Packet Storm

what you don't know can hurt you

Register | Login

Home Files News &[SERVICES_TAB]About Contact Add New

WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution: Posted Feb 2, 2024; Authored by ItsSixtyN3in; WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery.; tags | exploit, web, arbitrary, shell, protocol; advisories | CVE-2023-42222; SHA-256 | 697050685574d8cbeaf2f42aaa7b87535a8f6cf1ec1ce436dac7c65634057623; Download | Favorite | View

Related Files

No related files

Top Authors In Last 30 Days

Red Hat 250 files
Ubuntu 54 files
Gentoo 33 files
Debian 26 files
Ahmet Umit Bayram 10 files
Apple 9 files
malvuln 7 files
Jann Horn 4 files
nu11secur1ty 4 files
Google Security Research 4 files

File Tags

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,051)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,500)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,853)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,956)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,535)
UNIX (9,409)
UnixWare (187)
Windows (6,660)
Other

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links: News by Month; News Tags; Files by Month; File Tags; File Directory

About Us: History & Purpose; Contact Information; Terms of Service; Privacy Statement; Copyright Information

Services: Security Services
Hosting By: Rokasec