GHSA-5835-4GVC-32PC Maddy Mail Server has an LDAP Filter Injection via Unsanitized Username

Summary The auth.ldap module constructs LDAP search filters and DN strings by directly interpolating user-supplied usernames via strings.ReplaceAll without any LDAP filter escaping. An attacker who can reach the SMTP submission AUTH PLAIN or IMAP LOGIN interface can inject arbitrary LDAP filter...

MiracleLinux 7 : libldb-1.1.20-1.el7.2 (AXSA:2016-011:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-011:01 advisory. An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases. Security issues fixed with this...

CVE-2001-1582

Buffer overflow in the LDAP naming services library libsldap in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAPOPTIONS environment variable to a privileged program that uses libsldap...

EUVD-2019-12647

Malware in sbrugna...

EUVD-2018-14418

Malware in sbrugna...

EUVD-2011-3471

Malware in sbrugna...

EUVD-2001-1559

Malware in sbrugna...

EUVD-2017-8873

Malware in sbrugna...

Metasploit Wrap-Up 07/11/2025

Active Directory LDAP Library This week Metasploit added a library for working with Active Directory Domain Controllers over LDAP. The library consolidates common functionality and implements a caching mechanism to support common operations such as looking up objects by their DN, sAMAccountName, ...

CVE-2019-3008

Vulnerability in the Oracle Solaris product of Oracle Systems component: LDAP Library. The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...

CVE-2017-17716

GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verifycertificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlabomniauth-ldap gem...

Domained - Multi Tool Subdomain Enumeration

A domain name enumeration tool The tools contained in domained requires Kali Linux preferred or Debian 7+ and Recon-ng domained uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting with categorized screenshots,...

Oracle Solaris Critical Patch Update : oct2019_SRU11_4_13_4_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: SMF services & legacy daemons. The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged...

Unspecified Vulnerability in Oracle Solaris (CNVD-2019-38537)

Oracle Solaris is a Unix-like operating system. An unspecified vulnerability exists in the LDAP Library component of Oracle Solaris 11. An attacker can exploit this vulnerability to cause a partial denial of service in Oracle Solaris...

CVE-2019-3008

Vulnerability in the Oracle Solaris product of Oracle Systems component: LDAP Library. The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...

Design/Logic Flaw

Vulnerability in the Oracle Solaris product of Oracle Systems component: LDAP Library. The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...

CVE-2019-3008

Vulnerability in the Oracle Solaris product of Oracle Systems component: LDAP Library. The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...

CVE-2019-3008

Vulnerability in the Oracle Solaris product of Oracle Systems component: LDAP Library. The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...

SSRF Protocol Smuggling in Plaintext Credential Handlers : LDAP

SSRF protocol smuggling involves an attacker injecting one TCP protocol into a dissimilar TCP protocol. A classic example is using gopher i.e. the first protocol to smuggle SMTP i.e. the second protocol: 1 |...

Oracle Solaris Critical Patch Update : apr2018_SRU11_3_27_4_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: LDAP Library. Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low...