10 matches found
CVE-2013-3281
The CVE-2013-3281 entry describes a cross-site scripting (XSS) vulnerability in EMC Documentum products (Webtop, WDK, Taskspace, Records Manager, Web Publisher, Digital Asset Manager, Administrator, Capital Projects) prior to the stated SP versions. The flaw allows remote attackers to inject arbi...
CVE-2013-0937
CVE-2013-0937 is a session-fixation vulnerability affecting EMC Documentum Webtop, WDK, Taskspace, and Records Manager up to version 6.7 SP2. The entry describes that remote attackers could hijack an authenticated session via unspecified vectors. Affected components include Webtop, WDK, Taskspace...
CVE-2013-0938
CVE-2013-0938 describes a cross-site scripting (XSS) vulnerability in EMC Documentum products prior to 6.7 SP2. Affected components include Webtop, WDK, Taskspace, and Records Manager before 6.7 SP2. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors,...
CVE-2014-2518
EMC Documentum CSRF vulnerabilities (CVE-2014-2518) affect WebTop, Administrator, WDK, Task Space, Records Manager, Web Publisher and Digital Asset Manager across multiple versions; exploitation could hijack user sessions by tricking authenticated users. The ESA-2014-073 advisory notes the fix fo...
CVE-2013-0939
EMC Documentum CVE-2013-0939 affects Webtop, WDK, Taskspace, and Records Manager prior to 6.7 SP2. The issue is a Cross Frame Scripting vulnerability allowing remote attackers to obtain sensitive information via cross-origin frame navigation. Affected products include Webtop, WDK, Taskspace, and ...
CVE-2014-4636
EMC Documentum Web Development Kit (WDK) prior to version 6.8 is affected by a Cross-Site Request Forgery (CSRF) vulnerability (CVE-2014-4636). The issue allows an attacker to trick authenticated users into performing Docbase operations with their privileges by visiting a malicious link or page, ...
CVE-2014-4639
CVE-2014-4639 affects EMC Documentum Web Development Kit (WDK) before 6.8. The issue is insufficient randomness in a Webtop component parameter, enabling remote attackers to predict the parameter and carry out phishing via brute-force attempts. The ESA-2014-180 advisory lists this under multiple ...
CVE-2014-4635
EMC Documentum Web Development Kit (WDK) before 6.8 contains multiple Cross-Site Scripting (XSS) vulnerabilities (CVE-2014-4635). The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, potentially impacting users in the context of authenticated sessions....
CVE-2014-4637
EMC Documentum Web Development Kit (WDK) prior to version 6.8 contains a URL Redirection vulnerability (CVE-2014-4637). The issue arises from an unvalidated parameter allowing a remote attacker to redirect users to arbitrary sites, enabling phishing-like redirects. ESA-2014-180 summarizes related...
CVE-2014-4638
EMC Documentum Web Development Kit (WDK) prior to version 6.8 contains a frame-injection vulnerability (CVE-2014-4638). The issue can allow remote attackers to induce the user to load an attacker-controlled page in a frame and potentially harvest sensitive information, with the documented base CV...