Rejetto
Products
2- 15 CVEs
- 1 CVE
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-6287 | Cri | 0.80 | 9.8 | 0.99 | KEV | Oct 7, 2014 | The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. | |
| CVE-2025-34096 | Cri | 0.69 | — | 0.01 | Jul 10, 2025 | A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the… | ||
| CVE-2024-1226 | Hig | 0.49 | 7.5 | 0.00 | Mar 12, 2024 | The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker… | ||
| CVE-2024-23692 | 0.16 | — | 0.99 | KEV | May 31, 2024 | Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of… | ||
| CVE-2014-7226 | 0.04 | — | 0.09 | Oct 10, 2014 | The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols. | |||
| CVE-2008-0406 | 0.03 | — | 0.04 | Jan 29, 2008 | HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name. | |||
| CVE-2024-26566 | 0.00 | — | 0.01 | Mar 7, 2024 | An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. | |||
| CVE-2023-4118 | 0.00 | — | 0.00 | Aug 3, 2023 | A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to… | |||
| CVE-2021-40668 | 0.00 | — | 0.01 | Jun 9, 2022 | The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. | |||
| CVE-2019-5458 | 0.00 | — | 0.01 | Jul 30, 2019 | Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. | |||
| CVE-2008-0410 | 0.00 | — | 0.02 | Jan 29, 2008 | HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo… | |||
| CVE-2008-0405 | 0.00 | — | 0.03 | Jan 29, 2008 | Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3)… | |||
| CVE-2008-0408 | 0.00 | — | 0.02 | Jan 29, 2008 | HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication. | |||
| CVE-2008-0407 | 0.00 | — | 0.02 | Jan 29, 2008 | HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request. | |||
| CVE-2008-0409 | 0.00 | — | 0.01 | Jan 29, 2008 | Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL. |
- risk 0.80cvss 9.8epss 0.99
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
- risk 0.69cvss —epss 0.01
A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the…
- risk 0.49cvss 7.5epss 0.00
The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker…
- risk 0.16cvss —epss 0.99
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of…
- CVE-2014-7226Oct 10, 2014risk 0.04cvss —epss 0.09
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.
- CVE-2008-0406Jan 29, 2008risk 0.03cvss —epss 0.04
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
- CVE-2024-26566Mar 7, 2024risk 0.00cvss —epss 0.01
An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component.
- CVE-2023-4118Aug 3, 2023risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to…
- CVE-2021-40668Jun 9, 2022risk 0.00cvss —epss 0.01
The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write.
- CVE-2019-5458Jul 30, 2019risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.
- CVE-2008-0410Jan 29, 2008risk 0.00cvss —epss 0.02
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo…
- CVE-2008-0405Jan 29, 2008risk 0.00cvss —epss 0.03
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3)…
- CVE-2008-0408Jan 29, 2008risk 0.00cvss —epss 0.02
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
- CVE-2008-0407Jan 29, 2008risk 0.00cvss —epss 0.02
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
- CVE-2008-0409Jan 29, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.