CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1207 matches found

CVE•added 2008/01/28 11:0 p.m.•39 views

CVE-2008-0407

CVE-2008-0407 affects HFS (HTTP File Server) up to version 2.2c. The vulnerability is a Username Spoofing issue where the server logs the username presented during HTTP Basic Authentication in request logs, even if authentication fails, which can mislead administrators about who actually made a r...

5CVSS6.6AI score0.01566EPSS

Exploits6References8Affected Software1

Cvelist•added 2008/01/28 11:0 p.m.•45 views

CVE-2008-0410

HTTP File Server HFS before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL...

6.5AI score0.01801EPSS

Exploits7References8

Cvelist•added 2008/01/28 11:0 p.m.•41 views

CVE-2008-0408

HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...

6.7AI score0.01707EPSS

Exploits6References8

seebug.org•added 2008/01/26 12:0 a.m.•77 views

HFS HTTP File Server多个远程安全漏洞

BUGTRAQ ID: 27423 CVECAN ID: CVE-2008-0405,CVE-2008-0406,CVE-2008-0407,CVE-2008-0408,CVE-2008-0409,CVE-2008-0410 HTTP File Server是用于共享文件的开源HTTP服务器。 HFS没有正确地记录某些输入，用户可以在登陆时伪造用户名将任意内容注入到日志文件中。 HFS没有正确地过滤某些输入便将其返回给了用户，这可能导致在受影响服务器的用户浏览器会话中执行任意HTML和脚本代码。...

10CVSS6.4AI score0.03568EPSS

Exploits11

seebug.org•added 2008/01/25 12:0 a.m.•701 views

HFS HTTP File Server存在多个漏洞

HFS HTTP File Server是一款HTTP文件服务程序。 HFS HTTP File Server存在多个安全问题，远程攻击者可以利用漏洞进行跨站脚本，信息泄漏，拒绝服务，任意文件建立和用户名伪造等攻击。 1）使用"mkd"和"manipf"命令可导致任意文件和目录建立或操作： mkd ..\Syhunt manipf inject.html ..\Syhunt\index.html 2）发送特殊构建的请求，可导致服务程序崩溃。 3）不正确过滤用户的URI输入，可导致跨站脚本攻击：...

7.1AI score

Exploits0

Packet Storm•added 2008/01/24 12:0 a.m.•51 views

hfs-xss.txt

Syhunt: HFS HTTP File Server Template Cross-Site Scripting and Information Disclosure Vulnerabilities Advisory-ID: 200801161 Discovery Date: 1.16.2008 Release Date: 1.23.2008 Affected Applications: HFS 2.0 to and including 2.3Beta Build 174 Non-Affected Applications: HFS 1.6a and earlier versions...

5CVSS6.5AI score0.01801EPSS

Exploits8

securityvulns•added 2008/01/24 12:0 a.m.•84 views

Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities

Syhunt: HFS HTTP File Server Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities Advisory-ID: 200801162 Discovery Date: 1.16.2008 Release Date: 1.23.2008 Affected Applications: HFS 2.2 to and including 2.3Beta Build 174 Non-Affected Applications: HFS 2.1d and earlier...

10CVSS0.9AI score0.03568EPSS

Exploits6

securityvulns•added 2008/01/24 12:0 a.m.•62 views

Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability

Syhunt: HFS HTTP File Server Username Spoofing and Log Forging/Injection Vulnerability Advisory-ID: 200801163 Discovery Date: 1.16.2008 Release Date: 1.23.2008 Affected Applications: HFS 1.5g to and including 2.3Beta Build 174; and possibly HFS version 1.5f Non-Affected Applications: HFS 1.5e and...

6.4CVSS6.6AI score0.01707EPSS

Exploits7

securityvulns•added 2008/01/24 12:0 a.m.•88 views

Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities

5CVSS0.01801EPSS

Exploits8

exploitpack•added 2008/01/23 12:0 a.m.•36 views

Rejetto HTTP File Server (HFS) 1.52.x - Multiple Vulnerabilities

Rejetto HTTP File Server HFS 1.52.x - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a...

