| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
| Bruno IDE Desktop Command Injection Vulnerability | 16 Jan 202500:00 | – | zdt | |
| CVE-2024-48463 | 4 Nov 202422:48 | – | circl | |
| Bruno 安全漏洞 | 4 Nov 202400:00 | – | cnnvd | |
| CVE-2024-48463 | 4 Nov 202400:00 | – | cvelist | |
| CVE-2024-48463 | 4 Nov 202421:15 | – | nvd | |
| Bruno IDE Desktop Command Injection | 16 Jan 202500:00 | – | packetstorm | |
| PT-2024-33122 · Electron +1 · Electron +1 | 4 Nov 202400:00 | – | ptsecurity | |
| CVE-2024-48463 | 23 May 202506:22 | – | redhatcve | |
| CVE-2024-48463 | 4 Nov 202400:00 | – | vulnrichment |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| pwn.jar | nested | localhost/pwn.jar | Command injection via crafted URL in markdown docs leading to RCE when external URL is opened by shell.openExternal. | CWE-601 |
| smb://localhost/public/x.desktop | nested | smb://localhost/public/x.desktop | SMB link used as crafted URL to trigger command execution via external URL opening. | CWE-601 |
| sftp://user@localhost/home/user/s.desktop | nested | sftp://user@localhost/home/user/s.desktop | SFTP URL used as crafted input to invoke external URL handling leading to command execution. | CWE-601 |
| /etc/passwd | nested | /etc/passwd | Markdown payload referencing a local file URL to trigger external handling. | CWE-601 |
| localhost/pwn.jar | nested | localhost/pwn.jar | Direct PoC URL to trigger command execution via external URL handling. | CWE-601 |
| C:/Windows/system32/calc.exe | nested | C:/Windows/system32/calc.exe | Windows path payload that could be opened to execute a binary via external handler. | CWE-601 |
| http://localhost/pwn.jar | nested | http://localhost/pwn.jar | HTTP URL PoC to trigger command execution. | CWE-601 |
| C:/Users/user/Downloads/pwn.jar | nested | C:/Users/user/Downloads/pwn.jar | Windows path PoC triggering external URL handling for command execution. | CWE-601 |
| smb://10.211.55.6/public/hello.scptd | nested | smb://10.211.55.6/public/hello.scptd | SMB URL payload to trigger external URL handling and potential code execution. | CWE-601 |
| /Volumes/hello.scptd/Contents/Resources/Scripts/main.scpt | nested | /Volumes/hello.scptd/Contents/Resources/Scripts/main.scpt | Mounted volume script path used as crafted URL to trigger code execution. | CWE-601 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation