167 matches found
Exploit for Code Injection in Rejetto Http_File_Server
CVE-2024-23692-poc CVE-2024-23692 is a template injection vu...
CVE-2024-52793
The CVE affects the Deno Standard Library, specifically http/file-server.serveDir with showDirListing: true on POSIX systems, where file names controlled by an attacker can trigger cross-site scripting. Versions prior to 1.0.11 are affected; 1.0.11 fixes the issue. Exploitation is documented as p...
CVE-2024-52793 XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems
The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...
PT-2024-35445 · Deno · Deno Standard Library
Name of the Vulnerable Software and Affected Versions: Deno Standard Library versions prior to 1.0.11 Description: The issue affects the Deno Standard Library, specifically the http/file-server module's serveDir function when used with the showDirListing: true option. This setup is vulnerable to...
Rejetto HTTP File Server 2.x <= 2.3m RCE (CVE-2024-23692) (direct check)
Binary data rejettohfsrceCVE-2024-23692.nbin...
Rejetto HTTP File Server 2.x <= 2.3m RCE (CVE-2024-23692)
The version of Rejetto HTTP File Server installed on the remote host is 2.x up to 2.3m. It is, therefore, affected by a vulnerability: - Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote,...
Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware
The Computer Emergency Response Team of Ukraine CERT-UA has alerted of a spear-phishing campaign that targeted a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which...
Rejetto HTTP File Server template injection
Added: 07/10/2024 Background Rejetto HTTP File Server is a web-based file system application. Problem A template injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted GET request. Resolution Upgrade to a version higher than HTTP File Server H...
Rejetto HTTP File Server template injection
Added: 07/10/2024 Background Rejetto HTTP File Server is a web-based file system application. Problem A template injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted GET request. Resolution Upgrade to a version higher than HTTP File Server H...
CVE-2024-39943
rejetto HFS aka HTTP File Server 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users if they have Upload permissions. This occurs because a shell is used to execute df i.e., with execSync instead of spawnSync in childprocess in Node.js...
Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus
Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service DoS condition. "The remote code execution vulnerability in PanelView Plus involves two custom...
CVE-2024-39943
rejetto HFS aka HTTP File Server 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users if they have Upload permissions. This occurs because a shell is used to execute df i.e., with execSync instead of spawnSync in childprocess in Node.js...
Metasploit Weekly Wrap-Up 06/14/2024
New module content 5 Telerik Report Server Auth Bypass Authors: SinSinology and Spencer McIntyre Type: Auxiliary Pull request: 19242 contributed by zeroSteiner Path: scanner/http/telerikreportserverauthbypass AttackerKB reference: CVE-2024-4358 Description: This adds an exploit for CVE-2024-4358...
Rejetto HTTP File Server 2.x Remote Code Execution
Rejetto HTTP File Server 2.x, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. No source data...
Exploit for Code Injection in Rejetto Http_File_Server
It is an offensive tool for web application exploitation. This r...
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution Exploit
The Rejetto HTTP File Server HFS version 2.x is vulnerable to an unauthenticated server side template injection SSTI vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to work...
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution
The Rejetto HTTP File Server HFS version 2.x is vulnerable to an unauthenticated server side template injection SSTI vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to work...
Rejetto HTTP File Server Template Injection Vulnerability
Rejetto HTTP File Server Rejetto HFS is an HTTP file server from Rejetto. A template injection vulnerability exists in Rejetto HTTP File Server version 2.3m and earlier, which arises from an application that uses unfiltered user input as template parameters when rendering dynamic content, and can...
CVE-2024-23692
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...
CVE-2024-23692
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...