SUMMARY In Simplenote 1.1.3 – Desktop app there is a stored XSS vulnerability that can be used to execute arbitrary code. If there is malicious code in the note and the user tries to print it (for example to save it as a PDF), the malicious code runs. #358049 – RCE via Print function [Simplenote 1.1.3 – Desktop … Continue reading From XSS to RCE in Simplenote 1.1.3
Qualche giorno fa il giornalista de Il Post Emanuele Menietti ha tweetato questo: ci sarà pur un modo per filtrare tutti quelli con la bandierina dell'italia nel nome del profilo e con foto che non troveresti manco sulle credenze nei tinelli a predappio. — emanuele menietti (@emenietti) July 7, 2018 Mi sono quindi domandato se … Continue reading Quali utenti usano 🇮🇹 nel nickname di Twitter?
A few days ago some researchers discovered an HTML Injection vulnerability in Signal Desktop and they wrote a public disclosure. The Signal team quickly released an update on May 11th, the problem was in the file /js/views/message_view.js. Reading the changes to message_view.js, it seemed that the Signal team had only fixed the “problem of the URL“. So, maybe, … Continue reading HTML Injection in Signal Desktop 1.10.1
After many unsuccessful attempts to find an XSS in Yahoo’s domains, I decided to move my attention to Microsoft Bing. If you have a Microsoft account, Bing allows you to save online content (images, videos and places) on the page “My saves”, and allows to create collections to better manage your own content. The titles … Continue reading Stored XSS in Microsoft Bing