EUVD-2019-0309

Malware in sbrugna...

xd-testing Downloads Resources over HTTP

Affected versions of xd-testing insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-J7J5-752X-WR4V xd-testing Downloads Resources over HTTP

Affected versions of xd-testing insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

xd-testing Remote Code Execution Vulnerability

xd-testing is a set of test libraries for testing applications across devices. A security vulnerability exists in xd-testing that originates when a program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with a...

Man-in-the-Middle (MitM)

xd-testing is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10653

xd-testing is a testing library for cross-device XD web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...

Design/Logic Flaw

xd-testing is a testing library for cross-device XD web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...

CVE-2016-10653

xd-testing is a testing library for cross-device XD web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...

CVE-2016-10653

CVE-2016-10653 concerns the xd-testing package, where the library downloads binary resources over HTTP. The root issue is insecure HTTP transfer of executables, enabling a network-position attacker to intercept the response and replace the binary, potentially leading to remote code execution on t...

Downloads Resources over HTTP

Overview Affected versions of xd-testing insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...