CVE-2025-7679 Session ID Basic Auth Bypass

The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT...

CVE-2025-7679 Session ID Basic Auth Bypass

The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT...

CVE-2025-32859

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to...

(Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the PATHTRANSLATED parameter provided to the...

Prometheus Exporter Toolkit vulnerable to basic authentication bypass

...

Intersil (Boa) HTTPd Basic Authentication Password Reset

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Intersil Boa HTTPd Basic Authentication Password Reset', 'Description' = %q The Intersil extension in the Boa HTTP Server 0.93.x - 0.94.11 allows...

CVE-2022-45956

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...

PT-2022-24818 · Oracle +1 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: Bifrost versions 1.8.6-release and prior Description: Bifrost is a middleware package that synchronizes MySQL/MariaDB binlog data to other types of databases. The issue allows group members with only read permissions to write requests when th...

CVE-2021-21335

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...

CVE-2019-13337

In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter accesstoken this is the parameter used by the API. No valid token is required since it is not validated by the backend. The website can then be browsed as if no basic authentication is...

httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...

ALPINE-CVE-2017-3167

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed...