writeups.xyz / Vladimir Metnew (@Vladimir_metnew)

Title	Vulnerabilities	Programs	Authors
[UNPATCHED] Cli: gh run download implementation allows overwriting git repository configuration upon artifacts downloading	RCE	GitHub	Vladimir Metnew (@Vladimir_metnew)
RCE in GitHub Desktop < 2.9.4	RCE	GitHub	Vladimir Metnew (@Vladimir_metnew)
Exploiting popular macOS apps with a single “.terminal” file.	MacOS File Quarantine Bypass	Internet Bug Bounty Slack Keybase Telegram	Vladimir Metnew (@Vladimir_metnew)
Telegram (v4.9.155353) was rendering file:// links + opening them via NSWorkspace.open -> code execution.	RCE	Telegram	Vladimir Metnew (@Vladimir_metnew)
3 XSS in ProtonMail for iOS	XSS	Apple	Vladimir Metnew (@Vladimir_metnew)

Page 1 of 1