Node.js third-party modules: [http-file-server] List any files and sub folders in the folder by using path traversal.

I would like to report Path Traversal in http-file-server. It allows to list any files and sub folders in another folder of web root. Module module name: http-file-server version: 0.2.6 npm page: https://www.npmjs.com/package/http-file-server Vulnerability Vulnerability Description http-file-serv...

HTTP File Server Remote Command Execution Vulnerability-02 (Jan 2016)

HTTP File Server is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

HTTP File Server Remote Command Execution Vulnerability-01 (Jan 2016)

HTTP File Server is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Http File Server Detection (HTTP)

Detection of installed version of Http file server. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)

!/usr/bin/python Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 04-01-2016 Remote: Yes Exploit Author: Avinash Kumar Thapa aka "-Acid" Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3...

Rejetto HTTP File Server 2.3.x Remote Code Execution

!/usr/bin/python Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 04-01-2016 Remote: Yes Exploit Author: Avinash Kumar Thapa aka "-Acid" Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3...

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)

Rejetto HTTP File Server HFS 2.3.x - Remote Command Execution 2 !/usr/bin/python Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 04-01-2016 Remote: Yes Exploit Author: Avinash Kumar Thapa aka "-Acid" Vendor Homepage: http://rejetto.com/...

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 04-01-2016 Remote: Yes Exploit Author: Avinash Kumar Thapa aka "-Acid" Vendor Homepage: http://rejetto.com/ Softwar...

DDoS Exploit Targets Open Source Rejetto HFS

Apparently no vulnerability is too small, no application too obscure, to escape a hacker’s notice. A honeypot run by Trustwave’s SpiderLabs research team recently snared an automated attack targeting users of the open source Rejetto HTTP File Server Rejetto HFS. Someone was trying to exploit a...

Design/Logic Flaw

The file comment feature in Rejetto HTTP File Server hfs 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols...

CVE-2014-7226

The CVE-2014-7226 entry concerns Rejetto HTTP File Server (HFS) versions 2.3c and earlier, where the file comment feature allows remote code execution. The root cause is improper handling/validation of certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols when the ...

HTTP File Server 2.3a, 2.3b, 2.3c - Remote Command Execution

No description provided by source...

CVE-2014-6287

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action...

Design/Logic Flaw

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action...

CVE-2014-6287

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action...

CVE-2014-6287

The vulnerability CVE-2014-6287 affects Rejetto HTTP File Server (HFS) 2.3x prior to 2.3c. It stems from the findMacroMarker function in parserLib.pas, where a null-byte sequence (%00) in a search action allows remote attackers to execute arbitrary code. Public exploits and Metasploit modules exi...

CVE-2014-6287

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution

========================================================== HTTP File Server 2.3a - 2.3b - 2.3c Remote Command Execution Author : Daniele Linguaglossa Date: 30/09/2014 Remote: Yes Vendor Homepage: http://rejetto.com/ Software Link: http://downloads.sourceforge.net/hfs/hfs2.3c.src.zip CVE:...

HTTP File Server 2.3a / 2.3b / 2.3c Remote Command Execution

========================================================== HTTP File Server 2.3a - 2.3b - 2.3c Remote Command Execution Author : Daniele Linguaglossa Date: 30/09/2014 Remote: Yes Vendor Homepage: http://rejetto.com/ Software Link: http://downloads.sourceforge.net/hfs/hfs2.3c.src.zip CVE:...

Rejetto HTTP File Server (HFS) 2.3a2.3b2.3c - Remote Command Execution

Rejetto HTTP File Server HFS 2.3a2.3b2.3c - Remote Command Execution ========================================================== HTTP File Server 2.3a - 2.3b - 2.3c Remote Command Execution Author : Daniele Linguaglossa Date: 30/09/2014 Remote: Yes Vendor Homepage: http://rejetto.com/ Software Lin...