Software > Bug reports
Exploits
portfolis:
Hello
There are exploits for HFS and at least some of them really work on 2.3e. Can you fix it?
https://www.exploit-db.com/exploits/34852/
https://www.exploit-db.com/exploits/34668/
https://www.exploit-db.com/exploits/30850/
https://www.exploit-db.com/exploits/31056/
https://www.exploit-db.com/exploits/34926/
bmartino1:
re read you database, they have been fixed:
https://www.exploit-db.com/exploits/34852/ applies to these hfs versions: HTTP File Server 2.3a - 2.3b - 2.3c ...
https://www.exploit-db.com/exploits/34668/ was the orginal 0day exdploit on the forum that has been solved...
Has already been patched, another "programer / ethecial hacker Author: metasploit https://www.exploit-db.com/exploits/34926/ vulnerable to remote command execution attack due to a poor regex in the file ParserLib.pas (the 0day exploit, some detail in the code...
https://www.exploit-db.com/exploits/30850/ applies to these hfs versions: versions prior to HTTP File Server 2.2b
----------------------^ have been patched ^---------------------------
i would have rejeto double check these tow, as it goes over code, unsure if its a script that Author: Felipe M. Aragon has done, but is news to me... Probably have been patched by now...
https://www.exploit-db.com/exploits/31056/ ???DOS attack
portfolis:
Thank you very much for your answer
So, what do you advice me to do with this https://www.exploit-db.com/exploits/31056/ ? Is it fixed or it's better to wait for new version of hfs?
Mars:
EDB-ID: 31056 CVE: 2008-0406 OSVDB-ID: 42509
Verified: Author: Felipe M. Aragon Published: 2008-01-23
Download Exploit: Source Raw Download Vulnerable App: N/A
one has only to look at the date of publication to realize that HFS has evolved into security -> obsolete threat
bmartino1:
--- Quote from: portfolis on July 16, 2015, 09:25:57 PM ---Thank you very much for your answer
So, what do you advice me to do with this https://www.exploit-db.com/exploits/31056/ ? Is it fixed or it's better to wait for new version of hfs?
--- End quote ---
I totally forgot to look at the date on that one... :p
Thank you Mars, so Yeah, so far, the exploits are all patched...(the one reported anyways...)
Navigation
[0] Message Index
[#] Next page
Go to full version