8 matches found
Downloads Resources over HTTP in phantomjs-cheniu
Affected versions of phantomjs-cheniu insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...
GHSA-W364-8VFV-GVF5 Downloads Resources over HTTP in phantomjs-cheniu
Affected versions of phantomjs-cheniu insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...
phantomjs-cheniu remote code execution vulnerability
phantomjs-cheniu is a headless Webkit script with JavaScript API. A security vulnerability exists in phantomjs-cheniu, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response a...
Man-in-the-Middle (MitM)
phantomjs-cheniu is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...
CVE-2016-10661
phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on...
Remote code execution
phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on...
CVE-2016-10661
phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on...
CVE-2016-10661
Summary: CVE-2016-10661 affects phantomjs-cheniu, a headless WebKit with JS API, which downloads binary resources over HTTP. The unencrypted HTTP channel enables MITM interception, allowing an attacker with network position to swap the requested binary and potentially trigger remote code executio...