Categoria: hijack

Opentext Documentum Content Server File Hijack / Privilege Escalation
14 10
Pubblicato in content Nessun commento

Opentext Documentum Content Server File Hijack / Privilege Escalation

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) does not properly validate input of the PUT_FILE RPC command which allows any authenticated user to hijack arbitrary file from the Content Server filesystem. Because some files on the Content Server filesystem are security-sensitive this security flaw leads to privilege escalation. Source: Opentext Documentum […]

The post Opentext Documentum Content Server File Hijack / Privilege Escalation appeared first on MondoUnix.

Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)
22 08
Pubblicato in bypass Nessun commento

Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)

This Metasploit module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated sessions. Registry key modifications are cleaned up after payload invocation. […]

The post Windows Escalate UAC Protection Bypass (Via COM Handler Hijack) appeared first on MondoUnix.