CVE-2014-2513

Related Files

OpenText Documentum Content Server SQL Injection

Posted Apr 25, 2017

Authored by Andrey B. Panfilov

OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. This code is a proof of concept exploit.

tags | exploit, remote, arbitrary, sql injection, proof of concept

advisories | CVE-2014-2513, CVE-2015-4533, CVE-2017-7221

SHA-256 | 075e41464f5a5b594ef398cfbdc839e338020d08e61a4d818296c681db42b4d7

Download | Favorite | View

EMC Documentum Content Server CVE-2014-2513 Bad Fix

Posted Jul 9, 2015

Authored by Andrey B. Panfilov

The fix for the EMC Documentum Content Server vulnerability as highlighted in CVE-2014-2513 appears to be partial and still exploitable via slightly modified means.

tags | exploit

advisories | CVE-2014-2513

SHA-256 | e93c2829969b19c504cd3f1c57ed73580f7207de2859d1e952e49e3a60186fc8

Download | Favorite | View

EMC Documentum Content Server Privilege Escalation

Posted Jul 7, 2014

Site emc.com

EMC Documentum Content Server contains fixes for privilege escalation vulnerabilities that could be potentially exploited by malicious users to compromise the affected system.

tags | advisory, vulnerability

advisories | CVE-2014-2513, CVE-2014-2514

SHA-256 | f325a3ed2f21489039f40780cda08a8b95fc127428b6d92df13bc26359e58257

Download | Favorite | View