Explore >> Select a destination

You are here

 parsiya.net
Attack Surface Analysis - Part 2 - Custom Protocol Handlers
| | swordbytes.com
Overwolf 1-Click Remote Code Execution - CVE-2021-33501
9.7 parsecs away

Travel
| | SwordBytes researchers have identified an Unauthenticated Remote Code Execution (RCE) vulnerability in Overwolf's Client Application by abusing a Reflected Cross-Site Scripting (XSS) issue present in the "overwolfstore://" URL handler. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the underlying operating system that hosts Overwolf's Client Application.
| | zero.lol
Fun With Custom URI Schemes - zero.lol
7.5 parsecs away

Travel
| |
| | positive.security
Windows 10 RCE: The exploit is in the link | Positive Security
7.8 parsecs away

Travel
| | Chaining a misconfiguration in IE11/Edge Legacy with an argument injection in a Windows 10/11 default URI handler and a bypass for a previous Electron patch, we developed a drive-by RCE exploit for Windows 10. The main vulnerability in the ms-officecmd URI handler has not been patched yet and can also be triggered through other browsers (requires confirmation of an inconspicuous dialog) and desktop applications that allow URI opening.
| | www.proofpoint.com
Security Brief: Royal Mail Lures Deliver Open Source Prince Ransomware | Proofpoint US
35.4 parsecs away

Travel
| What happened Proofpoint researchers identified a campaign impersonating the British postal carrier Royal Mail delivering Prince ransomware. Prince is a ransomware variant freely