Vendor CVEs
Opentext
All CVEs
158 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3243 | 0.00 | — | 0.01 | Oct 28, 2013 | Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. | |||
| CVE-2010-5283 | 0.00 | — | 0.01 | Nov 26, 2012 | Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions. | |||
| CVE-2010-5282 | 0.00 | — | 0.01 | Nov 26, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx,… | |||
| CVE-2008-0769 | 0.00 | — | 0.01 | Feb 14, 2008 | Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input. | |||
| CVE-2007-2976 | 0.00 | — | 0.01 | Jun 1, 2007 | Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks. NOTE: the provenance of this information is unknown;… | |||
| CVE-2005-1045 | 0.00 | — | 0.02 | May 2, 2005 | OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark. | |||
| CVE-2004-0037 | 0.00 | — | 0.02 | Jan 20, 2004 | FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages. | |||
| CVE-2001-0631 | 0.00 | — | 0.01 | Aug 22, 2001 | Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users. |
- CVE-2013-3243Oct 28, 2013risk 0.00cvss —epss 0.01
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors.
- CVE-2010-5283Nov 26, 2012risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions.
- CVE-2010-5282Nov 26, 2012risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx,…
- CVE-2008-0769Feb 14, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input.
- CVE-2007-2976Jun 1, 2007risk 0.00cvss —epss 0.01
Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks. NOTE: the provenance of this information is unknown;…
- CVE-2005-1045May 2, 2005risk 0.00cvss —epss 0.02
OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark.
- CVE-2004-0037Jan 20, 2004risk 0.00cvss —epss 0.02
FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages.
- CVE-2001-0631Aug 22, 2001risk 0.00cvss —epss 0.01
Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users.
Page 4 of 4