CVE-2014-2520

Related Files

OpenText Documentum Content Server 7.3 SQL Injection

Posted Feb 16, 2017

Authored by Andrey B. Panfilov

OpenText Documentum Content Server version 7.3 suffers from a remote SQL injection vulnerability due to a previously announced fix being incomplete.

tags | exploit, remote, sql injection

advisories | CVE-2014-2520, CVE-2017-5585

SHA-256 | ace149b822a50c7993d6f686c8031fafa0ff63437d3e979c07952eb853919ff7

Download | Favorite | View

EMC Documentum Code Execution / DQL Injection

Posted Aug 19, 2014

Site emc.com

EMC Documentum suffers from code execution, DQL injection, information disclosure, and multiple openssl vulnerabilities. Nicolas Gregoire provided the following PoC for the DQL injection: x'+UNION+ALL+SELECT+'z',user_os_name,user_name,default_folder+FROM+dm_user+ENABLE+(RETURN_TOP+10);

tags | advisory, vulnerability, code execution, info disclosure

advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-2520, CVE-2014-2521, CVE-2014-3470, CVE-2014-4618

SHA-256 | 8519416c566585987d0c1b89564e5ddbeb78d80955a30917dd2386336520cb34

Download | Favorite | View