InfoSec Blog

tags Archives

RCE

1-click RCE on Keybase

27/04/2020

1-click RCE on Keybase

Keybase client allowed inject arbitrary links with arbitrary protocols. This caused a Remote Command Execution on Windows and MacOS.

5

Min

XXE to RCE via XML file opening

24/10/2019

Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …

The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.

6

Min

Nagios XI 5.5.10 RCE exploit

10/04/2019

Nagios XI 5.5.10: XSS to #

Walkthrough of a 1-click root RCE exploit chain in Nagios XI 5.5.10 by polict: XSS, RCE and local privilege escalation in a single URL click.

5

Min