CVE-2014-6287

HFS (HTTP File Server) 2.3.x - Remote Command Execution

HFS 2.3x - Remote Code Execution - WINDOWS

Vulnerability: The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.

Score: CVSS v2.0: 10 // CVSS v3.x: 9.8

Shows on:

• HTB - Optimun

POC Updated:

HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)Exploit Database

POC2:

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)Exploit Database

Resources:

NVD - CVE-2014-6287

CVE - CVE-2014-6287