31 matches found
CVE-2016-10688
CVE-2016-10688 affects the Haxe 3 toolkit (haxe3): it downloads resources over HTTP, making it vulnerable to a Man‑in‑the‑Middle (MitM) where an attacker on the network can intercept and replace the downloaded resource, potentially enabling remote code execution. The available documents consisten...
CVE-2016-10688
Haxe 3 : The Cross-Platform Toolkit a fork from David Mouton's damoebius/haxe-npm haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...
CVE-2016-10637
CVE-2016-10637 affects haxe-dev, a cross-platform toolkit. The vulnerability arises when haxe-dev downloads binary resources over HTTP, allowing a network-adjacent attacker to perform a MITM and swap the requested binary with an attacker-controlled one, potentially leading to remote code executio...
CVE-2016-10602
haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned...
CVE-2016-10602
haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned...
Design/Logic Flaw
haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned...
CVE-2016-10602
CVE-2016-10602 affects the cross-platform toolkit haxe . The issue occurs because haxe downloads zipped resources over HTTP, exposing users to man-in-the-middle (MITM) attacks. An attacker on the network could swap the requested zip with a malicious one, potentially leading to remote code executi...
CVE-2016-10602
haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned...
Man In The Middle (MitM)
haxe is vulnerable to man-in-the-middle MitM attacks. This is because the libraries download zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zipped file with an attacker controlled zipped file if the attacker is on the...
Downloads Resources over HTTP
Overview Affected versions of haxe-dev insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...
Downloads Resources over HTTP
Overview Affected versions of haxe insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...