all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution

Add to bookmarks
Feb. 2, 2024, 3:31 p.m. |

Packet Storm packetstormsecurity.com

WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery.

attacker call code code execution electron function http https machine malicious malicious urls protocol protocols resource shell sync url urls victim vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

TOR Virtual Network Tunneling Tool 0.4.8.12 2 days, 14 hours ago | packetstormsecurity.com
a network applications communication developers +21
jSQL Injection 0.98 2 days, 14 hours ago | packetstormsecurity.com
application box code database +21
Ubuntu Security Notice USN-6815-1 2 days, 14 hours ago | packetstormsecurity.com
application arbitrary code attacker code +13
Red Hat Security Advisory 2024-3708-03 2 days, 14 hours ago | packetstormsecurity.com
advisory apache boot build +15
Online Pizza Ordering System 1.0 SQL Injection 2 days, 14 hours ago | packetstormsecurity.com
injection pizza sql sql injection +5
Apache HugeGraph Remote Command Execution 2 days, 14 hours ago | packetstormsecurity.com
1.0.0 1.3.0 apache command +5
FBI Says It Has 7,000 LockBit Ransomware Decryption Keys 2 days, 15 hours ago | packetstormsecurity.com
cryptography data loss decryption decryption keys +8
Russian Hacktivists Vow Mass Attacks Against EU Elections 2 days, 15 hours ago | packetstormsecurity.com
attacks cyberwar elections hacker +3
Spam Blocklist SORBS Closed By Its Owner, Proofpoint 2 days, 15 hours ago | packetstormsecurity.com
blocklist email proofpoint spam

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com