7 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-23333
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log...
CVE-2024-23333
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
UBUNTU-CVE-2024-52792
LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...
CVE-2024-23333
creationtimestamp| type| source ---|---|--- 2024-03-18 22:26:42+00:00| seen| https://t.me/ctinow/210999 2024-03-18 22:26:45+00:00| seen| https://t.me/ctinow/211002 2024-12-17 21:50:59+00:00| seen| https://infosec.exchange/users/cve/statuses/113670373972746279 2024-12-18 00:18:39+00:00| seen|...
CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
CVE-2024-23333
LAM (LDAP Account Manager) contains a vulnerability where log configuration allows arbitrary log-file paths. In versions before 8.7, an attacker could cause PHP code to be written to a log file and later executed when accessed via web. Mitigation requires knowledge of LAM’s master configuration p...
CVE-2024-23333
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...