59 matches found
HTTP proxy double free
If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of protocol through. An HTTP proxy might refuse this request HTTP proxies often only allow outgoing...
The vulnerability in the implementation of the LDAP Lightweight Directory Access Protocol on the Windows operating system allows a perpetrator to execute arbitrary code.
The vulnerability of the LDAP Lightweight Directory Access Protocol implementation in the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Cisco multiple product licensing issues vulnerabilities
Cisco Email Security Appliance ESA and Cisco Secure Email are both products of Cisco USA. cisco Email Security Appliance is an email security appliance. cisco Secure Email is a Cisco Secure Email formerly Email Security provides the best protection for your email from cyber threats.An authorizati...
PT-2022-2587
Name of the Vulnerable Software and Affected Versions curl versions 7.33.0 through 7.82.0 Description An improper authentication issue exists, potentially allowing the reuse of OAUTH2-authenticated connections without ensuring the connection was authenticated with the same credentials as set for...
RLSA-2021:4511 Moderate: curl security and bug fix update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 curl: TELNET stack contents disclosure...
SharpSpray - Active Directory Password Spraying Tool. Auto Fetches User List And Avoids Potential Lockouts
SharpSpray is a Windows domain password spraying tool written in .NET C. Introduction SharpSpray is a C port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and...
ownCloud: Protocol Smuggling over LDAP password field
Privileges required: Admin Hi, "userldap" plugin can be leveraged to interact with internal services over various protocols. LDAP password field can be exploited with newline chars \r\n in order to communicate with protocols like SMTP, Redis and, generally speaking, with all services those speak...
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
...
Moderate: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
AZL-6369 CVE-2019-19906 affecting package cyrus-sasl for versions less than 2.1.27-10
cyrus-sasl aka Cyrus SASL 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in sasladdstring in common.c in cyrus-sasl...
Command injection
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection...
Low: Red Hat Security Advisory: curl security and bug fix update
An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
The vulnerability of the LDAP protocol implementation in Cisco Adaptive Security Appliances and Cisco Firepower Threat Defense allows attackers to induce service failure.
The vulnerability of the LDAP protocol implementation in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD is related to improper input validation. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted LDAP...
Man-In-The-Middle (MitM)
samba is vulnerable to man-in-the-middle vulnerability. This allows a remote attacker to modify the data sent between a Samba server and a client that causes a LDAP protocol-downgrade...
New Imperva Java SDK: Greasing The Wheels for Active Directory Coding Projects
words and research by Gabriel Beyo. According to StackOverflow’s 2018 Developer Survey, Java remains one of the world’s most popular coding languages, universally liked for its versatility and ease of adoption. Even so, working under the pressures developers often do, a bit of help always goes a...
New Imperva Java SDK: Greasing The Wheels for Active Directory Coding Projects
According to StackOverflow’s 2018 Developer Survey, Java remains one of the world’s most popular coding languages, universally liked for its versatility and ease of adoption. Even so, working under the pressures developers often do, a bit of help always goes a long way. To that end, we’ve put...
Red Hat 389-ds-base Denial of Service Vulnerability (CNVD-2018-09316)
Red Hat 389-ds-base is an American Red Hat package that includes a Linux directory server and a server administration command-line program. A security vulnerability exists in Red Hat 389-ds-base versions prior to 1.4.0.9, prior to 1.3.8.1, and prior to 1.3.6.15. A remote attacker could cause a...
Samba Patches Two Critical Vulnerabilities in Server Software
Two critical patches for the free networking software Samba were released Tuesday, addressing vulnerabilities that could allow an unprivileged remote attacker to launch a denial of service attack against servers running the software or allow an adversary to change user passwords, including the...
Authentication flaw
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 including Ellipse Select. A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by...
CVE-2017-16731
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 including Ellipse Select. A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by...