVSS6.9AI score0.0144EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/07/04 10:0 a.m.53 views

CVE-2015-0548

EMC Documentum D2 contains DQL injection vulnerabilities in D2DownloadService.getDownloadUrls (affecting D2 4.1/4.2 before 4.2 P16 and 4.5 before P03). A remote authenticated attacker can bypass read-access restrictions and disclose database data. Related advisory ESA-2015-108 and vendor/NVD entr...

4CVSS6.6AI score0.0144EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/07/04 10:0 a.m.22 views

CVE-2015-0547

The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

6.5AI score0.0144EPSS
Exploits0References2
CVE
CVE
added 2015/07/04 10:0 a.m.48 views

CVE-2015-0547

EMC Documentum D2 is affected by CVE-2015-0547 due to DQL injection in the D2CenterstageService.getComments method. The vulnerability affects D2 versions 4.1 and 4.2 prior to 4.2 P16 and 4.5 prior to P03, enabling remote authenticated users to bypass read-access restrictions and potentially discl...

4CVSS6.6AI score0.0144EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/07/04 10:0 a.m.24 views

CVE-2015-0548

The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...

6.5AI score0.0144EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/09/11 12:0 a.m.27 views

EMC Documentum Content Server Multiple Vulnerabilities (ESA-2014-046)

The remote host is running a version of EMC Documentum Content Server that is affected by multiple vulnerabilities : - A privilege escalation vulnerability exists due to improper authorization checks. A remote, authenticated attacker can exploit this vulnerability to access data or execute comman...

8.5CVSS6.2AI score0.03558EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/09/11 12:0 a.m.61 views

EMC Documentum Content Server Multiple Vulnerabilities (ESA-2014-079)

The remote host is running a version of EMC Documentum Content Server that is affected by multiple vulnerabilities : - An error exists in the 'ssl3readbytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is exploitable only...

8.5CVSS8.7AI score0.99977EPSS
Exploits15References12
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.92 views

ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities

ESA-2014-079.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2014-079 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE...

8.5CVSS1AI score0.99977EPSS
Exploits15
NVD
NVD
added 2014/08/20 11:17 a.m.32 views

CVE-2014-2520

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request...

6.3CVSS8.1AI score0.01709EPSS
Exploits1References5
Prion
Prion
added 2014/08/20 11:17 a.m.19 views

Design/Logic Flaw

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request...

6.3CVSS6.4AI score0.01709EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2014/08/20 10:0 a.m.60 views

CVE-2014-2520

OpenText/OpenText Documentum Content Server is affected by CVE-2014-2520 in Oracle DB deployments, where the DQL engine fails to properly restrict DQL hints, enabling remote authenticated users to perform DQL injections and read sensitive data. Affected versions include EMC Documentum Content Ser...

6.3CVSS8AI score0.01709EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2014/08/20 10:0 a.m.34 views

CVE-2014-2520

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request...

8.1AI score0.01709EPSS
Exploits1References5
Fedora
Fedora
added 2014/06/17 11:31 p.m.44 views

[SECURITY] Fedora 20 Update: php-doctrine-orm-2.4.2-2.fc20

Object relational mapper ORM for PHP that sits on top of a powerful datab ase abstraction layer DBAL. One of its' key features is the option to write database queries in a proprietary object oriented SQL dialect called Doctri ne Query Language DQL, inspired by Hibernate's HQL. This provides...

5CVSS1AI score0.20805EPSS
Exploits0
Rows per page
Query Builder