Vulnerabilities > Opentext
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-19 | CVE-2013-6806 | Improper Authentication vulnerability in Opentext Exceed Ondemand 8.0 OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext. | 6.8 |
| 2014-05-19 | CVE-2013-6805 | Cryptographic Issues vulnerability in Opentext Exceed Ondemand 8.0 OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file. | 5.0 |
| 2013-10-28 | CVE-2013-3243 | Remote Code Injection vulnerability in ECM Suite Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. | 6.8 |
| 2012-11-26 | CVE-2010-5283 | Cross-Site Request Forgery (CSRF) vulnerability in Opentext Livelink ECM 9.7.1 Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions. | 6.8 |
| 2012-11-26 | CVE-2010-5282 | Cross-Site Scripting vulnerability in Opentext Livelink ECM 9.7.1 Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html. | 4.3 |
| 2008-02-14 | CVE-2008-0769 | Cross-Site Scripting vulnerability in Opentext Livelink ECM Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input. | 4.3 |
| 2004-12-31 | CVE-2004-2496 | Remote Denial Of Service vulnerability in OpenText FirstClass HTTP Daemon Search Function The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search. | 7.8 |
| 2004-01-20 | CVE-2004-0037 | Local File Reference Command Execution vulnerability in Opentext Firstclass Desktop Client 7.1 FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages. | 7.5 |