Remote code execution

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

CVE-2014-2029

The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com...

Internet Bug Bounty: Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298

The vulnerability allows a malicious Flash app on a website to read and write Local Shared Objects belonging to any website. As a special case, LSO's of macromedia.com contain global Flash settings. Overwriting them allows e.g. unlimited access to camera and microphone of the target user. Other...

Internet Bug Bounty: HTTP MitM on Flash Player settings manager allows attacker to set sandbox settings

This vulnerability is present in both Google Chrome's PepperFlash aswell as browsers with the NPAPI Flash Player versions. It works by MITM'ing the Flashplayer settings manager. Although this settings manager is served over HTTPS, it is still possible to place or edit the local settings cookie by...