10 matches found
EUVD-2026-24674
The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...
PT-2023-22996 · Unknown +1 · Baremetal Operator +2
Name of the Vulnerable Software and Affected Versions: Baremetal Operator versions prior to 0.3.0 Description: The issue arises from the storage of .htpasswd files as ConfigMaps instead of Secrets by ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh. This...
CVE-2023-23596
jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...
Command injection
jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...
CVE-2023-23596
jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...
thttpd code issue vulnerability
thttpd is a lightweight open source web server from ACME Labs. A code issue vulnerability exists in thttpd, which can be exploited by an attacker to cause a denial of service with the help of a specially crafted .htpasswd file...
CVE-2017-12574
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; th...
Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure
Exploit Title: clear voyager hotspot IMW-C910W - file disclosure - Date: 2016/jul/15 - Exploit Author: Damaster - Vendor Homepage: https://www.sprint.com/ - Software Link: https://web.archive.org/web/20150526042938/http://www.clearwire.com/downloads/IMW-C910WV2234R4383A.bin - Version: R4383 - -...
CVE-2002-0917
CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users...
CVE-2001-0839
CVE-2001-0839 affects the iBill web app’s ibillpm.pl CGI password management. The vulnerability arises from a weak password generation mechanism that creates passwords based on a client’s MASTER_ACCOUNT, enabling brute-force guessing to modify entries in the .htpasswd file via remote access. The ...