GHSA-PR34-8JFR-XHV8 selenium-wrapper downloads Resources over HTTP

Affected versions of selenium-wrapper insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

scalajs-standalone-bin Downloads Resources over HTTP

Affected versions of scalajs-standalone-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

Downloads Resources over HTTP in grunt-ccompiler

Affected versions of grunt-ccompiler insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

GHSA-RQWH-C535-J9HW Downloads Resources over HTTP in js-given

Affected versions of js-given insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

Downloads Resources over HTTP in co-cli-installer

Affected versions of co-cli-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

GHSA-6FVW-7VCH-X489 Downloads Resources over HTTP in selenium-portal

Affected versions of selenium-portal insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

Downloads Resources over HTTP in google-closure-tools-latest

Affected versions of google-closure-tools-latest insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP in healthcenter

Affected versions of healthcenter insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Downloads Resources over HTTP in embedza

Affected versions of embedza insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

GHSA-6PWF-WHC8-HJF6 Downloads Resources over HTTP in baryton-saxophone

Affected versions of baryton-saxophone insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

Downloads Resources over HTTP in air-sdk

Affected versions of air-sdk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

iLO 4 < 2.53 Remote Code Execution Vulnerability

A remote command execution vulnerability exists in Integrated Lights-Out 4 iLO 4 due to a buffer overflow in the server's http connection handling code. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. C Tenable Network Security, Inc...

Detecting Insecure Cookies with Qualys Web Application Scanning

Cookies are ubiquitous in today's modern web applications. If an attacker can acquire a user's session cookie by exploiting a cross-site scripting XSS vulnerability, by sniffing an unencrypted HTTP connection, or by some other means, then they can potentially hijack a user's valid session...

BMC Network Automation Detection

Detection of BMC Network Automation The script sends a HTTP connection request to the server and attempts to detect BMC Network Automation and to extract its version. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C...

Citrix MAS -12.1-Unable to register Agent with ADM via Proxy server

You will see a following message in the logs. /var/log$ cat mpsboot.log | more ===================== Wed Oct 17 00:40:46 GMT 2018mps.sh:: start of mps boot process Wed Oct 17 00:40:46 GMT 2018mps.sh:: calling mpsstart.sh Wed Oct 17 00:40:46 GMT 2018mpsstart.sh:: start Wed Oct 17 00:40:46 GMT...

Inedo ProGet Detection

Detection of Inedo ProGet. The script sends a connection request to the server and attempts to detect Inedo ProGet and to extract its version. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2017-2857

CVE-2017-2857 is a buffer overflow in the Foscam C1 Indoor HD Camera DDNS client when DDNS is enabled (notably 9299.org). The vulnerability arises in the DDNS update path: the code parses the response to extract the IP address after the “Current IP Address:” string without enforcing input size bo...

GHSA-PH8P-2G97-9654 Downloads Resources over HTTP in jstestdriver

Affected versions of jstestdriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-5RC6-2R3R-FV79 slimerjs-edge downloads Resources over HTTP

Affected versions of slimerjs-edge insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

slimerjs-edge downloads Resources over HTTP

Affected versions of slimerjs-edge insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...