what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

EMC Documentum Content Server Privilege Escalation
Posted Sep 4, 2015
Site emc.com

EMC Documentum Content Server includes a privilege escalation vulnerability that could potentially be exploited by malicious, regular users to perform certain actions as the superuser. Unprivileged Content Server users may potentially escalate their privileges to become a superuser by creating and performing malicious operations on dm_job objects. This is due to improper authorization checks being performed on such objects and some of their attributes. The previous fix for CVE-2014-4626 was incomplete. Versions 7.2 and below are affected.

tags | advisory
advisories | CVE-2015-4544
MD5 | d204b92860a96221ad2e117024cc17ba

Related Files

Opentext Documentum Content Server File Hijack / Privilege Escalation
Posted Oct 14, 2017
Authored by Andrey B. Panfilov

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) does not properly validate input of the PUT_FILE RPC command which allows any authenticated user to hijack arbitrary file from the Content Server filesystem. Because some files on the Content Server filesystem are security-sensitive this security flaw leads to privilege escalation.

tags | exploit, arbitrary
advisories | CVE-2017-15012
MD5 | 58c1b1e2a0aa3b4d86d6fb406b6bfe31
Opentext Documentum Content Server Privilege Escalation
Posted Oct 14, 2017
Authored by Andrey B. Panfilov

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows any authenticated user the ability to replace content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.

tags | exploit
advisories | CVE-2017-15013
MD5 | e969855a8deab50d08f621a22b9000c9
Opentext Documentum Content Server File Download
Posted Oct 14, 2017
Authored by Andrey B. Panfilov

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows authenticated user to download arbitrary content files regardless of the attacker's repository permissions.

tags | exploit, arbitrary
advisories | CVE-2017-15014
MD5 | 77919afb274537f00addfc4378c1136d
Opentext Documentum Content Server Privilege Escalation
Posted Oct 14, 2017
Authored by Andrey B. Panfilov

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) allows for privilege escalation via traversal attacks leveraged through uploaded tar files.

tags | exploit
advisories | CVE-2017-15276
MD5 | 27902a71e9682ee28a5fded33ce8cf58
EMC Documentum eRoom Unverified Password Change
Posted Jan 31, 2017
Site emc.com

EMC Documentum eRoom includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions affected include 7.4.4 and 7.4.4 SP. Versions prior to 7.4.5 P04 and 7.5.0 P01 are also affected.

tags | advisory
advisories | CVE-2017-2766
MD5 | 62c98ebaabdc33171a6c9cedb03eff2b
EMC Documentum D2 4.5 / 4.6 DQL Injection / Cross Site Scripting
Posted Jan 28, 2017
Site emc.com

EMC Documentum versions 4.5 and 4.6 suffer from DQL injection and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2016-9872, CVE-2016-9873
MD5 | 98f1c7c4d8b3563daf6f6d13fcb0e828
EMC Documentum Webtop Cross Site Scripting
Posted Jan 18, 2017
Authored by Imran Khan | Site emc.com

EMC Documentum Webtop and its client products contain a stored cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Various products and versions are affected.

tags | advisory, xss
advisories | CVE-2016-8213
MD5 | d885b3fb017d595a5d97c15694871d8d
EMC Documentum D2 Authentication Bypass
Posted Sep 13, 2016
Site emc.com

EMC Documentum D2 contains fix for authentication bypass that could potentially be exploited by malicious users to compromise the affected system. By exploiting this vulnerability, remote unauthenticated users could download any document from the Docbase by knowing only the r_object_id of that document. Affected includes EMC Documentum D2 versions 4.5 earlier than patch 15 and EMC Documentum D2 versions 4.6 earlier than patch 03.

tags | advisory, remote
advisories | CVE-2016-6644
MD5 | 682181d66d3943d57de57b65080be012
EMC Documentum WDK-Based Applications Code Execution / Traversal
Posted Jul 4, 2016
Authored by Andrey B. Panfilov

All EMC Documentum WDK-based applications (Taskspace, Webtop, Documentum Administrator, EPFM) contain an extremely dangerous web component – API Tester. It allows for path traversal, arbitrary code execution, and privilege escalation attacks.

tags | advisory, web, arbitrary, code execution, file inclusion
advisories | CVE-2014-0629, CVE-2016-0914
MD5 | fdc4e6effab0853d058f82e44183e822
EMC Documentum WebTop Improper Authorization
Posted Jun 22, 2016
Site emc.com

Remote authenticated WebTop and WebTop Client users may gain access to the IAPI/IDQL interface in WebTop without proper authorization. Malicious users could exploit this vulnerability to run IAPI/IDQL commands on the affected systems using their own privilege. Affected products include EMC Documentum WebTop versions 6.8 and 6.8.1, Administrator versions 7.0, 7.1, 7.2, TaskSpace version 6.7 SP3, and Capital Projects versions 1.9 and 1.10.

tags | advisory, remote
advisories | CVE-2016-0914
MD5 | 47bf51099b647a609d295030d1d4894a
EMC Documentum D2 4.6 Configuration Object
Posted Apr 5, 2016
Site emc.com

EMC Documentum D2 4.6 contains a fix for a D2 Configuration Object vulnerability that could potentially be exploited by malicious users to perform unauthorized updates on any D2 configuration object.

tags | advisory
advisories | CVE-2016-0888
MD5 | d5ef346d5db8e49d3b491778d30fff8d
EMC Documentum xCP 2.1 / 2.2 Information Disclosure
Posted Mar 7, 2016
Site emc.com

EMC Documentum xCP allows authenticated non-admin users to view information about other users.

