By smaury
27/04/2020
Keybase client allowed inject arbitrary links with arbitrary protocols. This caused a Remote Command Execution on Windows and MacOS.
Min
24/10/2019
Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …
The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.
Min
By polict
10/04/2019
Walkthrough of a 1-click root RCE exploit chain in Nagios XI 5.5.10 by polict: XSS, RCE and local privilege escalation in a single URL click.
Min