bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

Huntflow Enterprise 注入漏洞

Huntflow Enterprise is an efficient recruitment software from the Russian company Huntflow. Huntflow Enterprise suffers from an injection vulnerability that stems from an LDAP injection vulnerability in /account/login in Huntflow Enterprise prior to version 3.10.6 that could allow an...

OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)

It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...

OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)

It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...