575 matches found
CVE-2016-10624
selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary wit...
CVE-2016-10628
selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacke...
CVE-2016-10579
Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if t...
Remote code execution
Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if t...
Remote code execution
selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary wit...
Remote code execution
selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacke...
Remote code execution
macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10579
Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if t...
CVE-2016-10579
Chromedriver (the NPM wrapper for selenium ChromeDriver) before version 2.26.1 downloads binary resources over HTTP, enabling MitM modification or interception of the downloaded binary. This can potentially lead to remote code execution if an attacker on the network swaps the binary with a malici...
CVE-2016-10623
CVE-2016-10623 affects the Node.js wrapper macaca-chromedriver-zxa. The component downloads binary resources over HTTP, creating a MITM risk where an attacker on the network could replace the binary and cause remote code execution. Mitigation from advisories: force HTTPS by setting CHROMEDRIVER_C...
CVE-2016-10624
Summary: The CVE concerns selenium-chromedriver, which downloads the Selenium WebDriver for Google Chrome over HTTP, making it vulnerable to MITM manipulation. In such a scenario, an attacker on the network could replace the binary with a malicious one, potentially enabling remote code execution ...
CVE-2016-10628
CVE-2016-10628 affects selenium-wrapper, a Selenium server wrapper for installation and Chrome WebDriver. The issue arises because it downloads binary resources over HTTP, enabling a Man-in-the-Middle (MITM) attacker to intercept and potentially swap the binary with a malicious one, which could l...
CVE-2016-10623
macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10624
selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary wit...
CVE-2016-10628
selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacke...
CVE-2016-10565
operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attack...
CVE-2016-10562
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if...
Remote code execution
operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attack...
Remote code execution
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if...
CVE-2016-10565
CVE-2016-10565 affects operadriver (Opera Driver for Selenium). The vulnerability arises because operadriver versions below 0.2.3 download binary resources over HTTP, enabling potential MITM manipulation of the downloaded binary. The attacker could substitute the binary with a malicious one if po...