Lucene search
K

35 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:8 a.m.5 views

CVE-2011-4144

Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveraging system administrator privileges...

6.8CVSS6.5AI score0.00303EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2017/10/14 12:0 a.m.69 views

Opentext Documentum Content Server File Hijack / Privilege Escalation

!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of PUTFILE RPC-command which allows any authenticated user to hijack arbitrary file from Content Server filesystem, because some files on Content Server...

1AI score0.07782EPSS
Exploits4
securityvulns
securityvulns
added 2015/09/14 12:0 a.m.47 views

ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability EMC Identifier: ESA-2015-144 CVE Identifier: CVE-2015-4544 Severity Rating: CVSS v2 Base Score: 8.2 AV:N/AC:M/Au:S/C:C/I:C/A:P Affected products: • EMC Documentum Content...

9CVSS1.1AI score0.03994EPSS
Exploits0
Cvelist
Cvelist
added 2015/09/04 1:0 a.m.26 views

CVE-2015-4544

EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dmjob object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix fo...

6.2AI score0.02598EPSS
Exploits0References2
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.183 views

ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2015-131 CVE Identifier: CVE-2015-4531, CVE-2015-4532, CVE-2015-4533, CVE-2015-4534, CVE-2015-4535, CVE-2015-4536 Severity Rating: CVSS v2 Base Score: See below f...

9CVSS1.2AI score0.03926EPSS
Exploits8
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.44 views

EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532)

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed For detailed description see http://seclists.org/bugtraq/2015/Jul/51 New behavior introduced in CVE-2015-4532: API ?,c,execute domethod WITH METHOD='dmbptransition', ARGUMENTS=' repo repo...

9CVSS1.1AI score0.03127EPSS
Exploits2
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.108 views

sysadmin privilege in EMC Documentum Content Server

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed In 2011 Yuri Simone discovered a security flaw in EMC Documentum Content Server, which allows users with sysadmin privileges to elevate their privileges to superuser see CVE-2011-4144. On...

9CVSS6.4AI score0.02557EPSS
Exploits2
NVD
NVD
added 2015/08/20 10:59 a.m.27 views

CVE-2015-4533

EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom scrip...

9CVSS8.9AI score0.03892EPSS
Exploits3References3
Prion
Prion
added 2015/08/20 10:59 a.m.16 views

Design/Logic Flaw

Java Method Server JMS in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the methodverb parameter...

9CVSS7.8AI score0.03926EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/08/20 10:0 a.m.26 views

CVE-2015-4535

Java Method Server JMS in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when debugtrace is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing ...

6.3AI score0.01861EPSS
Exploits0References3
CVE
CVE
added 2015/08/20 10:0 a.m.57 views

CVE-2015-4534

EMC Documentum Content Server’s Java Method Server (JMS) contains a vulnerability (CVE-2015-4534) where JMS fails to validate signatures for query strings missing the method_verb parameter, allowing remote authenticated users to forge signatures and execute arbitrary code in the JMS context. Affe...

9CVSS7.5AI score0.03926EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/08/19 12:0 a.m.40 views

EMC Documentum Content Server Information Disclosure (ESA-2015-131)

The version of EMC Documentum Content Server running on the remote host is affected an information disclosure vulnerability due to passwords being stored as plaintext in log files for users with inline authentication. An authenticated, remote attacker with access to the log files can exploit this...

3.5CVSS5.6AI score0.01435EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/08/19 12:0 a.m.39 views

EMC Documentum Content Server Multiple Vulnerabilities (ESA-2015-131)

The version of EMC Documentum Content Server running on the remote host is affected by multiple vulnerabilities : - A privilege escalation vulnerability exists due to improper authorization checks performed on subgroups within the dmsuperusers group. An authenticated, remote attacker can exploit...

9CVSS9AI score0.03926EPSS
Exploits8References6
0day.today
0day.today
added 2015/08/19 12:0 a.m.84 views

EMC Documentum Content Server Privilege Escalation Vulnerability

EMC Documentum Content Server suffers from a privilege escalation vulnerability. Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed In 2011 Yuri Simone discovered a security flaw in EMC Documentum Content Server, which allows users with...

9CVSS6.7AI score0.02557EPSS
Exploits2
Packet Storm
Packet Storm
added 2015/08/18 12:0 a.m.36 views

EMC Documentum Content Server Code Execution

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed For detailed description see http://seclists.org/bugtraq/2015/Jul/51 New behavior introduced in CVE-2015-4532: API ?,c,execute domethod WITH METHOD='dmbptransition', ARGUMENTS=' repo repo...

9CVSS0.03127EPSS
Exploits2
securityvulns
securityvulns
added 2015/07/13 12:0 a.m.40 views

Extra information for CVE-2014-2513 - EMC Documentum Content Server: arbitrary code execution

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed On November 2013 I discovered vulnerability in EMC Documentum Content Server which allow authenticated user to execute arbitrary commands using dmbptransition docbase method for detailed...

0.1AI score0.02923EPSS
Exploits4
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.45 views

Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed On April 2014 I discovered vulnerability in EMC Documentum Content Server which allow authenticated user to elevate privileges, hijack Content Server filesystem or execute arbitrary comman...

9CVSS7AI score0.03994EPSS
Exploits0
NVD
NVD
added 2014/12/06 3:59 p.m.19 views

CVE-2014-4629

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference...

9CVSS6.2AI score0.03271EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/12/04 12:0 a.m.26 views

EMC Documentum Content Server Insecure Direct Object Reference (ESA-2014-156)

The remote host is running a version of EMC Documentum Content Server that is affected by an insecure direct object reference vulnerability, which allows a remote, authenticated attacker to potentially read or delete arbitrary files without authorization. C Tenable Network Security, Inc...

9CVSS5.7AI score0.03271EPSS
Exploits0References2
NVD
NVD
added 2014/09/17 10:55 a.m.20 views

CVE-2014-4622

EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server...

7.1CVSS6.4AI score0.02557EPSS
Exploits2References5
Rows per page
Query Builder