picar0jsu
/ CVE-2023-31871
Created
May 18, 2023 15:48
OpenText Documentum Content Server < 23.2 SUID Local Privilege Escalation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Suggested description] | |
| OpenText Documentum Content Server before 23.2 has a flaw that allows | |
| for privilege escalation from a non-privileged Documentum user to root. | |
| The software comes prepackaged with a root owned SUID binary | |
| dm_secure_writer. The binary has security controls in place preventing | |
| creation of a file in a non-owned directory, or as the root user. | |
| However, these controls can be carefully bypassed to allow for an | |
| arbitrary file write as root. | |
| ------------------------------------------ |
picar0jsu
/ CVE-2022-21371
Last active
April 26, 2023 06:59
Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion | |
| # Date: 25/1/2022 | |
| # Exploit Author: Jonah Tan (@picar0jsu) | |
| # Vendor Homepage: https://www.oracle.com | |
| # Software Link: https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html | |
| # Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 | |
| # Tested on: Windows Server 2019, WebLogic 12.2.1.3.0, Peoplesoft 8.57.22 | |
| # CVE : CVE-2022-21371 | |
| # Description |
picar0jsu
/ CVE-2020-13893
Last active
December 20, 2022 19:41
Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Suggested description] | |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Sage | |
| EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary | |
| web script or HTML via multiple parameters through Unicode | |
| Transformations (Best-fit Mapping), as demonstrated by the full-width | |
| variants of the less-than sign (%EF%BC%9C) and greater-than sign | |
| (%EF%BC%9E). | |
| ------------------------------------------ |