CVSS: 9.8EPSS: 8%CPEs: 7EXPL: 2CVE-2017-5586 – OpenText Documentum D2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-5586
OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries. OpenText Documentum D2 (anteriormente EMC Documentum D2) 4.x permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con las librerías BeanShell (bsh) y Apache Commons Collections (ACC). OpenText Documentum D2 version 4.x contains vulnerable BeanShell (bsh) and Apache Commons libraries and accepts serialized data from untrusted sources, which leads to remote code execution. • https://www.exploit-db.com/exploits/41366 http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html http://www.securityfocus.com/bid/96216 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2015-6530
https://notcve.org/view.php?id=CVE-2015-6530
Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp. Múltiples vulnerabilidades de XSS en OpenText Secure MFT 2013 en versiones anteriores a 2013 R3 P6 y 2014 en versiones anteriores a 2014 R2 P2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro querytext a userdashboard.jsp. • http://packetstormsecurity.com/files/133247/OpenText-Secure-MFT-2014-R2-SP4-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/536260/100/0/threaded https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-041.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6805 – Exceed onDemand (EoD) MitM / Authentication Bypass / Hijacking
https://notcve.org/view.php?id=CVE-2013-6805
OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file. OpenText Exceed OnDemand (EoD) 8 utiliza codificación débil para contraseñas, lo que facilita a (1) atacantes remotos descubrir credenciales escuchando la red o (2) usuarios locales descubrir credenciales mediante la lectura de un archivo .eod8. • https://github.com/koto/exceed-mitm • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6806 – Exceed onDemand (EoD) MitM / Authentication Bypass / Hijacking
https://notcve.org/view.php?id=CVE-2013-6806
OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext. OpenText Exceed OnDemand (EoD) 8 permite a atacantes man-in-the-middle deshabilitar autenticación bidireccional y obtener información sensible a través de una cadena manipulada en una respuesta, lo que provoca una degradación a autenticación simple que envía credenciales en texto plano. • https://github.com/koto/exceed-mitm • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6807 – Exceed onDemand (EoD) MitM / Authentication Bypass / Hijacking
https://notcve.org/view.php?id=CVE-2013-6807
The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses. El cliente en OpenText Exceed OnDemand (EoD) 8 soporta cifrados anónimos por defecto, lo que permite a atacantes man-in-the-middle evadir validación del certificado de servidor, redirigir una conexión, y obtener información sensible a través de respuestas manipuladas. • https://github.com/koto/exceed-mitm • CWE-310: Cryptographic Issues •