1207 matches found
Cross site request forgery (csrf)
HTTP File Server HFS before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request...
Directory traversal
Multiple directory traversal vulnerabilities in HTTP File Server HFS before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary 1 files and 2 directories via a .. dot dot in an account name, when requesting the / URI; and 3 append arbitrary data to a fil...
Cross site scripting
Cross-site scripting XSS vulnerability in HTTP File Server HFS before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL...
Design/Logic Flaw
HTTP File Server HFS before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service daemon crash via a long account name...
Design/Logic Flaw
HTTP File Server HFS before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL...
CVE-2008-0409
Cross-site scripting XSS vulnerability in HTTP File Server HFS before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL...
CVE-2008-0407
HTTP File Server HFS before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request...
CVE-2008-0408
HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...
CVE-2008-0405
Multiple directory traversal vulnerabilities in HTTP File Server HFS before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary 1 files and 2 directories via a .. dot dot in an account name, when requesting the / URI; and 3 append arbitrary data to a fil...
CVE-2008-0410
HTTP File Server HFS before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL...
CVE-2008-0406
HTTP File Server HFS before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service daemon crash via a long account name...
CVE-2008-0405
Multiple directory traversal vulnerabilities in HTTP File Server HFS before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary 1 files and 2 directories via a .. dot dot in an account name, when requesting the / URI; and 3 append arbitrary data to a fil...
CVE-2008-0409
Cross-site scripting XSS vulnerability in HTTP File Server HFS before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL...
CVE-2008-0406
CVE-2008-0406 affects HFS (HTTP File Server) prior to 2.2c, where using account names as log filenames allows a remote attacker to trigger a DoS (daemon crash) via a long account name. The issue stems from how logs are named and written when the %user% template is used; exploited input can overfl...
CVE-2008-0406
HTTP File Server HFS before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service daemon crash via a long account name...
CVE-2008-0409
CVE-2008-0409 describes a cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) prior to 2.2c. The issue arises from how the server handles the userinfo subcomponent of a URL, allowing remote attackers to inject arbitrary web script or HTML into responses. Affected product: HFS (HTTP...
CVE-2008-0408
CVE-2008-0408 (HFS) : HTTP File Server versions before 2.2c are vulnerable to a logfile manipulation flaw. Remote attackers can cause arbitrary text to be appended to the server log by sending text encoded in base64 during HTTP Basic Authentication. This is a log forging/injection issue that can ...
CVE-2008-0405
CVE-2008-0405 affects HTTP File Server (HFS) and describes multiple directory traversal flaws in versions prior to 2.2c. When account names are used for log filenames, an attacker can trigger traversal with .. in the account name to create arbitrary files and directories via the / URI, and can ap...
CVE-2008-0410
CVE-2008-0410 affects HFS (HTTP File Server) prior to 2.2c. The vulnerability enables information disclosure by placing an id element in the userinfo portion of a URL used for HTTP Basic Authentication (e.g., %version%). Remote attackers can obtain configuration and usage details from the server,...
CVE-2008-0407
HTTP File Server HFS before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request...