bug-bounty622
facebook479
xss316
google174
microsoft120
rce102
apple72
csrf60
web355
account-takeover53
writeup51
exploit43
sqli41
dos36
ssrf34
cve33
cloudflare32
privilege-escalation29
defi28
malware27
node26
smart-contract-vulnerability25
idor25
subdomain-takeover24
clickjacking23
smart-contract23
ethereum23
access-control21
react21
vulnerability-disclosure21
reverse-engineering20
auth-bypass19
aws19
remote-code-execution18
lfi18
cloud17
docker17
cors17
oauth17
supply-chain17
race-condition17
info-disclosure16
browser14
authentication-bypass14
solidity14
phishing14
denial-of-service11
sql-injection11
delegatecall11
wordpress10
0
vulnerability
A path traversal vulnerability in GitHub Desktop's x-github-client:// URI scheme handler allowed arbitrary code execution on macOS by opening malicious application bundles from a cloned repository without user interaction or Gatekeeper validation. The vulnerability was patched in GitHub Desktop v1.3.4.
rce
remote-code-execution
macos
osx
uri-scheme
electron
path-traversal
privilege-escalation
application-bundle
github-desktop
url-handler
file-opening
reverse-shell
GitHub Desktop
H1-702
HackerOne
0xacb
zhuowei
CVE-2018-1000559
github-desktop-poc
0
bug-bounty
A bug bounty researcher discovered RCE on an abandoned staging web service via an unauthenticated PUT HTTP method that allowed arbitrary file uploads, enabling PHP web shell deployment and subsequent internal network traversal with privilege escalation through credential reuse and weak security practices.
rce
remote-code-execution
http-put-method
web-shell
reverse-shell
unauthenticated-access
file-upload
http-methods
internal-network-traversal
privilege-escalation
network-reconnaissance
subdomain-enumeration
port-scanning
php-webshell
credential-reuse
ssh-access
hash-cracking
vpn-certificate
staging-environment
nmap
ncat
netcat
PHP
Python
SSH
RDP
SMB
DNS zone transfer