CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15276 – OpenText Documentum Content Server - Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-15276
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. OpenText Documentum Content Server (anteriormente conocido como EMC Documentum Content Server) hasta la versión 7.3 contiene el siguiente fallo de diseño, que permite que un usuario autenticado gane privilegios de superuser: Content Server permite la subida de contenidos usando lotes (archivos TAR). Al desempaquetar archivos TAR, Content Server no puede verificar el contenido de un archivo, lo que provoca una vulnerabilidad de salto de directorio mediante vínculos simbólicos. • https://www.exploit-db.com/exploits/43002 http://seclists.org/bugtraq/2017/Oct/19 http://www.securityfocus.com/bid/101639 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14757 – OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection
https://notcve.org/view.php?id=CVE-2017-14757
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. OpenText Document Sciences xPression (anteriormente conocido como EMC Document Sciences xPression) v4.5SP1 Patch 13 (otras versiones más antiguas también podrían verse afectadas) es propenso a una inyección SQL: /xDashboard/html/jobhistory/downloadSupportFile.action, parámetro: jobRunId. Para que esta vulnerabilidad sea explotada, un atacante debe autenticarse antes en la aplicación. • https://www.exploit-db.com/exploits/42939 http://seclists.org/fulldisclosure/2017/Oct/8 https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14758 – OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection
https://notcve.org/view.php?id=CVE-2017-14758
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. OpenText Document Sciences xPression (anteriormente conocido como EMC Document Sciences xPression) v4.5SP1 Patch 13 (otras versiones más antiguas también podrían verse afectadas) es propenso a una inyección SQL: /xAdmin/html/cm_doclist_view_uc.jsp, parámetro: documentId. Para que esta vulnerabilidad sea explotada, un atacante debe autenticarse antes en la aplicación. • https://www.exploit-db.com/exploits/42940 http://seclists.org/fulldisclosure/2017/Oct/23 https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14759 – OpenText Document Sciences xPression 4.5SP1 Patch 13 XML Injection
https://notcve.org/view.php?id=CVE-2017-14759
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service. OpenText Document Sciences xPression (anteriormente conocido como EMC Document Sciences xPression) v4.5SP1 Patch 13 (otras versiones más antiguas también podrían verse afectadas) es propenso a una vulnerabilidad de XML External Entity: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. Un usuario sin autenticar puede leer listas de directorios o archivos del sistema, así como provocar SSRF o una denegación de servicio (DoS).< OpenText Document Sciences xPression version 4.5SP1 Patch 13 suffers from an XML external entity injection vulnerability. • http://seclists.org/fulldisclosure/2017/Sep/97 https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14756 – OpenText Document Sciences xPression 4.5SP1 Patch 13 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-14756
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id). OpenText Document Sciences xPression (anteriormente conocido como EMC Document Sciences xPression) v4.5SP1 Patch 13 (otras versiones más antiguas también podrían verse afectadas) es propenso a Cross-Site Scripting (XSS): /xAdmin/html/Deployment (cat_id). OpenText Document Sciences xPression version 4.5SP1 Patch 13 suffers from a cross site scripting vulnerability in the Deployment functionality. • http://seclists.org/fulldisclosure/2017/Sep/96 https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •