By smaury
27/04/2020
1-click RCE on Keybase
Keybase client allowed inject arbitrary links with arbitrary protocols. This caused a Remote Command Execution on Windows and MacOS.
Keybase Bug Bounty RCE Exploit
5
Min
By thezero & zi0black
24/10/2019
Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …
The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.
RCE XXE Exploit Writeup
6
By polict
10/04/2019
Nagios XI 5.5.10: XSS to #
Walkthrough of a 1-click root RCE exploit chain in Nagios XI 5.5.10 by polict: XSS, RCE and local privilege escalation in a single URL click.
Exploit RCE PoC NagiosXI PHP