CVE-2026-45284 Nextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

SUSE CVE-2008-5091

Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service application crash via vectors involving an "invalid extensibleMatch filter."...

log4j-poc-application

./setup.sh 2. docker compose up -d 3. Terminal2 cd...

EUVD-2015-8039

Malware in sbrugna...

EUVD-2009-1094

Malware in sbrugna...

EUVD-2008-5070

Malware in sbrugna...

EUVD-2008-5657

Malware in sbrugna...

EUVD-2015-8038

Malware in sbrugna...

EUVD-2020-25376

Malware in sbrugna...

CVE-2025-6081

CVE-2025-6081 affects Konica Minolta bizhub 227 MFPs (firmware GCQ-Y3 or earlier). The issue enables a pass-back attack by reconfiguring the device to use an external LDAP server controlled by an attacker, which can lead to capturing plaintext LDAP credentials when the device authenticates to tha...

CVE-2025-6081 Pass-back attack in Konica Minolta bizhub 227 multifunctional printers

Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker...

CVE-2020-4129

HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later...

Do Not Install the LDAP Service

Lightweight Directory Access Protocol LDAP is a protocol that provides access control and is used to maintain distributed directory information. The LDAP service increases system resource usage and expands the attack surface. If the LDAP service is not required, do not install the LDAP service. T...

Linux Distros Unpatched Vulnerability : CVE-2017-2591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniquenessentrytoconfig function in the attribute uniqueness plugin...

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as "critical." The remaining vulnerabilities listed are classified as "important." Microsoft assessed that exploitation of the four "critical" vulnerabilities is "less likely." CVE-2024-49112 ...

CVE-2024-49121 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

...

Security Bulletin: Vulnerabilities in jackson-databind affect IBM watsonx.data

Summary FasterXML jackson-databind has multiple vulnerabilities including the possibility of remote attackers executing arbitrary code on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute...

Xerox Workcentre 5735 LDAP Service Redential Extractor

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xerox Workcentre 5735 LDAP Service Redential Extractor', 'Description' = %q This module extract the printer's LDAP username and password from Xer...

SUSE CVE-2018-12023

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to ma...

SUSE CVE-2018-12022

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...