25 matches found
HTTP File Server <2.3c - Remote Command Execution
HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...
Exploit for Code Injection in Rejetto Http_File_Server
Optimum --- Optimum – Hack The Box Writeup Overview I...
HTTP File Server <2.3c - Remote Command Execution
HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...
HFS Http File Server 2.3.x - Remote Command Execution Exploit (3)
Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows Server 2012 R2...
HFS (HTTP File Server) 2.3.x Remote Code Execution
Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...
HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)
Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...
Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
Exploit Title: Rejetto HttpFileServer 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 28-11-2020 Remote: Yes Exploit Author: Óscar Andreu Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Windows...
Rejetto HttpFileServer 2.3.x Remote Command Execution
Exploit Title: Rejetto HttpFileServer 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 28-11-2020 Remote: Yes Exploit Author: Óscar Andreu Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Windows...
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)
Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 04-01-2016 Remote: Yes Exploit Author: Avinash Kumar Thapa aka "-Acid" Vendor Homepage: http://rejetto.com/ Softwar...
Rejetto HTTP File Server 2.3.x Remote Code Execution
!/usr/bin/python Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 04-01-2016 Remote: Yes Exploit Author: Avinash Kumar Thapa aka "-Acid" Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3...
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)
!/usr/bin/python Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 04-01-2016 Remote: Yes Exploit Author: Avinash Kumar Thapa aka "-Acid" Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3...
DDoS Exploit Targets Open Source Rejetto HFS
Apparently no vulnerability is too small, no application too obscure, to escape a hacker’s notice. A honeypot run by Trustwave’s SpiderLabs research team recently snared an automated attack targeting users of the open source Rejetto HTTP File Server Rejetto HFS. Someone was trying to exploit a...
Rejetto HttpFileServer Remote Command Execution
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Rejetto HttpFileServer Remote Command Execution", 'Description' = %q Rejetto HttpFileServer HFS i...
Rejetto HttpFileServer Remote Command Execution
Rejetto HttpFileServer HFS is vulnerable to remote command execution attack due to a poor regex in the file ParserLib.pas. This module exploits the HFS scripting commands by using '%00' to bypass the filtering. This module has been tested successfully on HFS 2.3b over Windows XP SP3, Windows 7 SP...
Rejetto HttpFileServer Remote Command Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Rejetto HttpFileServer Remote Command Execution", 'Description' = %q Rejetto HttpFileServer HFS is vulnerable to remote command...
CVE-2014-6287
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action...
CVE-2014-6287
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action...
CVE-2014-6287
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action...
CVE-2014-6287
The vulnerability CVE-2014-6287 affects Rejetto HTTP File Server (HFS) 2.3x prior to 2.3c. It stems from the findMacroMarker function in parserLib.pas, where a null-byte sequence (%00) in a search action allows remote attackers to execute arbitrary code. Public exploits and Metasploit modules exi...
Rejetto HTTP File Server (HFS) search feature fails to handle null bytes
Overview Rejetto HTTP File Server HFS search feature in versions 2.3, 2.3a, and 2.3b fails to handle null bytes. Description CWE-158: Improper Neutralization of Null Byte or NUL Character - CVE-2014-6287Rejetto HFS versions 2.3, 2.3a, and 2.3b are vulnerable to remote command execution due to a...