EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod,. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.