Mixed Content: This content should also be served over HTTPS

Is the mixed content warning a security concern? This is by design,the request starting “receiver://” is invoking the protocol handler. It only happens on the local computer instead to crossing the internet. This command invokes the WebHelper.exe installed as part of Receiver to run and report th...

Brave Software: Navigation to protocol handler URL from the opened page displayed as a request from this page.

Summary: Navigation to protocol handler URL from the page opened using window.open is considered as a request from the opened page. Example: 1. The page opens google.com 2. The page changes opened window's location to ssh://evil.com 3. Request to open ssh://evil.com URL displayed at google.com...

Microsoft Windows Multiple Vulnerabilities (KB4103716)

This host is missing a critical security update according to Microsoft KB4103716 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Electron protocol handler browser vulnerable to Command Injection

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

GHSA-FJQR-FX3F-G4RV Electron protocol handler browser vulnerable to Command Injection

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

Github Electron Protocol Handler Command Injection Vulnerability

GitHub Electron is a GitHub application development framework . The framework supports the use of JavaScript, HTML and CSS to write cross-platform desktop applications . Protocol Handler is one of the protocol handler . A command injection vulnerability exists in Protocol Handler in Github Electr...

Remote Code Execution (RCE)

Electron is vulnerable to remote code execution RCE attacks. A malicious user can pass a Electron Protocol Handler to the application that when clicked on executes arbitrary code. This vulnerability is due to an incomplete fix in CVE-2018-1000006...

Command injection

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

CVE-2018-1000118

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

Heap overflow

NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution...

CVE-2018-1000118

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

CVE-2018-1000118

Technical details for CVE-2018-1000118 are not publicly available in the provided documents. Monitor for updates.

CVE-2018-1000116

NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution...

CVE-2018-1000118

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

Exodus Wallet (ElectronJS Framework) remote Code Execution

This module exploits a Remote Code Execution vulnerability in Exodus Wallet, a vulnerability in the ElectronJS Framework protocol handler can be used to get arbitrary command execution if the user clicks on a specially crafted URL. This module requires Metasploit: https://metasploit.com/download...

chromium-browser: insufficient escaping with external url handlers

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page...

CVE-2018-6043

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page...

Electron Protocol Handler Remote Code Execution (CVE-2018-1000006)

A remote code execution vulnerability exists within Electron Protocol Handler. This is due to the way Electron registers Windows applications as the default handler for a protocol. A successful attack could lead to a remote code execution on the effected system...

GitHub Electron Arbitrary Command Execution Vulnerability

GitHub Electron is an application development framework from the American company GitHub. The framework supports writing cross-platform desktop applications using JavaScript, HTML and CSS. A security vulnerability exists in the protocol handler in GitHub Electron versions 1.8.2-beta.3 and earlier...

CVE-2018-1000006

GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user click...