Lucene search
K

59 matches found

curl security advisories
curl security advisories
added 2022/10/26 8:0 a.m.7 views

HTTP proxy double free

If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of protocol through. An HTTP proxy might refuse this request HTTP proxies often only allow outgoing...

8.1CVSS7.2AI score0.02927EPSS
Exploits0References1Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/06/23 12:0 a.m.7 views

The vulnerability in the implementation of the LDAP Lightweight Directory Access Protocol on the Windows operating system allows a perpetrator to execute arbitrary code.

The vulnerability of the LDAP Lightweight Directory Access Protocol implementation in the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.6CVSS7.9AI score0.01776EPSS
Exploits0References4
CNVD
CNVD
added 2022/06/17 12:0 a.m.29 views

Cisco multiple product licensing issues vulnerabilities

Cisco Email Security Appliance ESA and Cisco Secure Email are both products of Cisco USA. cisco Email Security Appliance is an email security appliance. cisco Secure Email is a Cisco Secure Email formerly Email Security provides the best protection for your email from cyber threats.An authorizati...

9.8CVSS1.7AI score0.01427EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/03/18 12:0 a.m.5 views

PT-2022-2587

Name of the Vulnerable Software and Affected Versions curl versions 7.33.0 through 7.82.0 Description An improper authentication issue exists, potentially allowing the reuse of OAUTH2-authenticated connections without ensuring the connection was authenticated with the same credentials as set for...

8.1CVSS5.4AI score0.01914EPSS
Exploits1References337
OSV
OSV
added 2021/11/09 9:38 a.m.33 views

RLSA-2021:4511 Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 curl: TELNET stack contents disclosure...

3.7CVSS6.1AI score0.05301EPSS
Exploits3References5
Kitploit
Kitploit
added 2021/09/28 11:30 a.m.26 views

SharpSpray - Active Directory Password Spraying Tool. Auto Fetches User List And Avoids Potential Lockouts

SharpSpray is a Windows domain password spraying tool written in .NET C. Introduction SharpSpray is a C port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and...

7.8AI score
Exploits0References2
Hacker One
Hacker One
added 2020/12/08 5:59 p.m.29 views

ownCloud: Protocol Smuggling over LDAP password field

Privileges required: Admin Hi, "userldap" plugin can be leveraged to interact with internal services over various protocols. LDAP password field can be exploited with newline chars \r\n in order to communicate with protocols like SMTP, Redis and, generally speaking, with all services those speak...

1.6AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.3 views

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

...

7.5CVSS7.7AI score0.08036EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2020/04/28 3:45 p.m.86 views

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

9.8CVSS6.7AI score0.49739EPSS
Exploits1References5
OSV
OSV
added 2019/12/19 6:15 p.m.8 views

AZL-6369 CVE-2019-19906 affecting package cyrus-sasl for versions less than 2.1.27-10

cyrus-sasl aka Cyrus SASL 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in sasladdstring in common.c in cyrus-sasl...

7.5CVSS7.2AI score0.08036EPSS
Exploits1References1
Prion
Prion
added 2019/10/02 7:15 p.m.22 views

Command injection

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection...

7.5CVSS9.7AI score0.0222EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2019/07/29 3:47 p.m.268 views

Low: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

10CVSS6.8AI score0.11115EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.6 views

The vulnerability of the LDAP protocol implementation in Cisco Adaptive Security Appliances and Cisco Firepower Threat Defense allows attackers to induce service failure.

The vulnerability of the LDAP protocol implementation in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD is related to improper input validation. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted LDAP...

6.8CVSS6.8AI score0.02028EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2019/05/02 5:28 a.m.31 views

Man-In-The-Middle (MitM)

samba is vulnerable to man-in-the-middle vulnerability. This allows a remote attacker to modify the data sent between a Samba server and a client that causes a LDAP protocol-downgrade...

5.9CVSS6.3AI score0.09345EPSS
Exploits0References42Affected Software11
Imperva Blog
Imperva Blog
added 2018/10/25 4:1 p.m.15 views

New Imperva Java SDK: Greasing The Wheels for Active Directory Coding Projects

words and research by Gabriel Beyo. According to StackOverflow’s 2018 Developer Survey, Java remains one of the world’s most popular coding languages, universally liked for its versatility and ease of adoption. Even so, working under the pressures developers often do, a bit of help always goes a...

7.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/10/24 9:4 p.m.91 views

New Imperva Java SDK: Greasing The Wheels for Active Directory Coding Projects

According to StackOverflow’s 2018 Developer Survey, Java remains one of the world’s most popular coding languages, universally liked for its versatility and ease of adoption. Even so, working under the pressures developers often do, a bit of help always goes a long way. To that end, we’ve put...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/05/11 12:0 a.m.2 views

Red Hat 389-ds-base Denial of Service Vulnerability (CNVD-2018-09316)

Red Hat 389-ds-base is an American Red Hat package that includes a Linux directory server and a server administration command-line program. A security vulnerability exists in Red Hat 389-ds-base versions prior to 1.4.0.9, prior to 1.3.8.1, and prior to 1.3.6.15. A remote attacker could cause a...

7.5CVSS6.8AI score0.04294EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2018/03/13 12:56 p.m.44 views

Samba Patches Two Critical Vulnerabilities in Server Software

Two critical patches for the free networking software Samba were released Tuesday, addressing vulnerabilities that could allow an unprivileged remote attacker to launch a denial of service attack against servers running the software or allow an adversary to change user passwords, including the...

6.5CVSS1AI score0.10308EPSS
Exploits1References7
Prion
Prion
added 2017/12/20 7:29 p.m.15 views

Authentication flaw

An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 including Ellipse Select. A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by...

2.9CVSS8.5AI score0.0072EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/12/20 7:0 p.m.20 views

CVE-2017-16731

An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 including Ellipse Select. A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by...

8.5AI score0.0072EPSS
Exploits0References1
Rows per page
Query Builder