rejetto HFS Security Vulnerability

rejetto HFS is a web-based file server from the individual developer Massimo Melina in Italy. A security vulnerability exists in rejetto HFS versions prior to 0.52.10, which originates from allowing an authenticated remote user to execute operating system commands...

CVE-2024-39943

rejetto HFS aka HTTP File Server 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users if they have Upload permissions. This occurs because a shell is used to execute df i.e., with execSync instead of spawnSync in childprocess in Node.js...

PT-2024-28745 · Rejetto · Rejetto Hfs

Name of the Vulnerable Software and Affected Versions: rejetto HFS aka HTTP File Server versions 3 before 0.52.10 Description: The issue allows OS command execution by remote authenticated users who have Upload permissions. This occurs because a shell is used to execute df with execSync instead o...

VulnCheck KEV: CVE-2024-23692

Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request...

Path traversal in saltstack

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...

GHSA-2QW3-2WV6-P64X Path traversal in saltstack

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...

CVE-2024-22232

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...

UBUNTU-CVE-2024-22232

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...

CVE-2024-22232

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...

CVE-2024-22232

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...

CVE-2024-22232

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...

CVE-2024-22232 Specially crafted url can be created which leads to a directory traversal in the salt file server

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...

CVE-2024-22232 Specially crafted url can be created which leads to a directory traversal in the salt file server

A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...

Exploit for Path Traversal in Solarwinds Serv-U

CVE-2024-28995-SolarWinds-Serv-U SolarWinds Serv-U File Serv...

Metasploit Weekly Wrap-Up 06/14/2024

New module content 5 Telerik Report Server Auth Bypass Authors: SinSinology and Spencer McIntyre Type: Auxiliary Pull request: 19242 contributed by zeroSteiner Path: scanner/http/telerikreportserverauthbypass AttackerKB reference: CVE-2024-4358 Description: This adds an exploit for CVE-2024-4358...

Rejetto HTTP File Server 2.x Remote Code Execution

Rejetto HTTP File Server 2.x, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. No source data...

Exploit for Code Injection in Rejetto Http_File_Server

It is an offensive tool for web application exploitation. This r...

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution Exploit

The Rejetto HTTP File Server HFS version 2.x is vulnerable to an unauthenticated server side template injection SSTI vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to work...

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution

The Rejetto HTTP File Server HFS version 2.x is vulnerable to an unauthenticated server side template injection SSTI vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to work...

Rejetto HTTP File Server Template Injection Vulnerability

Rejetto HTTP File Server Rejetto HFS is an HTTP file server from Rejetto. A template injection vulnerability exists in Rejetto HTTP File Server version 2.3m and earlier, which arises from an application that uses unfiltered user input as template parameters when rendering dynamic content, and can...