6 matches found
Design/Logic Flaw
Phlox com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device...
CVE-2023-46919
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...
Hardcoded credentials
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmissio...
CVE-2023-46918
Phlox com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device...
CVE-2023-46919
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...
CVE-2023-46919
Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...