漏洞描述
Telegram Desktop 存在远程代码执行漏洞,攻击者可通过某种方式向目标发送pyzw文件伪装成视频文件,在客户端默认配置下会自动下载文件,用户点击后将导致命令执行
Telegram Desktop 远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- Docker Desktop Engine API 未授权访问漏洞
- 新华通软件云平台 /Main/Desktop/Default.aspx 权限绕过漏洞
- POC CVE-2018-13980: Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion
- POC CVE-2018-19439: Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
- POC CVE-2020-10189: ManageEngine Desktop Central Java Deserialization
- POC CVE-2021-44515: Zoho ManageEngine Desktop Central - Remote Code Execution
- POC CVE-2023-2479: Appium Desktop Server - Remote Code Execution
- POC hongfan-iodesktopdata-sqli: 红帆iOffice ioDesktopData.asmx接口SQL注入
- POC rdp-connections-without-password-allowed: Remote Desktop Connections Allowed Without Password
- POC rdp-drive-redirection-allowed: Remote Desktop Users Can Redirect Drives
- POC remote-desktop-enabled-non-server: Remote Desktop Enabled on Non-Server OS
- POC windows-active-desktop-enabled: Active Desktop Enabled
- POC telegram-bot-token: Telegram Bot Token