CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3286
https://notcve.org/view.php?id=CVE-2013-3286
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. Múltiples vulnerabilidades de cross-site scripting (XSS) en EMC Documentum eRoom anterior a 7.4.4 P11 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL manipulada. • http://archives.neohapsis.com/archives/bugtraq/2013-11/0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0398
https://notcve.org/view.php?id=CVE-2012-0398
EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors. EMC Documentum eRoom antes de v7.4.4 no valida correctamente las cookies de sesión, lo que permite a atacantes remotos secuestrar o reproducir las sesiones a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0057.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0404
https://notcve.org/view.php?id=CVE-2012-0404
Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en EMC Documentum eRoom antes de v7.4.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0057.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-2739
https://notcve.org/view.php?id=CVE-2011-2739
The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file. La funcionalidad file-blocking en EMC Documentum eRoom v7.3.x y v7.4.x antes de v7.4.3.g no restringe adecuadamente la subida y apertura de archivos peligrosos, lo que permite a usuarios autenticados remotamente ejecutar código de su elección mediante la subida de un archivo. • http://securityreason.com/securityalert/8528 http://www.securityfocus.com/archive/1/520372 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 27%CPEs: 3EXPL: 0CVE-2011-1741 – EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1741
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP. Desbordamiento de búfer basado en pila en ftserver.exe en OpenText Hummingbird Client Connector, como el usado en Indexing Server en EMC Documentum eRoom v7.x before v7.4.3.f y otros productos, permite a atacantes remotos ejecutar código de su elección mandando un mensaje manipulado sobre TCP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Documentum eRoom Indexing Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bundled implementation of OpenText's HummingBird Connector. When parsing a particular packet received from a TCP connection, the application will attempt to copy part of the packet's contents into a buffer located on the stack. • http://securityreason.com/securityalert/8311 http://securitytracker.com/id?1025790 http://www.securityfocus.com/archive/1/518897/100/0/threaded http://www.securityfocus.com/archive/1/518913/100/0/threaded http://www.securityfocus.com/bid/48712 http://www.zerodayinitiative.com/advisories/ZDI-11-236 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •