Published: 09/03/2006 Updated: 28/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.

Vulnerable Product	Search on Vulmon	Subscribe to Product
acme labs thttpd 2.25b

m-privacy TightGate-Pro suffers from code execution, insecure permissions, deletion mitigation, and outdated server vulnerabilities ...

CWE-264 http://www.osvdb.org/23828 http://www.securityfocus.com/bid/16972 http://marc.info/?l=thttpd&m=114153031201867&w=2 http://marc.info/?l=thttpd&m=114154083000296&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/25217 http://www.securityfocus.com/archive/1/426823/100/0/threaded http://seclists.org/fulldisclosure/2023/Nov/13 http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html https://nvd.nist.gov https://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-1079

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect