Windows-iedriver Module Command Execution Vulnerability

The windows-iedriver module is a module for installing the latest version of iedriver. A security vulnerability exists in the windows-iedriver module, which is caused by a program downloading a binary file over an unencrypted HTTP connection. An attacker can exploit the vulnerability by...

windows-latestchromedriver code execution vulnerability

windows-latestchromedriver is a module for downloading and installing the latest version of Chormedriver. A security vulnerability exists in windows-latestchromedriver that originates when the program downloads a binary file over an unencrypted HTTP connection. A remote attacker can exploit the...

massif code execution vulnerability

massif is a WebKit script written in JavaScript. A security vulnerability exists in massif, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response and replacing the requeste...

selenium-standalone-painful remote code execution vulnerability

selenium-standalone-painful is a program for installing command line tools for starting a selenium standalone server. A security vulnerability exists in selenium-standalone-painful that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker...

DuoLingo TinyCards application for Android Man-in-the-Middle Attack Vulnerability

DuoLingo TinyCards application for Android is a memory workout application based on the Android platform. A security vulnerability exists in versions of the DuoLingo TinyCards application for Android prior to version 1.0, which stems from the program's use of unencrypted HTTP, and can be exploite...

CVE-2017-16905

The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack...

Remote code execution

The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack...

CVE-2017-16905

The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack...

CVE-2017-16905

DuoLingo TinyCards for Android (before 1.0) uses unencrypted HTTP, enabling a man‑in‑the‑middle to spoof content and potentially achieve remote code execution. Root cause: insecure network transport. Impact: content spoofing and possible RCE as stated. Remediation: upgrade to version 1.0 or later...

Huawei HiSuite Man-in-the-Middle Attack Vulnerability

Huawei HiSuite is a set of cell phone assistant software for PC from Huawei, China. A security vulnerability exists in Huawei HiSuite version 4.0.5.300OVE due to the program using unencrypted HTTP to download upgrade packages and failing to check the integrity of the packages before installation...

Downloads resources over HTTP

Overview Affected versions of hubl-server insecurely download dependencies over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the responses and replace the dependencies with malicious ones, resulting in code execution...

Downloads Resources over HTTP

Overview Affected versions of windows-iedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of selenium-standalone-painful insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

Downloads Resources over HTTP

Overview Affected versions of windows-seleniumjar-mirror insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

Downloads Resources over HTTP

Overview Affected versions of fis-parser-sass-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of qbs insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Downloads Resources over HTTP

Overview Affected versions of ntfserver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

Downloads Resources over HTTP

Overview Affected versions of atom-node-module-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

Downloads Resources over HTTP

Overview Affected versions of chromedriver126 insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of dalek-browser-chrome insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...