Posts Tagged ‘server’

Opentext Documentum Content Server File Hijack / Privilege Escalation

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) does not properly validate input of the PUT_FILE RPC command which allows any authenticated user to hijack arbitrary file from the Content Server filesystem. Because some files on the Content Server filesystem are security-sensitive this security flaw leads to privilege escalation. Source: Opentext Documentum […]


Opentext Documentum Content Server Privilege Escalation

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows any authenticated user the ability to replace content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges. Source: Opentext Documentum Content Server Privilege Escalation


Opentext Documentum Content Server File Download

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows authenticated user to download arbitrary content files regardless of the attacker’s repository permissions. Source: Opentext Documentum Content Server File Download


Rancher Server Docker Exploit

Utilizing Rancher Server, an attacker can create a docker container with the ‘/’ path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owed by root. This […]


Oracle WebLogic Server Java Deserialization Remote Code Execution

This exploit tests the target Oracle WebLogic Server for Java Deserialization remote code execution vulnerability. The ysoserial payload causes the target to send Ping requests to the attacking machine. You can monitor ICMP ECHO requests on your attacking machine using TCPDump to know if the exploit was successful. Feel free to modify the payload (chunk2) […]