26 matches found
📄 Selenium Server (Grid) 4.27.0 Code Injection
Proof of concept exploit for Selenium Server Grid versions 4.27.0 and below that exploits firefoxprofile to force the browser to run bash commands. ============================================================================================================================================= | Title...
EUVD-2019-0214
Malware in sbrugna...
EUVD-2019-0325
Malware in sbrugna...
CVE-2022-28108
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
Exploit for Cross-Site Request Forgery (CSRF) in Selenium Selenium_Grid
Selenium Chrome RCE Exploit Extended This repository conta...
Selenium geckodriver RCE
Selenium Server Grid use exploit/linux/http/seleniumgreedfirefoxrcecve202228108 msf exploitseleniumgreedfirefoxrcecve202228108 show targets ...targets... msf exploitseleniumgreedfirefoxrcecve202228108 set TARGET msf exploitseleniumgreedfirefoxrcecve202228108 show options ...show and set options...
Selenium Firefox Remote Code Execution Exploit
Selenium Server Grid versions 4.27.0 and below allows cross site request forgery because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain and this issue in turn allows for an attacker to achieve remote code execution. This module...
Selenium Chrome Remote Code Execution Exploit
Selenium Server Grid versions prior to 4.0.0-alpha-7 allows cross site request forgery because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain and this issue in turn allows for an attacker to achieve remote code execution. This modu...
Selenium chrome RCE
Selenium Server Grid before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. Module Options msf use exploit/linux/http/seleniumgreedchromercecve202228108 msf exploitseleniumgreedchromercecve20222810...
GHSA-H2RR-M97P-6JQ9 Selenium Server (Grid) CSRF
Selenium Server Grid before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
au.net.causal.maven.plugins:browserbox-fixed-edge-driver (=1.0), au.net.causal.maven.plugins:browserbox-maven-plugin (=1.0) +579 more potentially affected by CVE-2022-28108 via org.seleniumhq.selenium:selenium-server (>=2.0a2 <=4.0.0-alpha-2)
org.seleniumhq.selenium:selenium-server MAVEN version =2.0a2, =0.9.6, =0.9.6, =1.0.1, =0.2.0, =4.4-23, =1.0.2, =1.0.0, =1.1.1, =2.3.5 and more Source cves: CVE-2022-28108 Source advisory: OSV:GHSA-H2RR-M97P-6JQ9...
Selenium Server (Grid) CSRF
Selenium Server Grid before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
CVE-2022-28108
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
CVE-2022-28108
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
CVE-2022-28108
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
Cross site request forgery (csrf)
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
PYSEC-2022-43167
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
PYSEC-2022-43167
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
CVE-2022-28108
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
Selenium Server 跨站请求伪造漏洞
Selenium Grid is an intelligent proxy server for the Selenium community. It can easily run tests in parallel on multiple machines.A cross-site request spoofing vulnerability exists in versions prior to Selenium Server 4, which can be exploited by attackers to spoof malicious requests to trick...