EUVD-2018-0262

Malware in sbrugna...

Downloads Resources over HTTP in haxeshim

Affected versions of haxeshim insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

GHSA-CR6C-85FH-CQPG Downloads Resources over HTTP in haxeshim

Affected versions of haxeshim insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

haxeshim code execution vulnerability

haxeshim is a package for managing multiple versions of Haxe simultaneously. A security vulnerability exists in haxeshim that originates when the program downloads a binary file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response and...

CVE-2016-10692

haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network...

CVE-2016-10692

haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network...

Remote code execution

haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network...

CVE-2016-10692

haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network...

CVE-2016-10692

CVE-2016-10692 concerns the haxeshim Haxe shim. Multiple connected sources confirm the affected component is haxeshim, which downloads resources over HTTP. The underlying vulnerability is exposure to man-in-the-middle (MITM) attacks, enabling an attacker on the network to swap requested resources...

Man-in-the-Middle (MitM)

haxeshim is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, potentially causing a remote code execution RCE vulnerability exploitable by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in betwee...

Downloads Resources over HTTP

Overview Affected versions of haxeshim insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...