11 matches found
EUVD-2019-0276
Malware in sbrugna...
Downloads Resources over HTTP in imageoptim
imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled tarball if t...
Remote code execution
nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server...
CVE-2016-10581
Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out th...
Design/Logic Flaw
haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned...
CVE-2016-10602
CVE-2016-10602 affects the cross-platform toolkit haxe . The issue occurs because haxe downloads zipped resources over HTTP, exposing users to man-in-the-middle (MITM) attacks. An attacker on the network could swap the requested zip with a malicious one, potentially leading to remote code executi...
Man In The Middle (MitM)
prince is vulnerable to man-in-the-middle MitM attacks. This is because the libraries download zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zipped file with an attacker controlled zipped file if the attacker is on the...
Remote code execution
Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince1 CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled...
Man In The Middle (MitM)
haxe is vulnerable to man-in-the-middle MitM attacks. This is because the libraries download zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zipped file with an attacker controlled zipped file if the attacker is on the...
Man In The Middle (MitM)
ipip is vulnerable to man-in-the-middle MitM attacks. This is because the libraries download zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zipped file with an attacker controlled zipped file if the attacker is on the...
Man In The Middle (MitM)
nw is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or...