Do you like obsessive advertisement?

I have no idea who was the author of dumb idea to display document’s content in a browser – I always thought that if you unable to open file in specialized application this means you are not intended to see that file. Today I noticed on LinkedIn an advertisement of another one square wheel and […]

New set of Documentum vulnerabilities

It’s hard to say that vulnerabilities, described below, are new, because all of them were discovered more than 6 months ago, but I had no idea what to do with them. On April 2014 I made an experiment aimed to figure out whether responsible disclosure makes sense or not. Now it’s pretty clear that responsible […]

Beware of Thumbnail Server

This issue was originally filed to EMC on February 8, since I haven’t received any feedback I suppose that issue is insignificant and unimportant, so it comes to public. Previously I already wrote that in xCP 2 EMC brought together all non-popular products in Documentum product stack (like xPlore, CTS, BAM, BPS, CIS and thumbnail […]

documentum security vulnerabilities: execution of “protected” methods

Some of repository methods are insecure by design, for example “mail” method just executes program dm_mailwrapper.sh: dm_mailwrapper.sh can send contents of any text file to user: but non-privileged user is not able to execute mail method directly: Bad news is Content Server allows execute such methods through executing jobs and any user is able to […]