12 matches found
EUVD-2003-0373
Malware in sbrugna...
EUVD-2023-27835
Malicious code in bioql PyPI...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the initializekerberoskeytabfilelogin function. An attacker can execute arbitrary commands by supplying crafted input that is interpolated into a shell command and executed without sanitization. Remediation Upgrade...
CVE-2025-59534
CryptoLib (NASA’s library using CCSDS SDLS-EP) contains a command-injection vulnerability in initialize_kerberos_keytab_file_login() present in versions prior to 1.4.2. The flaw arises from unsanitized, user-controlled input directly interpolated into a shell command and executed via system(), en...
CVE-2025-59534 CryptoLib command Injection vulnerability in initialize_kerberos_keytab_file_login()
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.2, there is a command Injection vulnerability in...
PT-2025-39207
Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.2 Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP for secure communications between spacecraft and ground stations. A command...
SUSE CVE-2006-7108
login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...
CVE-2023-23749
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database...
CVE-2023-23749 Extension - miniorange - LDAP Integration - LDAP Injection (username)
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database...
security flaw
login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...
CVE-2003-0378
The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set...
CVE-2003-0378
The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set...