PT-2023-30262 · Phlox · Simple Http Server Plus +1

Name of the Vulnerable Software and Affected Versions: Phlox com.phlox.simpleserver aka Simple HTTP Server version 1.8 com.phlox.simpleserver.plus aka Simple HTTP Server PLUS version 1.8.1-plus Description: The issue is related to a hardcoded encryption key, specifically aKySWb2jjrr4dzkYXczKRt7K,...

CVE-2023-46919

Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...

CVE-2023-46919

CVE-2023-46919 affects Phlox com.phlox.simpleserver (Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (Simple HTTP Server PLUS) 1.8.1-plus. The root cause is a hardcoded AES encryption key, aKySWb2jjrr4dzkYXczKRt7K , that can be extracted from the application or its binary, enabling an att...

CVE-2023-51771

CVE-2023-51771 : In MicroHttpServer (through a8ab029), the function _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI. Reports across sources confirm the issue in the affected build; CVSS v3.1 base score 9.8 (CRITICAL) with network access, no user interaction requ...

PT-2023-31889 · Unknown · Microhttpserver

Name of the Vulnerable Software and Affected Versions: MicroHttpServer versions through a8ab029 Description: The issue allows a one-byte recv buffer overflow via a long URI in the ParseHeader function located in lib/server.c. Recommendations: For versions through a8ab029, consider restricting...

Debian DSA-5587-1 : curl - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5587 advisory. Two security issues were discovered in Curl: Cookies were incorrectly validated against the public suffix list of domains and in some cases HSTS data could...

Debian dla-3692 : curl - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3692 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3692-1 [email protected]...

CVE-2023-50965

CVE-2023-50965 affects MicroHttpServer up to version 4398570, where _ReadStaticFiles in lib/middleware.c performs unsafe HTTP request parsing and can overflow a fixed-size stack buffer when given a long URI, enabling remote code execution. The connected exploit documentation provides PoC details ...

Micro HTTP Server Security Vulnerability

Micro HTTP Server is a very simple HTTP server for prototyping by the individual developer Jian-Hong Pan in China. A security vulnerability exists in Micro HTTP Server that stems from allowing stack-based buffer overflows and potential remote code execution...

Fedora 38 : curl (2023-2121eca964)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2121eca964 advisory. - fix HSTS long file name clears contents CVE-2023-46219 - fix cookie mixed case PSL bypass CVE-2023-46218 Tenable has extracted the preceding...

The vulnerability of the sub_4119A0 function in the microprogramming software of the TOTOLINK X6000R router allows a hacker to execute arbitrary code.

The vulnerability of the sub4119A0 function shttpd in the TOTOLINK X6000R router microprogramming system exists due to the lack of measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

GHSA-PHJQ-7XQP-2526 Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

GHSA-4G5F-W3MH-W99M Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...

CVE-2023-50769

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-50769

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-50768

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-50768

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...