6 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request. HTTP File Server (HFS) versiones anteriores a 2.2c etiqueta entradas en el fichero de trazas relativas a peticiones HTTP con el nombre de usuario enviado durante la Autenticación HTTP Básica, sin importar si la autenticación fue exitosa, lo cual podría dificultar a un administrador para determinar quién realiza peticiones remotas. • http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3582 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486874/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-username.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39877 • CWE-287: Improper Authentication •

CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 1

HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication. HTTP File Server (HFS) versiones anteriores a 2.2c permite a atacantes remotos añadir texto de su elección en el fichero de trazas utilizando la representación base64 del texto durante la la Autenticación HTTP Básica. • http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3582 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486874/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-username.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39876 • CWE-287: Improper Authentication •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data. Múltiples vulnerabilidades de salto de directorio en HTTP File Server (HFS) versiones anteriores a 2.2c, cuando los nombres de cuenta se utilizan como ficheros de traza, permite a atacantes remotos crear (1) ficheros y (2) directorios mediante .. • http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3581 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486873/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-log.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39873 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 10%CPEs: 1EXPL: 1

HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name. HTTP File Server (HFS) versiones anteriores a 2.2c, cuando los nombres de cuenta se utilizan como ficheros de traza, permite a atacantes remotos provocar una denegación de servicio (caída de demonio) mediante un nombre de cuenta largo. • https://www.exploit-db.com/exploits/31056 http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3581 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486873/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-log.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39875 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en HTTP File Server (HFS) versiones anteriores a 2.2c permite a atacantes remotos inyectar scripts web o HTML de su elección mediante el subcomponente userinfo de un URL. HFS versions 2.3 through 2.0 suffer from cross site scripting and information disclosure vulnerabilities. • http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3583 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486872/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-template.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •