Explore >> Select a destination
|
You are here 
|
positive.security | ||
| | | | |
parsiya.net
|
|
| | | | | [AI summary] The provided text is a detailed technical article discussing various methods and techniques for exploiting custom protocol handlers and command-line switches in applications. It covers topics such as UNC path injection, command-line switch abuse, remote file execution, and leveraging startup directories for persistence. The article also includes practical examples, tools like Nirsoft's URLProtocolView, and advice on how to discover and exploit vulnerabilities in applications. | |
| | | | |
swordbytes.com
|
|
| | | | | SwordBytes researchers have identified an Unauthenticated Remote Code Execution (RCE) vulnerability in Overwolf's Client Application by abusing a Reflected Cross-Site Scripting (XSS) issue present in the "overwolfstore://" URL handler. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the underlying operating system that hosts Overwolf's Client Application. | |
| | | | |
itm4n.github.io
|
|
| | | | | Whenever a "new" DLL hijacking / planting trick is posted on Twitter, it generates a lot of comments. "It's not a vulnerability!" or "There is a lot of hijackable DLLs on Windows..." are the most common reactions. Though, people often don't really speak about the same thing, hence the overall confusion which leads us nowhere. I don't pretend to know the ultimate truth but I felt the need to write this post in order to hopefully clarify some points. | |
| | | | |
www.securityjourney.com
|
|
| | | In this article, we compare the various methods that are used to detect vulnerabilities | ||
