575 matches found
GHSA-J9Q7-3RHF-4PPV windows-selenium-chromedriver downloads Resources over HTTP
Affected versions of windows-selenium-chromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...
in spunjs/selenium-binaries
Overview selenium-binaries assists downloading Selenium related binaries for your OS, this package is vulnerable to Man in the Middle MitM attacks due to downloading resources over an insecure protocol...
Words Scraper - Selenium Based Web Scraper To Generate Passwords List
Selenium based web scraper to generate passwords list. Installation Download Firefox webdriver from https://github.com/mozilla/geckodriver/releases $ tar xzf geckodriver-vVERSION-HERE.tar.gz $ sudo mv geckodriver /usr/local/bin Make sure it is in your PATH $ geckodriver --version Make sure...
CloudBees Jenkins Selenium Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Selenium Plugin is used in one of the support...
CVE-2020-2196
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin...
CVE-2020-2196
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin...
Cross site request forgery (csrf)
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin...
CVE-2020-2196
The CVE concerns Jenkins Selenium Plugin (versions 3.141.59 and earlier) lacking CSRF protection on HTTP endpoints. The root cause is absence of CSRF protections, enabling an attacker to perform all administrative actions exposed by the plugin (e.g., restart grid hub, modify plugin configuration,...
CVE-2020-2196
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin...
CVE-2020-2196
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin...
PT-2020-15410 · Jenkins · Jenkins Selenium Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Selenium Plugin versions 3.141.59 and earlier Description: The issue concerns a lack of CSRF protection for HTTP endpoints in the Jenkins Selenium Plugin, allowing attackers to perform administrative actions. Specifically, this enable...
Lk Scraper - An Fully Configurable Linkedin Scrape (Scrape Anything Within Linkedin)
Scrapes Any Linkedin Data Installation $ pip install git+git://github.com/jqueguiner/lkscraper Setup Using Docker compose $ docker-compose up -d $ docker-compose run lkscraper python3 Using Docker only forselenium server First, you need to run a selenium server $ docker run -d -p 4444:4444...
Malicious Package
Overview selenium-spider is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool
XSpear is XSS Scanner on ruby gems Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser with Selenium Testing request/response for XSS protection bypass and reflectedor all params Reflected Params All paramsfor blind xss, anytings Filtered test...
Traxss - Automated XSS Vulnerability Scanner
Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a previe...
XSpear - Powerfull XSS Scanning And Parameter Analysis Tool
XSpear is XSS Scanner on ruby gems. Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser with Selenium Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Testi...
Brutemap - Tool That Automates Testing Accounts To The Site's Login Page
Brutemap is an open source penetration testing tool that automates testing accounts to the site's login page, based on Dictionary Attack. With this, you no longer need to search for other bruteforce tools and you also no longer need to ask CMS What is this? only to find parameter forms, because...
Acunetix Vulnerability Scanner Now With Network Security Scans
User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technolo...
Splunk Enterprise 7.2.4 Remote Code Execution
!/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Date: March 1, 2019 Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link:...
Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor Custom Binary)
Splunk Enterprise 7.2.4 - Custom App Remote Command Execution Persistent Backdoor Custom Binary !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Date: March 1, 2019 Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vend...