Outer Web | Explore

Explore >> Select a destination

You are here		positive.security Allow arbitrary URLs, expect arbitrary code execution \| Positive Security
\|	\|	swordbytes.com Overwolf 1-Click Remote Code Execution - CVE-2021-33501	2.3 parsecs away Travel
\|	\|	SwordBytes researchers have identified an Unauthenticated Remote Code Execution (RCE) vulnerability in Overwolf's Client Application by abusing a Reflected Cross-Site Scripting (XSS) issue present in the "overwolfstore://" URL handler. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the underlying operating system that hosts Overwolf's Client Application.	2.3 parsecs away Travel
\|	\|	srcincite.io Smarty Template Engine Multiple Sandbox Escape PHP Code Injection Vulnerabilities	3.6 parsecs away Travel
\|	\|	In this blog post we explore two different sandbox escape vulnerabilities discovered in the Smarty Template Engine that can be leveraged by a context dependa...	3.6 parsecs away Travel
\|	\|	donncha.is Reliably compromising Ubuntu desktops by attacking the crash reporter \| Donncha Ó Cearbhaill	3.6 parsecs away Travel
\|	\|	[AI summary] A security researcher discovered a remote code execution vulnerability in Ubuntu's Apport crash reporting system, allowing attackers to execute arbitrary code by exploiting a Python code injection flaw and path traversal issues in default file handlers.	3.6 parsecs away Travel
\|	\|	unit42.paloaltonetworks.com Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes	21.9 parsecs away Travel
\|		Hildegard is a new malware campaign believed to originate from TeamTNT. It targets Kubernetes clusters and launches cryptojacking operations.	21.9 parsecs away Travel