Skip to main content

Simple Http Server Plus

2 CVEs product

Monthly

CVE-2023-46918 MEDIUM POC This Month

Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Simple Http Server Plus
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-46919 MEDIUM POC This Month

Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Authentication Bypass Simple Http Server Simple Http Server Plus
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
EPSS 0% CVSS 4.6
MEDIUM POC This Month

Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Simple Http Server Plus
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC This Month

Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Authentication Bypass Simple Http Server Simple Http Server Plus
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy