742 matches found
Default configuration
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
CVE-2022-22757
CVE-2022-22757 concerns Mozilla Firefox and involves the Remote Agent used in WebDriver not validating the Host or Origin headers. This could allow a website to connect back locally to the user's browser to take control, specifically when WebDriver is enabled (not the default). Affected products ...
CVE-2022-22757
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
CVE-2022-22757
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
CVE-2022-22757
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
CVE-2022-22757
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
geckodriver安全漏洞
geckodriver is an application program. It provides an HTTP API described by the WebDriver protocol to communicate with the Gecko browser. A security vulnerability exists in geckodriver versions prior to 0.30.0, which stems from improved host header checking to reject requests that are not sent to...
CVE-2022-28109
Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...
Code injection
Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...
CVE-2022-28109
Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...
Ubuntu: Security Advisory (USN-5284-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-22757
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
UBUNTU-CVE-2022-22757
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
Mozilla Firefox 访问控制错误漏洞
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox, which stems from the Remote Agent used in WebDriver not validating the Host or Origin header. An attacker could exploit the vulnerability to force...
Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS)
Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Date: 05.20.2021 Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import...
SEO Panel 4.8.0 - (order_col) Blind SQL Injection Exploit (2)
Exploit Title: SEO Panel 4.8.0 - 'ordercol' Blind SQL Injection 2 Author: nu11secur1ty Testing and Debugging: nu11secur1ty Vendor: https://www.seopanel.org/ Link: https://www.seopanel.org/spdownload/4.8.0 CVE: CVE-2021-28419 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty CVE-2021-28419...
SEO Panel 4.8.0 SQL Injection
Exploit Title: blind SQL injection on archive.php of SEO Panel 4.8.0 Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 04.25.2021 Vendor: https://www.seopanel.org/ Link: https://www.seopanel.org/spdownload/4.8.0 CVE: CVE-2021-28419 + Exploit Source: !/usr/bin/python3 Author:...
Words Scraper - Selenium Based Web Scraper To Generate Passwords List
Selenium based web scraper to generate passwords list. Installation Download Firefox webdriver from https://github.com/mozilla/geckodriver/releases $ tar xzf geckodriver-vVERSION-HERE.tar.gz $ sudo mv geckodriver /usr/local/bin Make sure it is in your PATH $ geckodriver --version Make sure...
Fedora 30 : webkit2gtk3 (2019-4213e37211)
Improve performance of querying system fallback fonts. - Dont use prgname in dbus-proxy socket path. - Fix thread-safety issues in image decoders. - Fix the build with WebDriver disabled. - Disable accelerated compositing when we fail to initialize the EGL dispaly under Wayland. - Fill the...
Splunk Enterprise 7.2.4 Remote Code Execution
!/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Date: March 1, 2019 Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link:...