Remote code execution

webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...

CVE-2016-10601

CVE-2016-10601 affects the npm package webdrvr (Selenium Webdriver wrapper). The vulnerability arises because webdrvr downloads binary resources over HTTP, enabling an attacker on the network path to perform a MITM and replace the requested binary with a malicious one, potentially leading to remo...

CVE-2016-10601

webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...

Fedora 26 : webkitgtk4 (2018-43712163de)

This update addresses the following vulnerabilities : - CVE-2018-4088, CVE-2017-13885, CVE-2017-7165, CVE-2017-13884, CVE-2017-7160, CVE-2017-7153, CVE-2017-7161, CVE-2018-4096 Additional fixes : - Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled. -...

Security update for webkit2gtk3 (important)

This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5: + Disable SharedArrayBuffers from Web API. + Reduce the precision of "high" resolution time to 1ms. + bsc1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown CVE-2017-5753...

openSUSE Security Update : webkit2gtk3 (openSUSE-2018-118) (Meltdown) (Spectre)

This update for webkit2gtk3 fixes the following issues : Update to version 2.18.5 : + Disable SharedArrayBuffers from Web API. + Reduce the precision of 'high' resolution time to 1ms. + bsc1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown CVE-2017-575...

Fedora 27 : webkitgtk4 (2018-3199135a7e)

This update addresses the following vulnerabilities : - CVE-2018-4088, CVE-2017-13885, CVE-2017-7165, CVE-2017-13884, CVE-2017-7160, CVE-2017-7153, CVE-2017-7161, CVE-2018-4096 Additional fixes : - Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled. -...

Fedora 27 : webkitgtk4 (2017-06b373d942)

This update addresses the following vulnerabilities : - CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-13856 Additional fixes : - Make WebDriver implementation more spec compliant. - Fix a bug when trying to remove cookies before a web process is spawned. - WebKitWebDriver process no...

Fedora 27 : webkitgtk4 (2017-3433c9245d)

This update addresses the following vulnerabilities : - CVE-2017-13798, CVE-2017-13788, CVE-2017-13803 Additional fixes : - Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. - Fix handling of null capabilities in WebDriver implementation. Note...

Fedora 26 : webkitgtk4 (2017-0ad0e2f390)

This update addresses the following vulnerabilities : - CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-13856 Additional fixes : - Make WebDriver implementation more spec compliant. - Fix a bug when trying to remove cookies before a web process is spawned. - WebKitWebDriver process no...

Fedora 25 : webkitgtk4 (2017-077334783e)

This update addresses the following vulnerabilities : - CVE-2017-13798, CVE-2017-13788, CVE-2017-13803 Additional fixes : - Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. - Fix handling of null capabilities in WebDriver implementation. Note...

Fedora 26 : webkitgtk4 (2017-4d5618a962)

This update addresses the following vulnerabilities : - CVE-2017-13798, CVE-2017-13788, CVE-2017-13803 Additional fixes : - Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. - Fix handling of null capabilities in WebDriver implementation. Note...

Automating Opera browser with Selenium WebDriver and Python

The right way to automate a web application is, certainly, to understand how this application works, by using burp see "Burp Suite Free Edition and NTLM authentication in ASP.net applications" for example, retrieve all necessary requests and learn how to use them. However, this is sometimes so...

Downloads Resources over HTTP

Overview Affected versions of webdriver-launcher insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of grunt-webdriver-qunit insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Security update for MozillaFirefox, mozilla-nss (important)

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...

Informix Webdriver 1.0 - Remote Administration Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2166/info Informix Webdriver, the web-to-DB interface used by Informix database products, may permit unauthorized remote access to the system's administration functions. Under very specific circumstances, if webdriver is...

Informix webdriver CGI Unauthenticated Database Access

The remote host may be running Informix Webdriver, a web-to-database interface. If not configured properly, this CGI script may give an unauthenticated attacker the ability to modify and even delete databases on the remote host. Nessus relied solely on the presence of this CGI; it did not try to...

Vulnerabilities in Informix Webdriver

Webdriver is the web interface of Informix database,I found it is vulnerable.In the common condition,webdriver is submitted with a parameter,but if you type http://victim/cgi-bin/webdriver directly, It will return a webpage which you can modify or delete database on it. Otherwise, webdriver will...

Дырка в Informix Webdriver

доступ к веб-интерфейсу управления базами данных без авторизации. Кроме того, уязвимость символьных линков при создании лог-файла...