168 matches found
Malicious Package
secureidentityloginmodule is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...
Malicious Package
Overview All versions of secureidentityloginmodule contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and ke...
Information Disclosure
An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...
GHSA-CHJ8-5XGW-WCVJ Moderate severity vulnerability that affects org.apache.karaf:apache-karaf
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service...
OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)
It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...
OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)
It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...
uhrwerk.org XSS vulnerability
Open Bug Bounty ID: OBB-605398 Description| Value ---|--- Affected Website:| uhrwerk.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)
It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...
Apache Karaf LDAP Injection Vulnerability
Apache Karaf is open source OSGi based runtime environment. Apache Karaf version before 4.0.8 through the LDAPLoginModule to authenticate the user directory access through LDAP , there is a security vulnerability in the implementation , successful exploitation can lead to LDAP injection attacks ,...
OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)
It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...
OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)
It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...
OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)
It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...
OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)
It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...
OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)
It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...
OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)
It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...
OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)
It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...
OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)
It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...
OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)
It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...
OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)
It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...
OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)
It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...