CyberSec.Space Logo
Back to CVE Browser

CVE-2008-0405

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0680%
EPSS Percentile24.66th
PublishedJan 29, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.

Affected Platforms (CPE)

πŸ“¦
Hfs

Http File Server

<= 2.2b

References & Advisories

πŸ”— http://secunia.com/advisories/28631
πŸ”— http://securityreason.com/securityalert/3581
πŸ”— http://www.rejetto.com/hfs/?f=wn
πŸ”— http://www.securityfocus.com/archive/1/486873/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/27423
πŸ”— http://www.syhunt.com/advisories/hfs-1-log.txt
πŸ”— http://www.syhunt.com/advisories/hfshack.txt
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/39873

Related Vulnerabilities

CVE-2012-450510.0

Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an...

CVE-2020-2628210.0

BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR f...

CVE-2019-106479.8

ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.ph...

CVE-2019-112319.8

An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of...