4 matches found
Exploit for Improper Input Validation in Microsoft
CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulne...
Metasploit Weekly Wrap-Up
Capture Plugin Capturing credentials is a critical and early phase in the playbook of many offensive security testers. Metasploit has facilitated this for years with protocol-specific modules all under the auxiliary/server/capture. Users can start and configure each of these modules individually,...
Fastjson deserialization vulnerability alerts-a vulnerability alert-the black bar safety net
Recently, 360CERT monitoring to the widespread use of the JSON serialization framework Fastjson presence deserialization vulnerability can cause remote code execution, and there is evidence that The attacker can carefully construct the JSON data to achieve remote code execution, may cause the...
HackerOne: HTML injection can lead to data theft
Hey, This is more like an in-depth security thing with a reasonable attack scenario. In some occasions, it seems to be possible to leak sensitive data to an external server, not affected by the CSP. This can happen in the following situation: 1. There's a HTML injection vulnerability 2. The...