27 matches found
📄 Selenium Server (Grid) 4.27.0 Code Injection
Proof of concept exploit for Selenium Server Grid versions 4.27.0 and below that exploits firefoxprofile to force the browser to run bash commands. ============================================================================================================================================= | Title...
EUVD-2019-0325
Malware in sbrugna...
EUVD-2019-0214
Malware in sbrugna...
CVE-2022-28108
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
The vulnerability of the Selenium Server’s distributed test execution tool, related to the manipulation of cross-site requests, allows a attacker to perform a CSRF attack.
The vulnerability of the Selenium Server Grid distributed testing tool is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...
Exploit for Cross-Site Request Forgery (CSRF) in Selenium Selenium_Grid
Selenium Chrome RCE Exploit Extended This repository conta...
Selenium geckodriver RCE
Selenium Server Grid use exploit/linux/http/seleniumgreedfirefoxrcecve202228108 msf exploitseleniumgreedfirefoxrcecve202228108 show targets ...targets... msf exploitseleniumgreedfirefoxrcecve202228108 set TARGET msf exploitseleniumgreedfirefoxrcecve202228108 show options ...show and set options...
Selenium Firefox Remote Code Execution Exploit
Selenium Server Grid versions 4.27.0 and below allows cross site request forgery because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain and this issue in turn allows for an attacker to achieve remote code execution. This module...
Selenium Chrome Remote Code Execution Exploit
Selenium Server Grid versions prior to 4.0.0-alpha-7 allows cross site request forgery because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain and this issue in turn allows for an attacker to achieve remote code execution. This modu...
Selenium chrome RCE
Selenium Server Grid before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. Module Options msf use exploit/linux/http/seleniumgreedchromercecve202228108 msf exploitseleniumgreedchromercecve20222810...
Selenium Server (Grid) CSRF
Selenium Server Grid before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
au.net.causal.maven.plugins:browserbox-fixed-edge-driver (=1.0), au.net.causal.maven.plugins:browserbox-maven-plugin (=1.0) +579 more potentially affected by CVE-2022-28108 via org.seleniumhq.selenium:selenium-server (>=2.0a2 <=4.0.0-alpha-2)
org.seleniumhq.selenium:selenium-server MAVEN version =2.0a2, =0.9.6, =0.9.6, =1.0.1, =0.2.0, =4.4-23, =1.0.2, =1.0.0, =1.1.1, =2.3.5 and more Source cves: CVE-2022-28108 Source advisory: OSV:GHSA-H2RR-M97P-6JQ9...
GHSA-H2RR-M97P-6JQ9 Selenium Server (Grid) CSRF
Selenium Server Grid before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
CVE-2022-28108
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
CVE-2022-28108
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
CVE-2022-28108
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
Cross site request forgery (csrf)
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
PYSEC-2022-43167
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
PYSEC-2022-43167
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...
CVE-2022-28108
Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...