ID
VAR-E-200712-0538
EDB ID
30850
TITLE
Rejetto HTTP File Server (HFS) 2.2/2.3 - Arbitrary File Upload - Multiple remote Exploit
Trust: 0.6
DESCRIPTION
Rejetto HTTP File Server (HFS) 2.2/2.3 - Arbitrary File Upload.. remote exploit for Multiple platform
Trust: 0.6
AFFECTED PRODUCTS
vendor: | rejetto | model: | http file server | scope: | eq | version: | 2.2/2.3 | Trust: 1.6 |
vendor: | http | model: | file server http file server beta | scope: | eq | version: | 2.3 | Trust: 0.3 |
vendor: | http | model: | file server http file server 2.2a | scope: | - | version: | - | Trust: 0.3 |
vendor: | http | model: | file server http file server | scope: | eq | version: | 2.2 | Trust: 0.3 |
vendor: | http | model: | file server http file server 2.2b | scope: | ne | version: | - | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/26732/info
HFS HTTP File Server is prone to a vulnerability that lets attackers upload files and place them in arbitrary locations on the server. The issue occurs because the software fails to adequately sanitize user-supplied input.
A successful exploit may allow the attacker to upload malicious files and potentially execute them; this may lead to various attacks.
This issue affects versions prior to HTTP File Server 2.2b.
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/30850.zip
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Arbitrary File Upload
Trust: 1.0
CREDITS
Luigi Auriemma
Trust: 0.6
EXTERNAL IDS
db: | EXPLOIT-DB | id: | 30850 | Trust: 1.9 |
db: | BID | id: | 26732 | Trust: 1.9 |
db: | EDBNET | id: | 52470 | Trust: 0.6 |
REFERENCES
url: | https://www.securityfocus.com/bid/26732/info | Trust: 1.0 |
url: | https://www.exploit-db.com/exploits/30850/ | Trust: 0.6 |
url: | http://aluigi.altervista.org/adv/hfsup-adv.txt | Trust: 0.3 |
url: | http://www.rejetto.com/hfs/ | Trust: 0.3 |
url: | https://www.exploit-db.com/exploits/30850 | Trust: 0.3 |
SOURCES
db: | BID | id: | 26732 |
db: | EXPLOIT-DB | id: | 30850 |
db: | EDBNET | id: | 52470 |
LAST UPDATE DATE
2022-07-27T09:17:07.880000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 26732 | date: | 2007-12-08T02:42:00 |
SOURCES RELEASE DATE
db: | BID | id: | 26732 | date: | 2007-12-05T00:00:00 |
db: | EXPLOIT-DB | id: | 30850 | date: | 2007-12-05T00:00:00 |
db: | EDBNET | id: | 52470 | date: | 2007-12-05T00:00:00 |