Explore >> Select a destination
|
You are here 
|
labs.ioactive.com | ||
| | | | |
pentestlab.blog
|
|
| | | | | In Windows environmentswhen an applicationor a serviceis startingit looks for a number of DLL's in orderto function properly.If these DLL'sdoesn't exist or are implemented in an insecure way (DLL'sare called withoutusing a fully qualified path) then itis possible to escalate privileges by forcing the application to load and execute amalicious DLL file. It should be... | |
| | | | |
swordbytes.com
|
|
| | | | | SwordBytes researchers have identified an Unauthenticated Remote Code Execution (RCE) vulnerability in Overwolf's Client Application by abusing a Reflected Cross-Site Scripting (XSS) issue present in the "overwolfstore://" URL handler. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the underlying operating system that hosts Overwolf's Client Application. | |
| | | | |
parsiya.net
|
|
| | | | | [AI summary] The provided text is a detailed technical article discussing various methods and techniques for exploiting custom protocol handlers and command-line switches in applications. It covers topics such as UNC path injection, command-line switch abuse, remote file execution, and leveraging startup directories for persistence. The article also includes practical examples, tools like Nirsoft's URLProtocolView, and advice on how to discover and exploit vulnerabilities in applications. | |
| | | | |
pentest-tools.com
|
|
| | | Learn about LDAPNightmare, CVE-2024-49113 and CVE-2024-49112, its impact on Active Directory, how to exploit and mitigate it, and why it matters | ||
