threat
engine
.sh
Back
·
··:··
Home
/
Product
/
hfs http file server
Product
hfs http file server
14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-39943
< 0.52.10
rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated
9.9
CRITICAL
CVE-2024-23692
<= 2.4
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerabilit
9.8
CRITICAL
CVE-2021-40668
all versions
The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permit
8.1
HIGH
CVE-2020-13432
all versions
rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an
7.5
HIGH
CVE-2019-5458
all versions
Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file syst
5.4
MEDIUM
CVE-2019-5447
<= 0.2.6
A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.
5.3
MEDIUM
CVE-2014-7226
<= 2.3c
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by u
CVE-2014-6287
>= 2.3 and < 2.3c
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remo
9.8
CRITICAL
CVE-2008-0410
<= 2.2b
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such a
CVE-2008-0409
<= 2.2b
Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web scr
CVE-2008-0408
<= 2.2b
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representa
CVE-2008-0407
<= 2.2b
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardle
CVE-2008-0406
<= 2.2b
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of ser
CVE-2008-0405
<= 2.2b
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames,
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin