CVE-2014-6287CISA KEV: Actively Exploited

Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability

Published Mar 25, 2022·Updated Mar 25, 2022

Description

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.

Public Exploits & PoCs13 found

PoC: rejetto_hfs_rce

CVE-2014-6287 Rejetto HFS 2.3

1

PoC: thm_steelmountain_CVE-2014-6287

a python3 version of the exploit written for CVE-2014-6287. Useful for completing the "Steel Mountain" room on TryHackMe.com without the use of metasploit.

1

PoC: Optimum

Writeup of the Optimum machine from Hack The Box. This walkthrough covers the exploitation of Rejetto HttpFileServer 2.3 (CVE-2014-6287) to gain initial access, followed by privilege escalation on a Windows host using enumeration techniques and post-exploitation tools.

PoC: rejjeto_hfs-rce-exploit-cve-2014-6287

Remote Command Execution exploit for Rejetto HTTP File Server 2.3.x (CVE-2014-6287) rewritten in Python 3 for modern offensive security testing.

PoC: CVE-2014-6287

A Rust implementation of the CVE-2014-6287 exploit targeting Rejetto HTTP File Server (HFS) versions 2.3x before 2.3c.

PoC: rejetto-http-file-server-2.3.x-RCE-exploit-CVE-2014-6287

This repository contains Detailed explanation and working poc for Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution.

PoC: CVE-2014-6287

Rejetto HttpFileServer 2.3.x - Remote Command Execution (RevShell)

PoC: CVE-2014-6287

Rejetto http File Server 2.3.x (Reverse shell)

PoC: CVE-2014-6287

Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c

PoC: CVE-2014-6287

Rejetto http File Server 2.3.x (Reverse shell)

PoC: Rejetto-HTTP-File-Server-HFS-2.3.x---Remote-Command-Execution

CVE-2014-6287

PoC: THM-Steel_Mountain-CVE-2014-6287

A write up on the Steel Mountain box from TryHackMe.com and exploit for CVE-2014-6287

PoC: cve-2014-6287.py

HttpFileServer httpd 2.3

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free