Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) allows for privilege escalation via traversal attacks leveraged through uploaded tar files.
>> ARCHIVE: 2017-10
Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows authenticated user to download arbitrary content files regardless of the attacker’s repository permissions.
Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows any authenticated user the ability to replace content of security-sensitive dmr_content objects (for…
Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) does not properly validate input of the PUT_FILE RPC command which allows any authenticated user to hijack arbitrary file…
AlienVault USM version 5.4.2 suffers from a cross site request forgery vulnerability.
Several issues have been identified, which allow attackers to manipulate log files, execute commands and to brute force Shadowsocks with enabled autoban.py brute force detection. Brute force detection from autoban.py…
Shadowsocks-libev version 3.1.0 suffers from a remote command execution vulnerability.
The enlightened lockdown policy check for COM Class instantiation can be bypassed in MSHTML hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).
Microsoft Edge Chakra JIT compiler creates incorrect GenerateBailOut calling patterns.
The “String.prototype.replace” method can be inlined in the JIT process. So in the method, all the calls which may break the JIT assumptions must be invoked with updating “ImplicitCallFlags”. But…