35 matches found
EUVD-2016-10663
Malware in sbrugna...
EUVD-2015-0530
Malware in sbrugna...
EUVD-2016-0899
Malware in sbrugna...
EUVD-2016-10664
Malware in sbrugna...
EUVD-2015-0562
Malware in sbrugna...
EUVD-2014-2551
Malware in sbrugna...
CVE-2017-5586
OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...
CVE-2016-9872
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system...
CVE-2016-9873
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information,...
CVE-2016-9872
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system...
EMC Documentum D2 4.5.x < 4.5 P15 / 4.6.x < 4.6 P03 r_object_id Handling Unauthenticated Document Disclosure (ESA-2016-108)
The remote host is running a version of EMC Documentum D2 that is 4.5.x prior to 4.5.0150 4.5 patch 15 or 4.6.x prior to 4.6.0030 4.6 patch 03. It is, therefore, affected by an information disclosure vulnerability due to improper validation of the 'robjectid' identifier. An unauthenticated, remot...
Code injection
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an robjectid value...
EMC Documentum D2 < 4.6 Insufficient ACL Remote Object Manipulation (ESA-2016-034)
The remote host is running a version EMC Documentum D2 that is prior to 4.6. It is, therefore, affected by a security bypass vulnerability due to a failure to set secure access control lists ACLs for D2 configuration objects. An authenticated, remote attacker can exploit this to modify or delete ...
CVE-2016-0888
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors...
CVE-2016-0888
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors...
ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability EMC Identifier: ESA-2015-132 CVE Identifier: CVE-2015-4537 Severity Rating: CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: • EMC Documentum D2 4.2 and earlier Summary: EMC...
Hardcoded credentials
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive...
CVE-2015-4537
EMC Documentum D2 vulnerability CVE-2015-4537 affects the Lockbox component. If the server lacks the D2.Lockbox file, D2 uses a hardcoded passphrase to encrypt admin tickets, enabling an attacker who can decompile D2 JARs to recover the passphrase and decrypt tickets. Affected products include EM...
ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities EMC Identifier: ESA-2015-108 CVE Identifier: CVE-2015-0547, CVE-2015-0548 Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual CVEs Affected products: • EM...
Design/Logic Flaw
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended read-access restrictions via unspecified vectors...