5 matches found
CVE-2014-6287
The vulnerability CVE-2014-6287 affects Rejetto HTTP File Server (HFS) 2.3x prior to 2.3c. It stems from the findMacroMarker function in parserLib.pas, where a null-byte sequence (%00) in a search action allows remote attackers to execute arbitrary code. Public exploits and Metasploit modules exi...
CVE-2024-23692
CVE-2024-23692 affects Rejetto HTTP File Server (HFS) versions up to 2.3m. The vulnerability is a server‑side template injection in the search parameter that is reflected into HFS templates, allowing an unauthenticated attacker to execute arbitrary commands (remote code execution). Exploitation c...
CVE-2020-13432
The CVE-2020-13432 entry concerns rejetto HFS (HTTP File Server) v2.3m Build 300. The connected docs confirm a remote buffer overflow that, under concurrent HTTP requests with long URIs or long headers, can trigger an invalid-pointer write access violation in hfs.exe, effectively enabling remote ...
CVE-2024-39943
CVE-2024-39943 affects rejetto HFS (HTTP File Server) before v0.52.10 on Linux/UNIX/macOS. The root cause is that the server executes OS commands via a shell (execSync) to run df during file upload, enabling remote authenticated users with Upload permissions to achieve remote code execution. Conn...
CVE-2014-7226
The CVE-2014-7226 entry concerns Rejetto HTTP File Server (HFS) versions 2.3c and earlier, where the file comment feature allows remote code execution. The root cause is improper handling/validation of certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols when the ...