Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
andrey b. panfilov vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-15012
OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to and including 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some f...
Opentext Documentum Content Server
1 EDB exploit
8.8
CVSSv3
CVE-2017-15013
OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to and including 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, w...
Opentext Documentum Content Server
1 EDB exploit
4.3
CVSSv3
CVE-2017-15014
OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to and including 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authentica...
Opentext Documentum Content Server
1 EDB exploit
8.8
CVSSv3
CVE-2017-7221
OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created ...
Opentext Documentum Content Server -
1 EDB exploit
8.8
CVSSv3
CVE-2017-15276
OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to and including 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpac...
Opentext Documentum Content Server
1 EDB exploit
9.8
CVSSv3
CVE-2017-5586
OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.
Opentext Documentum D2 4.1
Opentext Documentum D2 4.4
Opentext Documentum D2 4.3
Opentext Documentum D2 4.0
Opentext Documentum D2 4.2
Opentext Documentum D2 4.5
Opentext Documentum D2 4.6
1 EDB exploit
1 Github repository
NA
CVE-2015-4531
EMC Documentum Content Server prior to 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass...
Emc Documentum Content Server 6.7
Emc Documentum Content Server 7.1
Emc Documentum Content Server 7.2
Emc Documentum Content Server 7.0
NA
CVE-2015-4532
EMC Documentum Content Server prior to 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-...
Emc Documentum Content Server 6.7
Emc Documentum Content Server 7.0
Emc Documentum Content Server 7.1
Emc Documentum Content Server 7.2
NA
CVE-2014-4622
EMC Documentum Content Server prior to 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data ac...
Emc Documentum Content Server 7.0
Emc Documentum Content Server 6.5
Emc Documentum Content Server 6.7
Emc Documentum Content Server 6.6
Emc Documentum Content Server 7.1
Emc Documentum Content Server
Emc Documentum Content Server 6.0
8.8
CVSSv3
CVE-2017-7220
OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists be...
Opentext Documentum Content Server -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »