eRoom 7.3 and later – arbitrary file upload vulnerability
Are you still using glorious EMC eRoom? Your system could need a little upgrade. This week the EMC Product Security Response Center published a bulletin related to an eRoom vulnerability. More info...
View ArticleWhat’s new in Documentum Content Server 6.7 Sp1 (and xPlore)
1) Thesaurus support xPlore 1.2 (released with Documentum 6.7 Sp1) now support thesaurus. Administrators can import a thesaurus in SKOS format in the xPlore Administrator. As defined by Wikipedia,...
View ArticleThe TYPO3 security team has identified a critical security issue in the TYPO3...
The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core. The following branches are affected by the vulnerability: * TYPO3 4.5 * TYPO3 4.6 TYPO3 releases containing a...
View ArticleDigital Defense Identifies KnowledgeTree™ Login Page Vulnerability
Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security assessments, announced the organization’s discovery of a vulnerability within the KnowledgeTree login page which could...
View ArticleTYPO3 4.6.2 and 4.5.9 released (security fixes included)
The TYPO3 Core Team announces versions 4.6.2 and 4.5.9 of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug and security fixes. IMPORTANT: These...
View ArticleWordPress 3.3.1 available
WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3.
View ArticleEMC Security Advisory on EMC Documentum 6.0, 6.5, 6.6
Today EMC will be publishing a security advisory related to a privilege elevation vulnerability that I discovered some months ago. I am particularly proud of my research because what discovered is the...
View ArticleEMC published a Security Alert on EMC Documentum: affected all content server...
As reported yesterday, EMC published a security advisory related to a privilege elevation vulnerability that I discovered some months ago. The security advisory ESA-2012-009: EMC Documentum Content...
View ArticleESA-2012-009 – Security Alert on EMC Documentum: security patch ready
Today I verified that the security issue reported on this site and on many security related sites like SecurityFocus affects even Content Server 5.3 in addition to many 6.x systems. I know the exploit...
View ArticleESA-2012-010: EMC Documentum xPlore information disclosure vulnerability.
This week EMC published a new security advisory. This time the advisory is related to Documentum xPlore. Affected products: EMC Documentum xPlore 1.0 (all patch versions) EMC Documentum xPlore 1.1 (all...
View ArticleEMC Documentum IRM Server Multiple Denial of Service Vulnerabilities (Secunia...
Luigi Auriemma has reported multiple vulnerabilities in EMC Documentum IRM Server, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A NULL pointer dereference error...
View ArticleESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability
This January I discovered a security issue that affects some EMC Documentum Content Server engines. EMC resolved this issue and just today released the security bulletin Esa-2014-26. This is the second...
View ArticleESA-2014-023: EMC Documentum JBOSS Remote Code Execution Vulnerability
Today EMC published two security bulletins. The first one, the ESA-2014-026, is a vulnerability I discovered. The second one is related to a standard Jboss vulnerability. Jboss is used for some...
View ArticleOpenSSL Heartbleed Vulnerability (CVE-2014-0160) does not affect Documentum...
OpenSSL Heartbleed Vulnerability (CVE-2014-0160) does not affect Documentum systems because simply these don’t use OpenSSL! Some concerns just about the on premise edition of Syncplicty. Cause Due to a...
View ArticleOpenSSL Heartbleed and Documentum – Update – ESA-2014-037
Today EMC reported on the ESA-2014-037 that the the impact of OpenSSL Heartbleed vulnerability (CVE-2014-0160) on Documentum Content Server is limited to: Fulltext query plugin used by the Content...
View ArticleESA-2014-045 Documentum D2 Vulnerability
Today EMC released a note related to a vulnerability that affect the Documentum D2 client. The CVE vulnerability identifier is CVE-2014-2504 (score 8.5). The affected products are EMC Documentum D2 3.1...
View ArticleESA-2014-026: vulnerability explained
On January 3, 2014 I discovered a vulnerability related to Documentum Content Server that I communicated to EMC during the same day. On April 11, 2014 EMC published the ESA-2014-026: EMC Documentum...
View ArticleESA-2014-024: EMC Documentum Digital Asset Manager DQL Injection Vulnerability
Today EMC announced a security fix to address Blind Documentum Query Language (DQL) Injection vulnerability on Documentum Digital Asset Manager (DAM). The affected versions are: EMC Software: EMC...
View ArticleESA-2014-046 – Multiple Content Server vulnerabilities fixed
Another day, another fix: someone can think that Content Server has too much vulnerabilities but for sure during these days EMC is working very hard to make his systems more secure. I appreciate the...
View ArticleEMC Documentum D2 Vulnerability explained
Last Thrursday EMC released the ESA-2016-034 security bulletin. This is related to a Documentum D2 vulnerability (CVE-2016-0888). As reported in the bulletin by EMC: Prior to EMC Documentum D2 4.6,...
View Article