Thick Client | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution	RCE XSS Electron Thick Client	Evernote	Patrick Peng (@Retr0reg)
Exploiting Steam: Usual and Unusual Ways in the CEF Framework	Browser Hacking Thick Client RCE OS Command Injection Arbitrary File Read Arbitrary File Creation Components With Known Vulnerabilities	Valve (Steam) Google (Chromium)	DARKNAVY (@DarkNavyOrg)
Shipping your Private Key - CVE-2023-43870, Paxton do a Lenovo	Thick Client MiTM Hardcoded Credentials	Paxton	Craig72947 (@Craigsblackie)
Bitwarden Heist - How To Break Into Password Vaults Without Using Passwords	Thick Client Insecure Storage of Sensitive Information Authentication Bypass	Bitwarden	RedTeam Pentesting (@RedTeamPT)
CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS	RCE MacOS Websockets Thick Client Security Code Review	Atlassian	Ron Masas (@RonMasas)
macOS Atlassian Companion Remote Code Execution	RCE MacOS Thick Client	Atlassian	Wojciech Reguła (@_R3ggi)
LibreOffice Arbitrary File Write (CVE-2023-1883)	Arbitrary File Write Thick Client	LibreOffice	Gregor Kopf
VSCode Remote Code Execution advisory	RCE Thick Client Local Privilege Escalation	Microsoft VSCode)	Ammar Askar
KeePass Master Password Exploit - CVE-2023-32784 - Proof Of Concept (POC)	Plaintext Storage of a Password Thick Client	KeePass	Luke Kavanagh
Parallels Desktop Toolgate Vulnerability	Path Traversal Arbitrary File Write Security Code Review Thick Client	Parallels	Alexandre Adamski (@NeatMonster_)
Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1	Local Privilege Escalation Windows Thick Client	Docker	Eviatar Gerzi
CVE from 2018 Strikes Again	RCE Insecure Deserialization Thick Client	Undisclosed	Colin McQueen
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage	Thick Client Insecure Data Storage Local Privilege Escalation	Signal	John Jackson (@Johnjhacking)
Operation Crack: Hacking IDA Pro Installer PRNG from an Unusual Way	Bruteforce Hardcoded Credentials Thick Client	Hex-Rays (IDA Pro)	Shaolin
Thick Client — Attacking databases the fun/easy way	Thick Client Credentials Sent Over Unencrypted Channel	Undisclosed	Richard Clifford (@MantisSTS)

Page 1 of 1