CVSS: 5.0EPSS: 11%CPEs: 1EXPL: 1CVE-2008-0406 – Rejetto HTTP File Server (HFS) 1.5/2.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0406
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name. HTTP File Server (HFS) versiones anteriores a 2.2c, cuando los nombres de cuenta se utilizan como ficheros de traza, permite a atacantes remotos provocar una denegación de servicio (caída de demonio) mediante un nombre de cuenta largo. • https://www.exploit-db.com/exploits/31056 http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3581 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486873/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-log.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39875 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2008-0405
https://notcve.org/view.php?id=CVE-2008-0405
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data. Múltiples vulnerabilidades de salto de directorio en HTTP File Server (HFS) versiones anteriores a 2.2c, cuando los nombres de cuenta se utilizan como ficheros de traza, permite a atacantes remotos crear (1) ficheros y (2) directorios mediante .. • http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3581 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486873/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-log.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39873 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0409
https://notcve.org/view.php?id=CVE-2008-0409
Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en HTTP File Server (HFS) versiones anteriores a 2.2c permite a atacantes remotos inyectar scripts web o HTML de su elección mediante el subcomponente userinfo de un URL. HFS versions 2.3 through 2.0 suffer from cross site scripting and information disclosure vulnerabilities. • http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3583 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486872/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-template.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0410
https://notcve.org/view.php?id=CVE-2008-0410
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL. HTTP File Server (HFS) versiones anteriores a 2.2c permite a atacantes remotos obtener detalles de la configuración y uso utilizando un elmento id tal como <id>%version%</id> en la Autenticación HTTP Básica en vez de un usuario y contraseña, como se demuestra al ubicar este elemento id en el sub componente userinfo de un URL. HFS versions 2.3 through 2.0 suffer from cross site scripting and information disclosure vulnerabilities. • http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3583 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486872/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-template.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39871 • CWE-287: Improper Authentication •