571 matches found
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache ActiveMQ vulnerabilities (USN-6910-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6910-1 advisory. Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly...
CVE-2024-39848
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web Service...
CVE-2024-39848
CVE-2024-39848 affects Internet2 Grouper prior to 5.6 and Grouper for Web Services prior to 4.13.1. The issue is an authentication bypass when LDAP authentication is used in certain ways, linked to WsGrouperLdapAuthentication and the use of a hard-coded UyY29r password for the M3vwHr account. Imp...
PT-2024-28699 · Internet2 · Grouper For Web Services +1
Name of the Vulnerable Software and Affected Versions: Internet2 Grouper versions prior to 5.6 Grouper for Web Services versions prior to 4.13.1 Description: The issue allows authentication bypass when LDAP authentication is used in certain ways. This is related to the...
security/openvpn-auth-ldap -- Fix buffer overflow in challenge/response
Graham Northup reports: A buffer overflow in extractopenvpncr allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow...
CVE-2024-25976
When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...
CVE-2024-25976
The CVE-2024-25976 entry refers to HAWKI (HAWK Digital Environments)—a university teaching interface. When LDAP authentication is enabled, the application reflects the value of $_SERVER['PHP_SELF'] in login.php, enabling reflected XSS that allows arbitrary JavaScript execution in the victim’s bro...
CVE-2024-25976 Reflected Cross-Site-Scripting (XSS)
When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...
CVE-2024-25976 Reflected Cross-Site-Scripting (XSS)
When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...
CVE-2024-25976 Reflected Cross-Site-Scripting (XSS)
When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...
HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: HAWKI Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany vulnerable version: 1.0.0-beta.1,...
CVE-2024-5227
TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability...
CVE-2024-5227 TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability
TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability...
CVE-2024-5227 TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability
TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability...
(Pwn2Own) TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication. The...
Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.
Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...
CVE-2024-29865
Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form...
CVE-2024-29865
Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form...
BIT-PARSE-2020-26288 Parse Server stores password in plain text
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...
K000138814: OpenLDAP vulnerability CVE-2023-2953
Security Advisory Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function. CVE-2023-2953. Impact This vulnerability may result in low system memory leading to failure in LDAP authentication. Security Advisory Status F5 Produ...