HTTP File Server 2.3a, 2.3b, 2.3c - Remote Command Execution Vulnerability

Exploit for php platform in category web applications ========================================================== HTTP File Server 2.3a - 2.3b - 2.3c Remote Command Execution Author : Daniele Linguaglossa Date: 30/09/2014 Remote: Yes Vendor Homepage: http://rejetto.com/ Software Link:...

HttpFileServer 2.3c Cross Site Scripting

Exploit Title: HttpFileServer 2.3c Multiple Reflected Cross-site scripting Date: 24-09-2014 Remote: Yes Exploit Author: Mahendra Vendor Homepage: http://rejetto.com/ Software Link: http://downloads.sourceforge.net/hfs/hfs2.3c.src.zip Version: 2.3c Tested on: Windows XP SP 3, Windows 7 The latest...

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)

Rejetto HTTP File Server HFS 2.3.x - Remote Command Execution 1 Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 11-09-2014 Remote: Yes Exploit Author: Daniele Linguaglossa Vendor Homepage: http://rejetto.com/ Software Link:...

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)

Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 11-09-2014 Remote: Yes Exploit Author: Daniele Linguaglossa Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Windows Server...

HFS HTTP File Server 2.2/2.3 Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26732/info HFS HTTP File Server is prone to a vulnerability that lets attackers upload files and place them in arbitrary locations on the server. The issue occurs because the software fails to adequately sanitize...

HTTP File Server 2.2 Security Bypass and Denial of Service Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/39544/info HTTP File Server is prone to multiple vulnerabilities including a security-bypass issue and a denial-of-service issue. Exploiting these issues will allow an attacker to download files from restricted directorie...

HFS HTTP File Server 1.5/2.x Multiple Security Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a...

HTTP File Server Multiple Vulnerabilities

HTTP File Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:httpfilesever:hfs";...

HTTP File Server 2.2 - Security Bypass Denial of Service

HTTP File Server 2.2 - Security Bypass Denial of Service source: https://www.securityfocus.com/bid/39544/info HTTP File Server is prone to multiple vulnerabilities including a security-bypass issue and a denial-of-service issue. Exploiting these issues will allow an attacker to download files fro...

HTTP File Server Security Bypass and Denial of Service Vulnerabilities

HTTP File Server is prone to multiple vulnerabilities including a security- bypass issue and a denial-of-service issue. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

HTTP File Server 2.2 - Security Bypass / Denial of Service

source: https://www.securityfocus.com/bid/39544/info HTTP File Server is prone to multiple vulnerabilities including a security-bypass issue and a denial-of-service issue. Exploiting these issues will allow an attacker to download files from restricted directories within the context of the...

Directory traversal

Multiple directory traversal vulnerabilities in HTTP File Server HFS before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary 1 files and 2 directories via a .. dot dot in an account name, when requesting the / URI; and 3 append arbitrary data to a fil...

Design/Logic Flaw

HTTP File Server HFS before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL...

Design/Logic Flaw

HTTP File Server HFS before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service daemon crash via a long account name...

CVE-2008-0407

HTTP File Server HFS before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request...

CVE-2008-0408

HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...

CVE-2008-0409

Cross-site scripting XSS vulnerability in HTTP File Server HFS before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL...

CVE-2008-0410

HTTP File Server HFS before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL...

Authentication flaw

HTTP File Server HFS before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication...

Cross site request forgery (csrf)

HTTP File Server HFS before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request...