CVE-2024-4367 – Arbitrary JavaScript execution in PDF.js #JavaScript #CVE-2024-4367 #ArbitraryExecution https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
codeanlabs
CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js - Codean Labs
A vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (
Hunting bugs in Nginx JavaScript engine (njs) #bughunting #Nginx #JavaScript #vulnresearch #CTF https://0xbigshaq.github.io/2024/05/24/njs-vr-bugs/
( ͡◕ _ ͡◕)👌
Hunting bugs in Nginx JavaScript engine (njs)
🎉2
Clipping the Canary’s wings: Bypassing AiTM Phishing Detections #JavaScript #cookies https://insights.spotit.be/2024/06/03/clipping-the-canarys-wings-bypassing-aitm-phishing-detections/
Inside the Latest Espionage Campaign of Nebulous Mantis #Prodaft #Catalyst #JavaScript #App #Enable https://catalyst.prodaft.com/public/report/inside-the-latest-espionage-campaign-of-nebulous-mantis/overview#heading-1000
LARVA-208’s New Campaign Targets Web3 Developers #Prodaft #CATALYST #JavaScript #Enable #App https://catalyst.prodaft.com/public/report/larva-208s-new-campaign-targets-web3-developers/overview#heading-1000
CVE-2024-12718: Path Escape via Python’s tarfile Extraction Filters #JavaScript #Cookies #Enable #WebsiteAccess #BrowserSettings https://www.upwind.io/feed/cve-2024-12718-path-escape-via-pythons-tarfile-extraction-filters
Upwind | Cloud Security Happens at Runtime
CVE-2024-12718: Path Escape via Python’s tarfile Extraction Filters
A newly disclosed vulnerability in Python’s standard library, CVE-2024-12718, allows attackers to modify file metadata or file permissions outside the intended extraction directory. This issue affects systems running Python 3.12 and above when using tarfile.extract()…
🔥1