CVE-2026-41933 Vvveb < 1.0.8.3 Directory Listing Information Disclosure

Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset path...

Exploit for Improper Privilege Management in Apache Http_Server

CVE-2026-24072: Apache HTTP Server modrewrite Privilege Escal...

CVE-2018-10574

site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files...

EUVD-2018-2646

Malware in sbrugna...

EUVD-2022-1955

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-14209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar...

Remote code execution

The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the...

GHSA-2C28-7GWV-CPGF Mediawiki tarball is missing .htaccess files

Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible...

Chamilo LMS Remote Code Execution Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. v1.11.x of Chamilo LMS contains a remote code execution vulnerability that can be exploit...

Chamilo LMS 代码注入漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. v1.11.x of Chamilo LMS contains a remote code execution vulnerability that can be exploit...

CVE-2018-19424

CVE-2018-19424 affects ClipperCMS 1.3.3, where the vulnerability allows remote authenticated administrators to upload .htaccess files. The available documents describe the flaw’s existence and impact (unauthorized or unintended server configuration changes via .htaccess uploads) but do not provid...

CVE-2018-13258 Tarball was missing .htaccess files

Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible...

CVE-2018-10574

site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files...

Cross site request forgery (csrf)

Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DSStore and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request...

Bypass of file blacklist on Microsoft Windows Platform - ownCloud

A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud Server versions, when running on a Microsoft Windows Platform, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could...

htaccess_methods

This plugin finds .htaccess misconfigurations in the LIMIT configuration parameter. This plugin is based on a paper written by Frame and madjoker from kernelpanik.org. The paper is called : "htaccess: bilbao method exposed" The idea of the technique and the plugin is to exploit common...

http-method-tamper NSE Script

Attempts to bypass password protected resources HTTP 401 status by performing HTTP verb tampering. If an array of paths to check is not set, it will crawl the web server and perform the check against any password protected resource that it finds. The script determines if the protected URI is...

Debian Security Advisory DSA 135-1 (libapache-mod-ssl)

The remote host is missing an update to libapache-mod-ssl announced via advisory DSA 135-1. OpenVAS Vulnerability Test $Id: deb1351.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 135-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 135-1 (libapache-mod-ssl)

The remote host is missing an update to libapache-mod-ssl announced via advisory DSA 135-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

SQL-Ledger serious security vulnerability and workaround

Hi; This post is to inform everyone that there is a serious security hole that has been discovered in SQL-Ledger involving session handling. The flaw allows anyone with network access to the server to access the application as any logged in user using trivial mechanisms. I have previously brought...