tags | advisory
advisories | CVE-2016-0886
MD5 | d84a9d1758678deedf18aba01a6f883f
EMC Documentum xCP XXE Injection / DQL Injection
Posted Feb 11, 2016
Site emc.com

EMC Documentum xCP contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. Versions 2.1 and 2.2 are affected.

tags | advisory, vulnerability
advisories | CVE-2016-0881, CVE-2016-0882
MD5 | 83549d0a3264410db77907b3175b6724
EMC Documentum D2 Fail Open
Posted Aug 22, 2015
Site emc.com

EMC Documentum D2 contains fail open vulnerability that could be exploited by malicious users to compromise D2. Versions 4.2 and below are affected.

tags | advisory
advisories | CVE-2015-4537
MD5 | 7a5dd9e9e80ced424bea573066ec497f
EMC Documentum Content Server Privilege Escalation
Posted Aug 19, 2015
Authored by Andrey B. Panfilov

EMC Documentum Content Server failed to fully address privilege escalation vulnerabilities as noted in CVE-2015-4532.

tags | exploit, vulnerability
systems | linux
advisories | CVE-2015-4532
MD5 | f077c7b66a88a4d79bd35466aceeea97
EMC Documentum Content Server Code Execution
Posted Aug 18, 2015
Authored by Andrey B. Panfilov

EMC Documentum Content Server suffers from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
advisories | CVE-2015-4532
MD5 | 59cc7b7a6b4898a9f1276c6f109ec9a9
EMC Documentum Content Server Privilege Escalation
Posted Aug 18, 2015
Authored by Andrey B. Panfilov

EMC Documentum Content Server suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2011-4144, CVE-2014-4622, CVE-2015-4531
MD5 | 5c0122dc8495467fa151ccc21f62caaa
EMC Documentum WebTop Cross Site Request Forgery
Posted Aug 18, 2015
Site emc.com

EMC Documentum WebTop and WebTop-based clients are affected by a cross site request forgery vulnerability. An attacker can potentially exploit this vulnerability by tricking authenticated users of the application to click on links embedded within an email, web page, or another source, and perform Docbase operations with that user's privileges.

tags | advisory, web, csrf
advisories | CVE-2015-4530
MD5 | dea49dc61b23216793d5af3a1c66e41b
EMC Documentum Content Server Privilege Escalation / Code Execution
Posted Aug 17, 2015
Site emc.com

EMC Documentum Content Server contains multiple vulnerabilities that could be exploited by malicious users to compromise the Content Server in several ways.

tags | advisory, vulnerability
advisories | CVE-2015-4531, CVE-2015-4532, CVE-2015-4533, CVE-2015-4534, CVE-2015-4535, CVE-2015-4536
MD5 | ad45a0bf2ec7c708d2d4a35c00a41284
EMC Documentum CenterStage Cross Site Scripting
Posted Jul 17, 2015
Site emc.com

EMC Documentum CenterStage is affected by a stored cross-site scripting vulnerability that could potentially be exploited by an attacker by injecting malicious HTML or script. This may lead to execution of injected HTML or script in the context of the authenticated user.

tags | advisory, xss
advisories | CVE-2015-4528
MD5 | c86787b43c1e2e7d65b1cb37b1be44aa
EMC Documentum WebTop Open Redirect
Posted Jul 17, 2015
Site emc.com

EMC Documentum WebTop and WebTop based client products contain an open redirected vulnerability. Attackers could potentially exploit this vulnerability by supplying crafted URLs to users of the affected application and causing a browser redirect to arbitrary and potentially malicious websites.

tags | advisory, arbitrary
advisories | CVE-2015-4529
MD5 | a6f4666dc99d300a93ae27d17208f911
EMC Documentum Content Server CVE-2014-2513 Bad Fix
Posted Jul 9, 2015
Authored by Andrey B. Panfilov

The fix for the EMC Documentum Content Server vulnerability as highlighted in CVE-2014-2513 appears to be partial and still exploitable via slightly modified means.

tags | exploit
advisories | CVE-2014-2513
MD5 | 92d43a13b7d0b0d4f1a4f180ed5eef60
EMC Documentum Content Server ESA-2014-105 Fail
Posted Jul 7, 2015
Authored by Andrey B. Panfilov

A vulnerability exists in the EMC Documentum Content Server which allows an authenticated user to elevate privileges, hijack Content Server filesystem, or execute arbitrary commands by creating malicious dm_job objects. Although ESA-2014-105 claimed to remediate this issue, it persists.

tags | exploit, arbitrary
systems | linux
advisories | CVE-2014-4626
MD5 | 3c5534f71cf98accfe6458c9df5ebddf
EMC Documentum D2 DQL Injection
Posted Jul 2, 2015
Site emc.com

EMC Documentum D2 contains multiple DQL injection vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.

tags | advisory, vulnerability
advisories | CVE-2015-0547, CVE-2015-0548
MD5 | 5e46a571f053aadcc1af73bfd7ee1149
EMC Documentum WebTop Client XSS / File Upload
Posted Jul 2, 2015
Site emc.com

EMC Documentum WebTop based client products contain multiple cross-site scripting vulnerabilities that could potentially be exploited by attackers to inject arbitrary HTML code or scripts, which may get executed in the context of an authenticated user. EMC Documentum WebTop based client products allow any type of user supplied file to be uploaded to the backend Content Server, which may allow attackers to upload malicious files.

tags | advisory, arbitrary, vulnerability, xss
advisories | CVE-2015-0551, CVE-2015-4524
MD5 | 34d4b175a97491b933a035a4f0332c14
Page 1 of 4
Back1234Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    1 Files
  • 24
    Jan 24th
    1 Files
  • 25
    Jan 25th
    36 Files
  • 26
    Jan 26th
    26 Files
  • 27
    Jan 27th
    28 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close