10CVSS0.5AI score0.03568EPSS

Exploits11

Exploit DB•added 2008/01/23 12:0 a.m.•55 views

Rejetto HTTP File Server (HFS) 1.5/2.x - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a username-spoofing issue, and a...

10CVSS6.4AI score0.03568EPSS

Exploits11

OpenVAS•added 2008/01/17 12:0 a.m.•20 views

Debian: Security Advisory (DSA-1291-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.8AI score0.77806EPSS

Exploits36References3

seebug.org•added 2008/01/08 12:0 a.m.•30 views

OpenAFS文件服务器远程拒绝服务漏洞

BUGTRAQ ID: 27132 CVECAN ID: CVE-2007-6599 OpenAFS是一套开放源代码的分布式文件系统，允许系统之间通过局域和广域网来分享档案和资源。 OpenAFS的文件服务器中存在竞争条件错误，远程攻击者可能利用此漏洞导致程序崩溃。如果远程攻击者同时请求并返回文件回调的话，GiveUpAllCallBacks RPC的处理器就会未经hostglock锁定便执行链表操作，导致守护程序崩溃。 OpenAFS OpenAFS 1.5.0 - 1.5.27 OpenAFS OpenAFS 1.3.50 - 1.4.5 OpenAFS -------...

4.3CVSS6.3AI score0.01661EPSS

Exploits1

OSV•added 2008/01/04 2:46 a.m.•1 views

DEBIAN-CVE-2007-6599

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service daemon crash by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list...

4.3CVSS6.8AI score0.01661EPSS

Exploits1References1

seebug.org•added 2007/12/11 12:0 a.m.•383 views

HFS HTTP File Server任意文件上传漏洞

HTTP File Server是一款基于HTTP的文件服务程序。 HTTP File Server不正确过滤用户提交的文件数据，远程攻击者可以利用漏洞进行目录遍历攻击，上传文件到任意目标文件夹。使用'../'形式的文件名形式，可绕过目录限制，上传文件到任意系统位置。 HTTP File Server HTTP File Server 2.2a HTTP File Server HTTP File Server 2.2 升级程序： HTTP File Server HTTP File Server 2.2a HTTP File Server HTTP File Server 2.2b...

7.1AI score

Exploits0

securityvulns•added 2007/12/09 12:0 a.m.•25 views

HTTP File Server directory traversal

Durectory traversal on file upload...

1.1AI score

Exploits0References1Affected Software1

securityvulns•added 2007/12/09 12:0 a.m.•55 views

Limited upload directory traversal in HTTP File Server 2.2a / 2.3 beta (build #146)

Luigi Auriemma Application: HTTP File Server http://www.rejetto.com/hfs/ Versions: = 2.2a and = 2.3 beta build 146 Platforms: Windows Bug: limited directory traversal in files uploading Exploitation: remote Date: 05 Dec 2007 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1...

1.1AI score

Exploits0

exploitpack•added 2007/12/05 12:0 a.m.•11 views

Rejetto HTTP File Server (HFS) 2.22.3 - Arbitrary File Upload

Rejetto HTTP File Server HFS 2.22.3 - Arbitrary File Upload source: https://www.securityfocus.com/bid/26732/info HFS HTTP File Server is prone to a vulnerability that lets attackers upload files and place them in arbitrary locations on the server. The issue occurs because the software fails to...

7.4AI score

Exploits0

Exploit DB•added 2007/12/05 12:0 a.m.•43 views

Rejetto HTTP File Server (HFS) 2.2/2.3 - Arbitrary File Upload

source: https://www.securityfocus.com/bid/26732/info HFS HTTP File Server is prone to a vulnerability that lets attackers upload files and place them in arbitrary locations on the server. The issue occurs because the software fails to adequately sanitize user-supplied input. A successful exploit...

7AI score

Exploits0

securityvulns•added 2007/05/16 12:0 a.m.•52 views

Samba file server multiple security vulnerabilities

Multiple heap based buffer overflows, invalid SID to uid translation privilege escalation, shell characters problem...

10CVSS3.5AI score0.77806EPSS

Exploits36References9Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by