39 matches found
Solaris 10 (x86) : 150546-02 (deprecated)
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: PAM LDAP module. Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris...
Dahan version of JCMS2.4 LDAP module file upload vulnerability
Dahan Edition JCMS is a popular content management system in China. A file upload vulnerability exists in Dahan Editon JCMS 2.4 LDAP module, data recovery function. The file /ldap/update/update.jsp does not have any restriction on the uploaded file types and contents. Allows an attacker to exploi...
httpd: multiple XSS flaws due to unescaped hostnames
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
httpd: multiple XSS flaws due to unescaped hostnames
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
httpd: multiple XSS flaws due to unescaped hostnames
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
httpd: multiple XSS flaws due to unescaped hostnames
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
DEBIAN-CVE-2012-3499
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
THC-HYDRA v6.4 - Fast network logon cracker
THC-HYDRA v6.4 - Fast network logon cracker THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote...
SLES11: Security update for YaST2 LDAP module
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: yast2-ldap-server More details may also be found by searching for the SuSE Enterprise Server 11 patch database located at...
SLES11: Security update for YaST2 LDAP module
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: yast2-ldap-server More details may also be found by searching for the SuSE Enterprise Server 11 patch database linked in the references...
CVE-2009-1648
The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 aka SLE11 does not enable the firewall in certain circumstances involving reboots during online updates, which makes it easier for remote attackers to access network services...
eDirectory < 8.8 SP3 Multiple Vulnerabilities
Binary data 4641.prm...
RHEL 5 : nss_ldap (RHSA-2008:0389)
An updated nssldap package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The nssldap package contains the nssldap and pamldap modules. The nssldap module is a plug-in which allows...
Fedora 7 : dbmail-2.2.9-1.fc7 (2008-3371)
Fix possible authentication bypass in authldap authentication module when dbmail is used with LDAP servers allowing anonymous logins - CVE-2007-6714 443019. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...
CVE-2002-2265
CVE-2002-2265 affects Open Source Internet Solutions OSIS 5.4 on Tru64 UNIX 4.0G/4.0F, specifically the LDAP Module in System Authentication. The description states a vulnerability allowing remote attackers to gain access to arbitrary files or privileges via unknown attack vectors. No explicit ro...
SOL5716 - Authentication bypass in PAM LDAP module - CAN-2005-2641
Vulnerability description: Vulnerability in pamldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. Information about this advisory is available at the following locations: US-CERT Vulnerability Note VU778916 pamldap authenticatio...
Communigate Pro < 5.0.8 LDAP Module BER Decoding DoS
Binary data 3415.prm...
Communigate Pro < 5.0.7 LDAP Module BER Decoding DoS
Binary data 3387.prm...
CVE-2002-2265
Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions OSIS 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors...