9 matches found
GHSA-XJ6F-X7JM-85FF openframe-ascii-image downloads Resources over HTTP
Affected versions of openframe-ascii-image insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...
openframe-ascii-image downloads Resources over HTTP
Affected versions of openframe-ascii-image insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...
CVE-2016-10690
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
CVE-2016-10690
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
Remote code execution
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
CVE-2016-10690
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
CVE-2016-10690
The CVE-2016-10690 entry relates to openframe-ascii-image, an Openframe plugin that loads resources over HTTP. Connected advisories (GHSA-XJ6F-X7JM-85FF and OSV/NVD entries) confirm the root cause: insecure HTTP downloads of a binary/executable, enabling a man-in-the-middle attack where an attack...
Man-in-the-Middle (MitM)
openframe-ascii-image is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, potentially causing a remote code execution RCE vulnerability exploitable by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...
Downloads Resources over HTTP
Overview Affected versions of openframe-ascii-image insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...