CVE-2014-4639
https://notcve.org/view.php?id=CVE-2014-4639
EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value. EMC Documentum Web Development Kit (WDK) anterior a 6.8 no genera correctamente los números aleatorios para cierto parámetro relacionado con los componentes Webtop, lo que facilita a atacantes remotos realizar ataques de phishing a través de intentos a la fuerza bruta de prever el valor del parámetro. • http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html http://www.securitytracker.com/id/1031497 https://exchange.xforce.ibmcloud.com/vulnerabilities/99636 • CWE-189: Numeric Errors •
CVE-2014-4638
https://notcve.org/view.php?id=CVE-2014-4638
EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. EMC Documentum Web Development Kit (WDK) anterior a 6.8 permite a atacantes remotos realizar ataques de inyección de Frames (frame-injection) y obtener información sensible a través de vectores no especificadios. • http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html http://www.securitytracker.com/id/1031497 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-4636
https://notcve.org/view.php?id=CVE-2014-4636
Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations. Vulnerabilidad de CSRF en EMC Documentum Web Development Kit (WDK) anterior a 6.8 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que realizan operaciones Docbase. • http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html http://www.securitytracker.com/id/1031497 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-4637
https://notcve.org/view.php?id=CVE-2014-4637
Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. Vulnerabilidad de redirección abierta en EMC Documentum Web Development Kit (WDK) anterior a 6.8 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de un parámetro no especificado. • http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html http://www.securitytracker.com/id/1031497 •
CVE-2014-4635
https://notcve.org/view.php?id=CVE-2014-4635
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en EMC Documentum Web Development Kit (WDK) anterior a 6.8 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2015-01/0009.html http://packetstormsecurity.com/files/129822/EMC-Documentum-Web-Development-Kit-XSS-CSRF-Redirection-Injection.html http://www.securitytracker.com/id/1031497 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •