CVSS: 9.8EPSS: 95%CPEs: 1EXPL: 13CVE-2024-23692 – Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
https://notcve.org/view.php?id=CVE-2024-23692
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported. Rejetto HTTP File Server, hasta la versión 2.3m incluida, es vulnerable a una vulnerabilidad de inyección de plantilla. Esta vulnerabilidad permite que un atacante remoto no autenticado ejecute comandos arbitrarios en el sistema afectado enviando una solicitud HTTP especialmente manipulada. • https://github.com/verylazytech/CVE-2024-23692 https://github.com/0x20c/CVE-2024-23692-EXP https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692 https://github.com/jakabakos/CVE-2024-23692-RCE-in-Rejetto-HFS https://github.com/vanboomqi/CVE-2024-23692 https://github.com/BBD-YZZ/CVE-2024-23692 https://github.com/k3lpi3b4nsh33/CVE-2024-23692 https://github.com/Tupler/CVE-2024-23692-exp https://github.com/Mr-r00t11/CVE-2024-23692 https://github.com/WanL • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40668
https://notcve.org/view.php?id=CVE-2021-40668
The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. La aplicación Android HTTP File Server (Versión 1.4.1) de "slowscript" está afectada por una vulnerabilidad de salto de ruta que permite el listado arbitrario de directorios, la lectura y escritura de archivos • https://eddiez.me/path-traversal-in-slowscript-httpfileserver https://play.google.com/store/apps/details?id=slowscript.httpfileserver • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 29%CPEs: 1EXPL: 3CVE-2014-7226 – Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution
https://notcve.org/view.php?id=CVE-2014-7226
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols. La caracteristica File Comment en Rejetto HTTP File Server (hfs) 2.3c y anteriores permite a atacantes remotos ejecutar código arbitrario mediante la subida de un fichero con ciertas secuencias inválidas de bytes UTF-8 que se interpretan como símbolos de macros ejecutables. HTTP File Server versions 2.3a, 2.3b, and 2.3c suffer from a remote command execution vulnerability. • https://www.exploit-db.com/exploits/34852 http://packetstormsecurity.com/files/128532/HTTP-File-Server-2.3a-2.3b-2.3c-Remote-Command-Execution.html http://www.exploit-db.com/exploits/34852 http://www.rejetto.com/forum/hfs-~-http-file-server/new-version-2-3d http://www.securityfocus.com/bid/70216 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0407
https://notcve.org/view.php?id=CVE-2008-0407
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request. HTTP File Server (HFS) versiones anteriores a 2.2c etiqueta entradas en el fichero de trazas relativas a peticiones HTTP con el nombre de usuario enviado durante la Autenticación HTTP Básica, sin importar si la autenticación fue exitosa, lo cual podría dificultar a un administrador para determinar quién realiza peticiones remotas. • http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3582 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486874/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-username.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39877 • CWE-287: Improper Authentication •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0408
https://notcve.org/view.php?id=CVE-2008-0408
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication. HTTP File Server (HFS) versiones anteriores a 2.2c permite a atacantes remotos añadir texto de su elección en el fichero de trazas utilizando la representación base64 del texto durante la la Autenticación HTTP Básica. • http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3582 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486874/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-username.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39876 • CWE-287: Improper Authentication •