69 matches found
CVE-2023-4506
CVE-2023-4506 affects the WordPress plugin Active Directory Integration / LDAP Integration (ldap-login-for-intranet-sites). The vulnerability arises from insufficient validation when changing the LDAP server, allowing authenticated users with administrative privileges to switch the LDAP server an...
CVE-2023-4506 Active Directory Integration / LDAP Integration <= 4.1.10 - LDAP Passback
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access an...
Active Directory Integration / LDAP Integration < 4.2 - Admin LDAP Passback
Description The plugin does not properly validate input when changing the LDAP server. This can result in the ability for authenticated administrators to alter the LDAP server and access the credentials of the original LDAP server...
Directory traversal
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially...
CVE-2023-3447 Active Directory Integration / LDAP Integration <= 4.1.5 - Authenticated (Subscriber+) LDAP Injection
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for attackers, with an existing account on a vulnerable...
WordPress plugin Active Directory Integration/LDAP Integration 注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An injection vulnerability exists in...
WordPress Active Directory Integration / LDAP Integration Plugin <= 4.1.5 is vulnerable to Sensitive Data Exposure
Software Active Directory Integration / LDAP Integration Type Plugin Vulnerable versions = 4.1.5 Fixed in 4.1.6 OWASP Top 10 A1: Injection Classification Sensitive Data Exposure CVE CVE-2023-3447 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID f63ceb460cab Credits Luca...
CVE-2023-0812
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...
Authorization
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...
CVE-2023-0812 Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...
CVE-2023-0812
CVE-2023-0812 affects the WordPress plugin Active Directory Integration / LDAP Integration (pre-4.1.1). The issue is unauthenticated data disclosure due to improper authorization or nonce handling on certain POST requests. A fix exists in version 4.1.1; affected users should upgrade to 4.1.1 or l...
WordPress Active Directory Integration / LDAP Integration Plugin <= 4.1.4 is vulnerable to SQL Injection
Software Active Directory Integration / LDAP Integration Type Plugin Vulnerable versions = 4.1.4 Fixed in 4.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2599 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID adebea5f18df Credits Marco Wotschka...
WordPress plugin Active Directory Integration / LDAP Integration 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. An information disclosure vulnerability exists in the...
WordPress Active Directory Integration / LDAP Integration Plugin < 4.1.1 is vulnerable to Sensitive Data Exposure
Software Active Directory Integration / LDAP Integration Type Plugin Vulnerable versions 4.1.1 Fixed in 4.1.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0812 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 79df970a00a6...
Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure
The plugin does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. In version 4.1.0 a nonce check was added to the request, but it still lacked authorization. The admininit hook calls MoLdapLocalLogin class loginwidgetsaveoptions meth...
Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure
The plugin does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. In version 4.1.0 a nonce check was added to the request, but it still lacked authorization. PoC The admininit hook calls MoLdapLocalLogin class loginwidgetsaveoptions...
Moderate: Red Hat Bug Fix Advisory: Red Hat Ansible Automation Platform 2.3 Product Release Update
An update is now available for Red Hat Ansible Automation Platform 2.3 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...
CVE-2023-23749 Extension - miniorange - LDAP Integration - LDAP Injection (username)
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database...
OpenLDAP 注入漏洞
OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol LDAP from the OpenLDAP Foundation in the United States. A security vulnerability exists in the Joomla plugin LDAP Integration with Active Directory and OpenLDAP that stems from not properly cleaning the POST...
PT-2022-19890 · WordPress · Ldap Wp Login / Active Directory Integration
Name of the Vulnerable Software and Affected Versions: Ldap WP Login / Active Directory Integration WordPress plugin versions prior to 3.0.2 Description: The issue concerns a lack of authorization and CSRF checks when updating settings in the Ldap WP Login / Active Directory Integration WordPress...