Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) does not properly validate input of the PUT_FILE RPC command which allows any authenticated user to hijack arbitrary file from the Content Server filesystem. Because some files on the Content Server filesystem are security-sensitive this security flaw leads to privilege escalation.
782b07d542a51cfa91ec48aaeb81da9325c12c927c3fc47bd2cfa87f5e741c19Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows any authenticated user the ability to replace content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.
ac7c57e364c48ad77e9244ef5c906a10bfe022c7af7f5697dd095c5d81ee4d9cOpentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows authenticated user to download arbitrary content files regardless of the attacker's repository permissions.
24c6a20d38acd4191fcc54a1c86e6f583c30b30ff4b31be01f81bdcfb2155a80Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) allows for privilege escalation via traversal attacks leveraged through uploaded tar files.
8f058be0fbb3dae75f3313418482761ee598bb48de892ffce1875c79cccba63dOpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. This code is a proof of concept exploit.
075e41464f5a5b594ef398cfbdc839e338020d08e61a4d818296c681db42b4d7OpenText Documentum Content Server suffers from a privilege evaluation issue using crafted RPC save commands. Two proof of concepts included.
580ee53cae3ceeb71bd5061ead172f398e5ed685fc4484fea0430f1ba5208097OpenText Documentum Content Server version 7.3 suffers from a remote SQL injection vulnerability due to a previously announced fix being incomplete.
ace149b822a50c7993d6f686c8031fafa0ff63437d3e979c07952eb853919ff7OpenText Documentum D2 version 4.x contains vulnerable BeanShell (bsh) and Apache Commons libraries and accepts serialized data from untrusted sources, which leads to remote code execution.
6fbad60d58b433df1796ee0732b8f646b591cb22d703a73a10ae6773eee2be66All EMC Documentum WDK-based applications (Taskspace, Webtop, Documentum Administrator, EPFM) contain an extremely dangerous web component – API Tester. It allows for path traversal, arbitrary code execution, and privilege escalation attacks.
46663e14e60c2d3f94f374b2571e350b1e7744ac4f13a7cd8032e426b3ab94dfEMC Documentum Content Server failed to fully address privilege escalation vulnerabilities as noted in CVE-2015-4532.
3e23749741e39d44281a4e37e4effeb870920b6c75bab3df444cee63831f8276EMC Documentum Content Server suffers from an arbitrary code execution vulnerability.
c2bedfbc57a00c51150a01873bae989bcc87b6d4e0f981bb7614f0a531896758EMC Documentum Content Server suffers from a privilege escalation vulnerability.
80285eb669610b3c918abc9181df00a398f6734029af4b07e148e171da2b1654The fix for the EMC Documentum Content Server vulnerability as highlighted in CVE-2014-2513 appears to be partial and still exploitable via slightly modified means.
e93c2829969b19c504cd3f1c57ed73580f7207de2859d1e952e49e3a60186fc8A vulnerability exists in the EMC Documentum Content Server which allows an authenticated user to elevate privileges, hijack Content Server filesystem, or execute arbitrary commands by creating malicious dm_job objects. Although ESA-2014-105 claimed to remediate this issue, it persists.
c2fab15b7849733e911e9d40873b3af36fa3fddd78061a30c82067805f9a0abd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed