GHSA-P65H-233C-JXVM Downloads Resources over HTTP in resourcehacker

Affected versions of resourcehacker insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

duckietv-builder (>=1.0.0 <=1.0.11) potentially affected by CVE-2016-10646 via resourcehacker (=4.2.51)

resourcehacker NPM version =4.2.51 is affected by a known vulnerability. The following packages have a transitive dependency on resourcehacker and may be impacted: - duckietv-builder =1.0.0, =1.0.11 Source cves: CVE-2016-10646 Source advisory: OSV:GHSA-P65H-233C-JXVM...

Downloads Resources over HTTP in resourcehacker

Affected versions of resourcehacker insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Resourcehacker Remote Code Execution Vulnerability

resourcehacker is an executable resource editor for the Windows platform. A security vulnerability exists in resourcehacker that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with ...

Man-in-the-Middle (MitM)

resourcehacker is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on th...

Remote code execution

resourcehacker is a Node wrapper of Resource Hacker windows executable resource editor. resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

CVE-2016-10646

resourcehacker is a Node wrapper of Resource Hacker windows executable resource editor. resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

CVE-2016-10646

resourcehacker is a Node wrapper of Resource Hacker windows executable resource editor. resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

CVE-2016-10646

CVE-2016-10646 affects the Node wrapper resourcehacker, which downloads binary resources over HTTP. The underlying issue is insecure HTTP delivery, enabling MITM attackers to intercept the response and replace the requested binary with attacker-controlled code, potentially leading to remote code ...

FakeImageExploiter - Use a Fake image.jpg (hide known file extensions) to exploit targets

This module takes one existing image.jpg and one payload.ps1 input by user and builds a new payload agent.jpg.exe that if executed it will trigger the download of the 2 previous files stored into apache2 image.jpg + payload.ps1 and execute them. This module also changes the agent.exe Icon to matc...

backdoorppt - transform your payload.exe into one fake word doc (.ppt)

backdoorppt - 'Office spoof extensions tool' Version release: v1.5-Stable Distros Supported: Linux Kali, Ubuntu, Mint Author: pedro ubuntu r00t-3xp10it Suspicious-Shell-Activity© SSA RedTeam develop @2017 Transform your payload.exe into one fake word doc .ppt Simple script that allow users to add...

Downloads Resources over HTTP

Overview Affected versions of resourcehacker insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...