Quantcast
Channel: Information Organization & Access Today » Security alert
Browsing latest articles
Browse All 20 View Live

Image may be NSFW.
Clik here to view.

eRoom 7.3 and later – arbitrary file upload vulnerability

Are you still using glorious EMC eRoom? Your system could need a little upgrade. This week the EMC Product Security Response Center published a bulletin related to an eRoom vulnerability. More info...

View Article


Image may be NSFW.
Clik here to view.

What’s new in Documentum Content Server 6.7 Sp1 (and xPlore)

1) Thesaurus support xPlore 1.2 (released with Documentum 6.7 Sp1) now support thesaurus. Administrators can import a thesaurus in SKOS format in the xPlore Administrator. As defined by Wikipedia,...

View Article


The TYPO3 security team has identified a critical security issue in the TYPO3...

The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core. The following branches are affected by the vulnerability: * TYPO3 4.5 * TYPO3 4.6 TYPO3 releases containing a...

View Article

Digital Defense Identifies KnowledgeTree™ Login Page Vulnerability

Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security assessments, announced the organization’s discovery of a vulnerability within the KnowledgeTree login page which could...

View Article

TYPO3 4.6.2 and 4.5.9 released (security fixes included)

The TYPO3 Core Team announces versions 4.6.2 and 4.5.9 of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug and security fixes. IMPORTANT: These...

View Article


WordPress 3.3.1 available

WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3.

View Article

Image may be NSFW.
Clik here to view.

EMC Security Advisory on EMC Documentum 6.0, 6.5, 6.6

Today EMC will be publishing a security advisory related to a privilege elevation vulnerability that I discovered some months ago. I am particularly proud of my research because what discovered is the...

View Article

EMC published a Security Alert on EMC Documentum: affected all content server...

As reported yesterday, EMC published a security advisory related to a privilege elevation vulnerability that I discovered some months ago. The security advisory ESA-2012-009: EMC Documentum Content...

View Article


ESA-2012-009 – Security Alert on EMC Documentum: security patch ready

Today I verified that the security issue reported on this site and on many security related sites like SecurityFocus affects even Content Server 5.3 in addition to many 6.x systems. I know the exploit...

View Article


Image may be NSFW.
Clik here to view.

ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability.

This week EMC published a new security advisory. This time the advisory is related to Documentum xPlore. Affected products: EMC Documentum xPlore 1.0 (all patch versions) EMC Documentum xPlore 1.1 (all...

View Article

EMC Documentum IRM Server Multiple Denial of Service Vulnerabilities (Secunia...

Luigi Auriemma has reported multiple vulnerabilities in EMC Documentum IRM Server, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A NULL pointer dereference error...

View Article

ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability

This January I discovered a security issue that affects some EMC Documentum Content Server engines. EMC resolved this issue and just today released the security bulletin Esa-2014-26. This is the second...

View Article

ESA-2014-023: EMC Documentum JBOSS Remote Code Execution Vulnerability

Today EMC published two security bulletins. The first one, the ESA-2014-026, is a vulnerability I discovered. The second one is related to a standard Jboss vulnerability. Jboss is used for some...

View Article


OpenSSL Heartbleed Vulnerability (CVE-2014-0160) does not affect Documentum...

OpenSSL Heartbleed Vulnerability (CVE-2014-0160) does not affect Documentum systems because simply these don’t use OpenSSL! Some concerns just about the on premise edition of Syncplicty. Cause Due to a...

View Article

OpenSSL Heartbleed and Documentum – Update – ESA-2014-037

Today EMC reported on the ESA-2014-037 that the the impact of OpenSSL Heartbleed vulnerability (CVE-2014-0160) on Documentum Content Server is limited to: Fulltext query plugin used by the Content...

View Article


ESA-2014-045 Documentum D2 Vulnerability

Today EMC released a note related to a vulnerability that affect the Documentum D2 client. The CVE vulnerability identifier is CVE-2014-2504 (score 8.5). The affected products are EMC Documentum D2 3.1...

View Article

Image may be NSFW.
Clik here to view.

ESA-2014-026: vulnerability explained

On January 3, 2014 I discovered a vulnerability related to Documentum Content Server that I communicated to EMC during the same day. On April 11, 2014 EMC published the ESA-2014-026: EMC Documentum...

View Article


Image may be NSFW.
Clik here to view.

ESA-2014-024: EMC Documentum Digital Asset Manager DQL Injection Vulnerability

Today EMC announced a security fix to address Blind Documentum Query Language (DQL) Injection vulnerability on Documentum Digital Asset Manager (DAM). The affected versions are: EMC Software: EMC...

View Article

Image may be NSFW.
Clik here to view.

ESA-2014-046 – Multiple Content Server vulnerabilities fixed

Another day, another fix: someone can think that Content Server has too much vulnerabilities but for sure during these days EMC is working very hard to make his systems more secure. I appreciate the...

View Article

Image may be NSFW.
Clik here to view.

EMC Documentum D2 Vulnerability explained

Last Thrursday EMC released the ESA-2016-034 security bulletin. This is related to a Documentum D2 vulnerability (CVE-2016-0888). As reported in the bulletin by EMC: Prior to EMC Documentum D2 4.6,...

View Article
Browsing latest articles
Browse All 20 View Live