Details of VAR-E-200712-0538

ID

VAR-E-200712-0538

EDB ID

30850

TITLE

Rejetto HTTP File Server (HFS) 2.2/2.3 - Arbitrary File Upload - Multiple remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 30850

DESCRIPTION

Rejetto HTTP File Server (HFS) 2.2/2.3 - Arbitrary File Upload.. remote exploit for Multiple platform

Trust: 0.6

sources: EXPLOIT-DB: 30850

AFFECTED PRODUCTS

vendor:	rejetto	model:	http file server	scope:	eq	version:	2.2/2.3	Trust: 1.6
vendor:	http	model:	file server http file server beta	scope:	eq	version:	2.3	Trust: 0.3
vendor:	http	model:	file server http file server 2.2a	scope:	-	version:	-	Trust: 0.3
vendor:	http	model:	file server http file server	scope:	eq	version:	2.2	Trust: 0.3
vendor:	http	model:	file server http file server 2.2b	scope:	ne	version:	-	Trust: 0.3

sources: BID: 26732 // EXPLOIT-DB: 30850 // EDBNET: 52470

EXPLOIT

source: https://www.securityfocus.com/bid/26732/info

HFS HTTP File Server is prone to a vulnerability that lets attackers upload files and place them in arbitrary locations on the server. The issue occurs because the software fails to adequately sanitize user-supplied input.

A successful exploit may allow the attacker to upload malicious files and potentially execute them; this may lead to various attacks.

This issue affects versions prior to HTTP File Server 2.2b.

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/30850.zip

Trust: 1.0

sources: EXPLOIT-DB: 30850

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 30850

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 30850

TYPE

Arbitrary File Upload

Trust: 1.0

sources: EXPLOIT-DB: 30850

CREDITS

Luigi Auriemma

Trust: 0.6

sources: EXPLOIT-DB: 30850

EXTERNAL IDS

db:	EXPLOIT-DB	id:	30850	Trust: 1.9
db:	BID	id:	26732	Trust: 1.9
db:	EDBNET	id:	52470	Trust: 0.6

sources: BID: 26732 // EXPLOIT-DB: 30850 // EDBNET: 52470

REFERENCES

url:	https://www.securityfocus.com/bid/26732/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/30850/	Trust: 0.6
url:	http://aluigi.altervista.org/adv/hfsup-adv.txt	Trust: 0.3
url:	http://www.rejetto.com/hfs/	Trust: 0.3
url:	https://www.exploit-db.com/exploits/30850	Trust: 0.3

sources: BID: 26732 // EXPLOIT-DB: 30850 // EDBNET: 52470

SOURCES

db:	BID	id:	26732
db:	EXPLOIT-DB	id:	30850
db:	EDBNET	id:	52470

LAST UPDATE DATE

2022-07-27T09:17:07.880000+00:00

SOURCES UPDATE DATE

db:

BID

id:

26732

date:

2007-12-08T02:42:00

SOURCES RELEASE DATE

db:	BID	id:	26732	date:	2007-12-05T00:00:00
db:	EXPLOIT-DB	id:	30850	date:	2007-12-05T00:00:00
db:	EDBNET	id:	52470	date:	2007-12-05T00:00:00