5 results (0.002 seconds)

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 2

rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js). rejetto HFS (también conocido como servidor de archivos HTTP) 3 anterior a 0.52.10 en Linux, UNIX y macOS permite la ejecución de comandos del sistema operativo por parte de usuarios remotos autenticados (si tienen permisos de carga). Esto ocurre porque se usa un shell para ejecutar df (es decir, con execSync en lugar de spawnSync en child_process en Node.js). • https://github.com/truonghuuphuc/CVE-2024-39943-Poc https://github.com/A-little-dragon/CVE-2024-39943-Exploit https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10 https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-284: Improper Access Control •

CVSS: 9.8EPSS: 95%CPEs: 1EXPL: 12

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported. Rejetto HTTP File Server, hasta la versión 2.3m incluida, es vulnerable a una vulnerabilidad de inyección de plantilla. Esta vulnerabilidad permite que un atacante remoto no autenticado ejecute comandos arbitrarios en el sistema afectado enviando una solicitud HTTP especialmente manipulada. • https://github.com/verylazytech/CVE-2024-23692 https://github.com/0x20c/CVE-2024-23692-EXP https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692 https://github.com/jakabakos/CVE-2024-23692-RCE-in-Rejetto-HFS https://github.com/vanboomqi/CVE-2024-23692 https://github.com/BBD-YZZ/CVE-2024-23692 https://github.com/k3lpi3b4nsh33/CVE-2024-23692 https://github.com/Tupler/CVE-2024-23692-exp https://github.com/Mr-r00t11/CVE-2024-23692 https://github.com/WanL • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 4

rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers. rejetto HFS (también se conoce como HTTP File Server) versión v2.3m Build #300, cuando se utilizan archivos o carpetas virtuales, permite a atacantes remotos desencadenar una violación de acceso de escritura de puntero no válido por medio de peticiones HTTP concurrentes con un URI largo o encabezados HTTP largos HFS Http File Server version 2.3m build 300 suffers from a remote buffer overflow vulnerability that can lead to a denial of service. • http://hyp3rlinx.altervista.org/advisories/HFS-HTTP-FILE-SERVER-v2.3-REMOTE-BUFFER-OVERFLOW-DoS.txt http://packetstormsecurity.com/files/157980/HFS-Http-File-Server-2.3m-Build-300-Buffer-Overflow.html http://seclists.org/fulldisclosure/2020/Jun/13 http://seclists.org/fulldisclosure/2021/Apr/12 https://github.com/rejetto/hfs2/commit/b8ebfc4e22948e1a61506cd66e397b61ea5ea5de https://packetstormsecurity.com/files/157980/HFS-Http-File-Server-2.3m-Build-300-Buffer-Overflow.html https://www.rejetto.com/hfs/?f& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 29%CPEs: 1EXPL: 3

The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols. La caracteristica File Comment en Rejetto HTTP File Server (hfs) 2.3c y anteriores permite a atacantes remotos ejecutar código arbitrario mediante la subida de un fichero con ciertas secuencias inválidas de bytes UTF-8 que se interpretan como símbolos de macros ejecutables. HTTP File Server versions 2.3a, 2.3b, and 2.3c suffer from a remote command execution vulnerability. • https://www.exploit-db.com/exploits/34852 http://packetstormsecurity.com/files/128532/HTTP-File-Server-2.3a-2.3b-2.3c-Remote-Command-Execution.html http://www.exploit-db.com/exploits/34852 http://www.rejetto.com/forum/hfs-~-http-file-server/new-version-2-3d http://www.securityfocus.com/bid/70216 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 13

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. La función findMacroMarker en parserLib.pas en Rejetto HTTP File Server (también conocido como HFS o HttpFileServer) 2.3x anterior a 2.3c permite a atacantes remotos ejecutar programas arbitrarios a través de una secuencia %00 en una acción de búsqueda. HttpFileServer version 2.3.x suffers from a remote command execution vulnerability due to a poorly formed regex. The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs. • https://www.exploit-db.com/exploits/34926 https://www.exploit-db.com/exploits/39161 https://www.exploit-db.com/exploits/34668 https://www.exploit-db.com/exploits/49125 https://github.com/0xTabun/CVE-2014-6287 https://github.com/zhsh9/CVE-2014-6287 https://github.com/wizardy0ga/THM-Steel_Mountain-CVE-2014-6287 https://github.com/Nicoslo/Windows-exploitation-Rejetto-HTTP-File-Server-HFS-2.3.x-CVE-2014-6287 http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote • CWE-94: Improper Control of Generation of Code ('Code Injection') •