CVE-2014-7226
published 2014-10-10CVE-2014-7226: The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain…
PriorityP359high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.19%
94.7th percentile
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rejetto | http_file_server | <= 2.3c | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r6f8-vrm4-59ch: The file comment feature in Rejetto HTTP File Server (hfs) 2
ghsa_unreviewed·2022-05-17
CVE-2014-7226 [HIGH] CWE-94 GHSA-r6f8-vrm4-59ch: The file comment feature in Rejetto HTTP File Server (hfs) 2
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.
Red Hat
php: multiple vulnerabilities in gdImageCrop()
vendor_redhat·2014-02-06·CVSS 6.8
CVE-2014-2020 [MEDIUM] php: multiple vulnerabilities in gdImageCrop()
php: multiple vulnerabilities in gdImageCrop()
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
Statement: Not vulnerable. This issue did not affect the versions of php or php53 as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of php54-php as shipped with Red Hat Software Collections 1, as they did not include the vulnerable function (it was introduced in PHP 5.5.0).
Package: php (Red Hat Enterprise Linux 4) - Not affected
Package: gd (Red Hat Enterprise Linux 5) - Not affected
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/128532/HTTP-File-Server-2.3a-2.3b-2.3c-Remote-Command-Execution.htmlhttp://www.exploit-db.com/exploits/34852http://www.rejetto.com/forum/hfs-~-http-file-server/new-version-2-3d/http://www.securityfocus.com/bid/70216http://packetstormsecurity.com/files/128532/HTTP-File-Server-2.3a-2.3b-2.3c-Remote-Command-Execution.htmlhttp://www.exploit-db.com/exploits/34852http://www.rejetto.com/forum/hfs-~-http-file-server/new-version-2-3d/http://www.securityfocus.com/bid/70216
2014-10-10
Published