EUVD-2019-0361

Malware in sbrugna...

GHSA-65Q2-X652-XX84 dalek-browser-ie downloads Resources over HTTP

Affected versions of dalek-browser-ie insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

dalek-browser-ie downloads Resources over HTTP

Affected versions of dalek-browser-ie insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

GHSA-X56R-5R34-QG74 dalek-browser-ie-canary downloads Resources over HTTP

Affected versions of dalek-browser-ie-canary insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...

Man-in-the-Middle (MitM)

dalek-browser-ie-canary is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker ...

Man-in-the-Middle (MitM)

dalek-browser-ie is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on t...

CVE-2016-10612

dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binar...

CVE-2016-10605

The CVE-2016-10605 entry concerns the dalek-browser-ie bindings for DalekJS, which downloads binary resources over HTTP. This creates a MITM risk where an attacker on the network can intercept and replace the binary, potentially enabling remote code execution on the user’s system. Public advisori...

CVE-2016-10612

dalek-browser-ie-canary downloads binary resources over HTTP, enabling MitM and potential remote code execution if an attacker on the network intercepts and replaces the binary. Affected: dalek-browser-ie-canary (Internet Explorer bindings for DalekJS). Root cause: unencrypted HTTP delivery of ex...