14 matches found
EUVD-2019-0292
Malware in sbrugna...
EUVD-2018-0372
Malware in sbrugna...
Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs
Overview casperjs is a navigation scripting & testing utility for PhantomJS and SlimerJS. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects utility function. PoC js var payload = JSON.parse'"proto": "a": "pwned"'; mergeObjects, payload; console.log.a; //...
slimerjs-edge downloads Resources over HTTP
Affected versions of slimerjs-edge insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
GHSA-5RC6-2R3R-FV79 slimerjs-edge downloads Resources over HTTP
Affected versions of slimerjs-edge insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
webshotgun (>=0.0.2 <=1.0.1) potentially affected by CVE-2016-10644 via slimerjs-edge (=0.10.0-pre-3)
slimerjs-edge NPM version =0.10.0-pre-3 is affected by a known vulnerability. The following packages have a transitive dependency on slimerjs-edge and may be impacted: - webshotgun =0.0.2, =1.0.1 Source cves: CVE-2016-10644 Source advisory: OSV:GHSA-5RC6-2R3R-FV79...
Slimerjs-edge Remote Code Execution Vulnerability
slimerjs-edge is a scriptable browser for web development and testing. A security vulnerability exists in slimerjs-edge that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with an...
Man-In-The-Middle (MitM)
slimerjs-edge is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...
CVE-2016-10644
slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...
Remote code execution
slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...
CVE-2016-10644
slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...
CVE-2016-10644
CVE-2016-10644 relates to the npm wrapper slimerjs-edge , which downloads binary resources over HTTP. The core vulnerability is a MITM risk: an attacker on the network could intercept the HTTP response and substitute the requested binary with a malicious one, potentially enabling remote code exec...
CVE-2016-10625
headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested...
CVE-2016-10625
CVE-2016-10625 affects headless-browser-lite, a minimal npm installer for phantomjs/slimerjs. The vulnerability arises from downloading binary resources over HTTP, enabling an attacker on the network to perform a MITM swap of the requested binary, potentially leading to remote code execution on t...