Lucene search
+L

81 matches found

osv
osv
added 2023/01/31 6:30 a.m.21 views

GHSA-C6RX-GXQV-VR5J nemo-appium vulnerable to OS Command Injection

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...

9.8CVSS8.7AI score0.02774EPSS
Exploits1References5
github
github
added 2023/01/31 6:30 a.m.24 views

nemo-appium vulnerable to OS Command Injection

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...

9.8CVSS4.7AI score0.02774EPSS
Exploits1References5Affected Software1
nvd
nvd
added 2023/01/31 5:15 a.m.19 views

CVE-2022-21129

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...

9.8CVSS8.2AI score0.02774EPSS
Exploits1References3
prion
prion
added 2023/01/31 5:15 a.m.18 views

Command injection

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...

7.5CVSS9.7AI score0.02774EPSS
Exploits1References3Affected Software1
cve
cve
added 2023/01/31 5:0 a.m.58 views

CVE-2022-21129

The CVE-2022-21129 issue affects nemo-appium, where versions prior to 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the module.exports.setup function. The vulnerability is exploitable only if appium-running 0.1.3 is installed as a dependency of nemo-appium. Impac...

9.8CVSS9.6AI score0.02774EPSS
Exploits1References3Affected Software1
osv
osv
added 2023/01/31 5:0 a.m.18 views

CVE-2022-21129

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...

7.4CVSS7.1AI score0.02774EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2023/01/31 5:0 a.m.6 views

CVE-2022-21129

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...

7.4CVSS9.7AI score0.02774EPSS
Exploits1References3
cvelist
cvelist
added 2023/01/31 5:0 a.m.22 views

CVE-2022-21129

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies...

7.4CVSS9.9AI score0.02774EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2023/01/31 12:0 a.m.6 views

PT-2023-12661 · Unknown · Appium-Running +1

Name of the Vulnerable Software and Affected Versions: nemo-appium versions prior to 0.0.9 Description: The issue arises from improper input sanitization in the module.exports.setup function, leading to Command Injection. To exploit this, appium-running 0.1.3 must be installed as one of...

9.8CVSS9.4AI score0.02774EPSS
Exploits1References8
cnnvd
cnnvd
added 2023/01/31 12:0 a.m.4 views

nemo-appium 安全漏洞

nemo-appium is an open source plugin for PayPal. It is used to start the appium server during Nemo startup and terminate it at driver time. A security vulnerability exists in versions prior to nemo-appium 0.0.9, which stems from improper cleaning of user input...

9.8CVSS8.3AI score0.02774EPSS
Exploits1References4
snyk
snyk
added 2022/12/27 11:8 a.m.3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. PoC javascript const ...

9.8CVSS7.2AI score0.02774EPSS
Exploits1References2
vulnersosv
vulnersosv
added 2020/09/02 7:28 a.m.4 views

@akashic/engine-files-reftest (>=3.3.20 <=3.4.1-beta.4), @astound/appium-xcuitest-driver (=2.67.1) +66 more potentially affected by unknown CVE via node-idevice (=0.1.6)

node-idevice NPM version =0.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on node-idevice and may be impacted: - @akashic/engine-files-reftest =3.3.20, =0.1.0, =0.1.0-alpha.0, =0.8.0, =1.9.2-beta2.15, =0.1.5, =0.0.34, =5.7.8, =0.0.0-fake.230, =0.0.1...

5.8AI score
Exploits0
osv
osv
added 2019/02/18 11:40 p.m.31 views

GHSA-HC94-2WFR-4PWF appium-chromedriver downloads Resources over HTTP

Affected versions of appium-chromedriver insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read items send over HTTP at will. In this case, that includes the chromedriver binary, which may result in remote code execution ...

8.1CVSS8.2AI score0.01114EPSS
Exploits0References3
github
github
added 2019/02/18 11:40 p.m.18 views

appium-chromedriver downloads Resources over HTTP

Affected versions of appium-chromedriver insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read items send over HTTP at will. In this case, that includes the chromedriver binary, which may result in remote code execution ...

8.1CVSS8.2AI score0.01114EPSS
Exploits0References3Affected Software1
vulnersosv
vulnersosv
added 2018/10/18 5:43 p.m.8 views

br.net.woodstock.rockframework:rockframework-core (>=1.2.1 <=1.2.2), com.alanpoi:alanpoi-all (>=1.3.5 <=3.0.0) +64 more potentially affected by CVE-2016-1000344 via org.bouncycastle:bcprov-jdk14 (>=1.38 <=1.55)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.38, =1.2.1, =1.3.5, =1.3.5, =2.0, =1.0, =1.6.1.P24, =1.7, =0.0.1, =1.0, =1.1 - com.github.lkkushan101.RestAssuredPDFReport:com.github.lkkushan101.RestAssuredPDFReport =1.00 - com.github.lkkushan101.appiumlocator:com.github.lkkushan101.appiumlocator...

7.4CVSS7.1AI score0.02208EPSS
Exploits0
kitploit
kitploit
added 2018/08/07 2:35 p.m.37 views

Whatsapp Automation - A Collection Of Tools For Sending And Recieving Whatsapp Messages

Whatsapp Automation is a collection of APIs that interact with WhatsApp messenger running in an Android emulator, allowing developers to build projects that automate sending and receiving messages, adding new contacts and broadcasting messages multiple contacts. The project uses Selinium, Appium,...

7.4AI score
Exploits0References1
nvd
nvd
added 2018/05/31 8:29 p.m.12 views

CVE-2016-10557

appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...

8.1CVSS8.3AI score0.01114EPSS
Exploits0References1
prion
prion
added 2018/05/31 8:29 p.m.15 views

Remote code execution

appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...

6.8CVSS8AI score0.01114EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2018/05/31 8:0 p.m.26 views

CVE-2016-10557

appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...

8.3AI score0.01114EPSS
Exploits0References1
cve
cve
added 2018/05/31 8:0 p.m.59 views

CVE-2016-10557

CVE-2016-10557 affects the Node.js wrapper library appium-chromedriver . Versions below 2.9.4 download binary resources over HTTP, creating susceptibility to man-in-the-middle (MITM) attacks. If an attacker in a privileged network position replaces the downloaded chromedriver binary, remote code ...

8.1CVSS8.2AI score0.01114EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder