MAL-2023-2239 Malicious code in selennium (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b37dc0abadd5b8fa7690a61c9c627118f236dbee818f2247603b13f315477135 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in selneium (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 04716a203cb75d052f01120c13a77fff61bcf1d505aae7060df346252215800a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2236 Malicious code in seleniu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 50cae7a9929f863c1a164a53e398eeec4a76e6d3918c59e7b1628c8e9f1e9f3d Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Troubleshooting InsightAppSec Authentication Issues

For complete visibility into the vulnerabilities in your environment, proper authentication to web apps in InsightAppSec is essential. In this article, we’ll look at issues you might encounter with macro, traffic, and selenium authentication and how to troubleshoot them. Additionally, you’ll get...

Jenkins Selenium HTML Report Plugin XML External Entity Injection (CVE-2021-21672)

An XML external entity injection vulnerability exists in Jenkins Selenium HTML Report Plugin. Successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...

Bayanay - Python Wardriving Tool

WarDriving is the act of navigating, on foot or by car, to discover wireless networks in the surrounding area. Features Wardriving is done by combining the SSID information obtained with scapy using the HTML5 geolocation feature. Usage I cannot be held responsible for the malicious use of the...

Exploit for Code Injection in Combodo Itop

iTop RCE via SSTI - CVE-2022-24780 exploit iTop --debu...

Exploit for Authentication Bypass by Spoofing in Zabbix

CVE-2022-23131poc-exp-zabbix CVE-2022-23131 Vulnerability Ba...

Exploit for Authentication Bypass by Spoofing in Zabbix

CVE-2022-23131poc-exp-zabbix CVE-2022-23131 Vulnerability Ba...

Malicious Package

Overview selenium-applitools is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was uncovered by o...

MAL-2022-5998 Malicious code in selenium-applitools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1f3935fd94ed2b7cc1fab768dbb6e1a0bce1f8c28bf1c675df20ca6fdb8ff9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in selenium-applitools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1f3935fd94ed2b7cc1fab768dbb6e1a0bce1f8c28bf1c675df20ca6fdb8ff9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Selenium Grid Cross-Site Request Forgery (CVE-2022-28108)

A cross-site request forgery vulnerability exists in Selenium Grid. Successful exploitation of this vulnerability could result in code execution on the affected system...

Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection

Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints. This allows attackers to perform the following actions: - Restart the Selenium Grid hub. - Delete or replace the plugin configuration. - Start, stop, or restart Selenium configurations on specific nodes. Through...

GHSA-RP4X-XPGF-4XV7 Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection

Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints. This allows attackers to perform the following actions: - Restart the Selenium Grid hub. - Delete or replace the plugin configuration. - Start, stop, or restart Selenium configurations on specific nodes. Through...

Selenium Server Cross-Site Request Forgery Vulnerability

Selenium Grid is an intelligent proxy server for the Selenium community. It can easily run tests in parallel on multiple machines.A cross-site request spoofing vulnerability exists in versions prior to Selenium Server 4, which can be exploited by attackers to spoof malicious requests to trick...

au.net.causal.maven.plugins:browserbox-fixed-edge-driver (=1.0), au.net.causal.maven.plugins:browserbox-maven-plugin (=1.0) +579 more potentially affected by CVE-2022-28108 via org.seleniumhq.selenium:selenium-server (>=2.0a2 <=4.0.0-alpha-2)

org.seleniumhq.selenium:selenium-server MAVEN version =2.0a2, =0.9.6, =0.9.6, =1.0.1, =0.2.0, =4.4-23, =1.0.2, =1.0.0, =1.1.1, =2.3.5 and more Source cves: CVE-2022-28108 Source advisory: OSV:GHSA-H2RR-M97P-6JQ9...

org.seleniumhq.selenium:selenium-session-map-redis (>=4.0.0-alpha-5 <=4.0.0-alpha-6) potentially affected by CVE-2022-28108 via org.seleniumhq.selenium:selenium-grid (>=4.0.0-alpha-5 <=4.0.0-alpha-6)

org.seleniumhq.selenium:selenium-grid MAVEN version =4.0.0-alpha-5, =4.0.0-alpha-5, =4.0.0-alpha-6 Source cves: CVE-2022-28108 Source advisory: OSV:GHSA-H2RR-M97P-6JQ9...

Selenium Server (Grid) CSRF

Selenium Server Grid before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

GHSA-H2RR-M97P-6JQ9 Selenium Server (Grid) CSRF

Selenium Server Grid before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...