27 matches found
EUVD-2019-0310
Malware in sbrugna...
EUVD-2019-0352
Malware in sbrugna...
CVE-2023-5590
A null pointer dereference flaw was found in Selenium IEDriver. This issue causes the driver to crash when selenium gets the cookies from an attacker controlled page, which could leave the application unavailable. Mitigation No mitigation is currently known for the IE Driver. If possible, opt for...
Exploit for Use After Free in Microsoft
CVE-2020-0674 How to reproduce this vulnerability:...
amaze-tdd (>=0.0.9 <=0.2.5) potentially affected by CVE-2016-10562 via iedriver (=2.53.1)
iedriver NPM version =2.53.1 is affected by a known vulnerability. The following packages have a transitive dependency on iedriver and may be impacted: - amaze-tdd =0.0.9, =0.2.5 Source cves: CVE-2016-10562 Source advisory: OSV:GHSA-JFGQ-G48X-JQ83...
Downloads Resources over HTTP in iedriver
Affected versions of iedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...
GHSA-JFGQ-G48X-JQ83 Downloads Resources over HTTP in iedriver
Affected versions of iedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...
Downloads Resources over HTTP in windows-iedriver
Affected versions of windows-iedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...
GHSA-W9MF-24H3-9WXF Downloads Resources over HTTP in windows-iedriver
Affected versions of windows-iedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...
Windows-iedriver Module Command Execution Vulnerability
The windows-iedriver module is a module for installing the latest version of iedriver. A security vulnerability exists in the windows-iedriver module, which is caused by a program downloading a binary file over an unencrypted HTTP connection. An attacker can exploit the vulnerability by...
CVE-2016-10689
The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled co...
CVE-2016-10689
The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled co...
Remote code execution
The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled co...
CVE-2016-10689
CVE-2016-10689 affects the windows-iedriver module, which downloads the iedriverserver.exe binary over HTTP. This enables a man-in-the-middle attacker on the network path to intercept the response and swap the binary, potentially leading to remote code execution on the host running the driver. Th...
CVE-2016-10689
The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled co...
CVE-2016-10562
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if...
CVE-2016-10562
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if...
Remote code execution
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if...
CVE-2016-10562
CVE-2016-10562 affects the npm wrapper for Selenium IEDriver, iedriver . The vulnerability arises because versions below 3.0.0 download binary resources over HTTP, enabling a network-level MITM attacker to swap the requested binary with a malicious one and potentially trigger remote code executio...
CVE-2016-10562
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if...