Explore >> Select a destination

You are here

 donncha.is
Reliably compromising Ubuntu desktops by attacking the crash reporter | Donncha Ó Cearbhaill
| | swordbytes.com
Overwolf 1-Click Remote Code Execution - CVE-2021-33501
2.5 parsecs away

Travel
| | SwordBytes researchers have identified an Unauthenticated Remote Code Execution (RCE) vulnerability in Overwolf's Client Application by abusing a Reflected Cross-Site Scripting (XSS) issue present in the "overwolfstore://" URL handler. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the underlying operating system that hosts Overwolf's Client Application.
| | taeluralexis.com
TryHackMe Wreath Writeup - Tae'lur Alexis
2.6 parsecs away

Travel
| | We'll target a network comprising 3 machines, leveraging CVE exploits, pivoting, code obfuscation techniques, and AV bypass strategies.
| | positive.security
Allow arbitrary URLs, expect arbitrary code execution | Positive Security
3.6 parsecs away

Travel
| | Insecure URL handling leading to 1-click code execution vulnerabilities in Telegram, Nextcloud (CVE-2021-22879), VLC, LibreOffice (CVE-2021-25631), OpenOffice (CVE-2021-30245), Bitcoin/Dogecoin Wallets, Wireshark (CVE-2021-22191) and Mumble (CVE-2021-27229).
| | nickcharlton.net
Debugging SenTestingKit to XCTest Linker Errors in Upgraded Xcode Projects - Nick Charlton
30.9 parsecs away

Travel
| There's a couple of (client) projects which I maintain which have been in existence for quite a while (one still has full iOS 5 support and hopefully we'll be able to drop that soon), but they're still well maintained and have reasonable test suites that have followed them through rather well. Sadly, Xcode can be a bit difficult and this time was no exception - although it did take a long time before the issue was seen.