Wed. Jul 6th, 2022

Vulnerabilities

Rocket.Chat Path Traversal

Posted by Moe Szyslak on Dec 21Rocket.Chat has fixed a server-side path traversal vulnerability that may be abused to write files to attacker-controlled locations:https://github.com/RocketChat/Rocket.Chat/commit/f5c7d94bffb279d7a2f859773935fb5cf70c81cd Exploitation of this vulnerability requires uploading…

Continue Reading . . .

remote code execution when open a project in android studio that google refused to fix(still 0day)

Posted by houjingyi on Dec 21Video and POC here : https://www.youtube.com/watch?v=hAPkSGxh9H0 When you open a project in android studio, if gradle-wrapper.properties set distributionUrl=https:// services.gradle.org/distributions/gradle-2.6-all.zip <https://www.google.com/url?q=http://services.gradle.org/distributions/gradle-2.6-all.zip&sa=D&usg=AFQjCNHSuog_mDHXLFUDcfXdMkVSqzfLug>, then android studio will download…

Continue Reading . . .