11 matches found
EUVD-2019-0216
Malware in sbrugna...
EUVD-2019-0202
Malware in sbrugna...
GHSA-2MVM-66Q7-M256 Downloads Resources over HTTP in selenium-download
Affected versions of selenium-download insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...
Downloads Resources over HTTP in selenium-download
Affected versions of selenium-download insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...
selenium-download code execution vulnerability
selenium-download is a tool for downloading the latest versions of the selenium standalone server and chromedriver. A security vulnerability exists in selenium-download versions prior to 2.0.7, which arises when the program downloads binary resources over the HTTP protocol. A remote attacker can...
Remote code execution
selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...
CVE-2016-10559
selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...
CVE-2016-10559
selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...
CVE-2016-10559
selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...
Man-in-the-Middle (MitM) Attacks
selenium-download is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, allowing a malicious user to swap out the requested binary with another binary for the system to execute...
Downloads Resources over HTTP
Overview Affected versions of selenium-download insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...