CVE-2016-10562

CVE-2016-10562 affects the npm wrapper for Selenium IEDriver, iedriver . The vulnerability arises because versions below 3.0.0 download binary resources over HTTP, enabling a network-level MITM attacker to swap the requested binary with a malicious one and potentially trigger remote code executio...

CVE-2016-10562

iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if...

CVE-2016-10565

operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attack...

selenium-standalone-painful remote code execution vulnerability

selenium-standalone-painful is a program for installing command line tools for starting a selenium standalone server. A security vulnerability exists in selenium-standalone-painful that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker...

selenium-binaries code execution vulnerability

selenium-binaries is a tool for downloading Selenium-related binaries for your operating system. A security vulnerability exists in selenium-binaries that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing...

selenium-download code execution vulnerability

selenium-download is a tool for downloading the latest versions of the selenium standalone server and chromedriver. A security vulnerability exists in selenium-download versions prior to 2.0.7, which arises when the program downloads binary resources over the HTTP protocol. A remote attacker can...

baryton-saxophone code execution vulnerability

baryton-saxophone is a module for installing and launching Selenium Server for Mac, Linux and Windows. A security vulnerability exists in baryton-saxophone versions prior to 3.0.1, which originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit...

Man-in-the-Middle (MitM)

selenium-standalone-painful is vulnerable to man-in-the-middle MitM attacks. This is because the application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...

CVE-2016-10679

selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by...

CVE-2016-10601

webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...

CVE-2016-10601

webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...

CVE-2016-10586

macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

CVE-2016-10679

selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by...

CVE-2016-10589

selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if t...

CVE-2016-10611

strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the...

CVE-2016-10573

baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the request...

CVE-2016-10559

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

Remote code execution

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

Remote code execution

selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if t...

Remote code execution

macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...