11231 matches found
Remote code execution
macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
Design/Logic Flaw
broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...
Design/Logic Flaw
dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10558
aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binar...
CVE-2016-10567
product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download...
CVE-2016-10566
install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10558
aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binar...
CVE-2016-10566
install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10590
cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker i...
CVE-2016-10593
ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Before 2.5.6, it may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker...
CVE-2016-10601
webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...
CVE-2016-10666
tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker i...
CVE-2016-10679
selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by...
CVE-2016-10681
roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker...
CVE-2016-10586
CVE-2016-10586 affects the macaca-chromedriver Node.js wrapper for Selenium’s chromedriver. The vulnerability arises because it downloads binary resources over HTTP, enabling a man-in-the-middle (MITM) attacker to swap the requested binary with a malicious one, potentially causing remote code exe...
CVE-2016-10635
The CVE-2016-10635 entry affects broccoli-closure, a Closure compiler plugin for Broccoli. Versions prior to 1.3.1 download binary resources over HTTP, enabling MITM modification of binaries and potential remote code execution if an attacker is on the network between the user and the server. The ...
CVE-2016-10566
The CVE-2016-10566 entry concerns install-nw, a tool for installing NW.js. Versions before 1.1.5 download binary resources over HTTP, enabling MITM interference. An attacker on the network could swap the requested binary with a malicious one, potentially causing remote code execution on the user’...
CVE-2016-10559
CVE-2016-10559 affects selenium-download (prior to 2.0.7), where binaries (selenium server and chromedriver) are downloaded over HTTP. An attacker on a privileged network position can MITM the download and swap the binary, potentially leading to remote code execution when the user runs the compro...
CVE-2016-10584
The CVE-2016-10584 entry concerns dalek-browser-chrome-canary, a Google Chrome binding for DalekJS. The vulnerability arises because it downloads binary resources over HTTP, enabling a man-in-the-middle (MitM) attacker to swap the requested binary with malware, potentially causing remote code exe...
CVE-2016-10567
CVE-2016-10567 affects product-monitor before 2.2.5. The vulnerability stems from downloading JavaScript resources over HTTP, enabling MITM attackers to swap the requested JS with attacker-controlled code, potentially leading to remote code execution when the user loads the resource. No exploit d...