CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6994 – Exceed onDemand (EoD) MitM / Authentication Bypass / Hijacking
https://notcve.org/view.php?id=CVE-2013-6994
OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network. OpenText Exceed OnDemand (EoD) 8 transmite el ID de sesión en texto claro, lo que permite a atacantes remotos realizar ataques de fijación de sesión mediante la captura de trafico de red. • https://github.com/koto/exceed-mitm • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2013-3243
https://notcve.org/view.php?id=CVE-2013-3243
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. Vulnerabilidad sin especificar en OpenText/IXOS ECM para SAP NetWeaver permite a atacantes remotos ejecutar código arbitrario ABAP a través de vectores sin especificar. • http://archives.neohapsis.com/archives/bugtraq/2013-04/0214.html http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/57-esnc-2013-004-remote-abap-code-injection-in-opentext-ixos-ecm-suite-for-sap-netweaver.html •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2010-5283
https://notcve.org/view.php?id=CVE-2010-5283
Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions. Una vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en Open Text ECM (antiguamente Livelink ECM) v9.7.1 permite a atacantes remotos secuestrar la autenticación de los administradores de las peticiones que cambian los permisos de carpetas y de recursos. • http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0359.html http://packetstormsecurity.org/1009-exploits/opentext-xsrfxss.txt http://secunia.com/advisories/41553 http://www.osvdb.org/68255 https://exchange.xforce.ibmcloud.com/vulnerabilities/62057 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2010-5282
https://notcve.org/view.php?id=CVE-2010-5282
Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en OpenText ECM (formalmente, Livelink ECM) permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través de los parámetros (1) viewType y (2) sort en una acción de navegación a livelink/livelink; y los parámetros (3) nodeid, (4) setctx, y (5) support a livelinkdav/nodes/OOB_DAVWindows.html. • http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0359.html http://packetstormsecurity.org/1009-exploits/opentext-xsrfxss.txt http://secunia.com/advisories/41553 http://www.osvdb.org/68256 http://www.osvdb.org/68257 https://exchange.xforce.ibmcloud.com/vulnerabilities/62056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2008-0769
https://notcve.org/view.php?id=CVE-2008-0769
Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Livelink ECM versiones de la 9.0.0 a 9.7.0 y posiblemente anteriores, no asigna un conjunto de caracteres, que permite a atacantes remotos inyectar secuencias de comandos web o HTMLa través de entradas codificadas UTF-7. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059985.html http://secunia.com/advisories/28723 http://withdk.com/archives/livelink-utf7-xss-advisory.pdf http://www.securityfocus.com/bid/27537 https://exchange.xforce.ibmcloud.com/vulnerabilities/40123 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •