Lucene search

K

LDAP Account Manager (LAM) Security Vulnerabilities

cve
cve

CVE-2022-31087

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attacker capable of...

7.8CVSS

7.9AI Score

0.001EPSS

2022-06-27 09:15 PM
43
7
cve
cve

CVE-2022-31086

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if.....

8.8CVSS

8.8AI Score

0.007EPSS

2022-06-27 09:15 PM
53
7
cve
cve

CVE-2022-31088

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been...

5.3CVSS

5.3AI Score

0.001EPSS

2022-06-27 09:15 PM
50
6
cve
cve

CVE-2022-31085

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled....

6.1CVSS

6.3AI Score

0.001EPSS

2022-06-27 09:15 PM
39
7
cve
cve

CVE-2022-31084

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to.....

8.1CVSS

8.2AI Score

0.006EPSS

2022-06-27 09:15 PM
47
5
cve
cve

CVE-2022-24851

LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...

8.1CVSS

4.8AI Score

0.001EPSS

2022-04-15 07:15 PM
58
4
cve
cve

CVE-2012-1115

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to...

6.1CVSS

5.7AI Score

0.008EPSS

2019-12-05 09:15 PM
38
cve
cve

CVE-2012-1114

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to...

6.1CVSS

5.7AI Score

0.009EPSS

2019-12-05 09:15 PM
29
cve
cve

CVE-2013-4453

Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language...

5.8AI Score

0.003EPSS

2013-11-05 08:55 PM
20
cve
cve

CVE-2006-7191

Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm...

6.2AI Score

0.0004EPSS

2007-04-03 12:19 AM
35
cve
cve

CVE-2007-1840

lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting...

5.8AI Score

0.004EPSS

2007-04-03 12:19 AM
40