2 matches found
CVE-2006-1079
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, an...
CVE-2006-1079
CVE-2006-1079 concerns the htpasswd utility used by Acme thttpd (notably 2.25b) where local users can escalate privileges through shell metacharacters passed as command-line arguments to system(). Several sourced entries indicate this vulnerability exists in htpasswd and note the issue may be exp...