Lucene search
K

80 matches found

Cvelist
Cvelist
added 2011/10/14 10:0 a.m.28 views

CVE-2011-3226

Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account...

8.3AI score0.01991EPSS
Exploits0References4
CVE
CVE
added 2011/10/14 10:0 a.m.58 views

CVE-2011-3436

CVE-2011-3436 affects Open Directory on OS X Lion (10.7 and 10.7.1). A password-change access-control flaw allows an unauthenticated bypass where a user can change another account’s password without providing the current one, exploitable via an unattended workstation. The issue is documented in A...

6.5CVSS7.9AI score0.01721EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2011/10/14 10:0 a.m.28 views

CVE-2011-3435

Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors...

7.7AI score0.0079EPSS
Exploits1References5
CVE
CVE
added 2011/10/14 10:0 a.m.63 views

CVE-2011-3226

CVE-2011-3226 affects Mac OS X 10.7 prior to 10.7.2 when bound to an LDAPv3 server using RFC 2307 or custom mappings. A missing AuthenticationAuthority attribute can allow an LDAP user to log in without a password, bypassing credential checks. Impact: potential unauthorized access. Remediation: a...

6.8CVSS8.1AI score0.01991EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2010/06/17 4:30 p.m.27 views

CVE-2010-1377

Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors...

9.3CVSS6.7AI score0.02684EPSS
Exploits0References6
Cvelist
Cvelist
added 2010/06/17 4:0 p.m.26 views

CVE-2010-1377

Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors...

7AI score0.02684EPSS
Exploits0References6
CVE
CVE
added 2010/06/17 4:0 p.m.66 views

CVE-2010-1377

CVE-2010-1377 affects Apple Mac OS X 10.6 before 10.6.4. Open Directory may create an unencrypted connection during certain SSL failures, enabling MITM spoofing of network account servers and possibly arbitrary code execution via unspecified vectors. Root cause is an unencrypted fallback during S...

9.3CVSS6.8AI score0.02684EPSS
Exploits0References6Affected Software2
Tenable Nessus
Tenable Nessus
added 2010/06/15 12:0 a.m.41 views

Mac OS X 10.6.x < 10.6.4 Multiple Vulnerabilities

The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.4. Mac OS X 10.6.4 contains security fixes for the following components : - CUPS - DesktopServices - Flash Player plug-in - Folder Manager - Help Viewer - iChat - ImageIO - Kerberos - Kernel - libcurl - Network...

10CVSS6.4AI score0.15635EPSS
Exploits5References30
OpenVAS
OpenVAS
added 2010/05/12 12:0 a.m.286 views

Mac OS X 10.5.2 Update / Mac OS X Security Update 2008-001

The remote host is missing Mac OS X 10.5.2 Update / Security Update 2008-001. One or more of the following components are affected: Directory Services Foundation Launch Services Mail NFS Open Directory Parental Controls Samba Terminal X11 OpenVAS Vulnerability Test Mac OS X 10.5.2 Update / Securi...

10CVSS0.27482EPSS
Exploits3
OpenVAS
OpenVAS
added 2010/05/12 12:0 a.m.48 views

Mac OS X 10.5.2 Update / Mac OS X Security Update 2008-001

The remote host is missing Mac OS X 10.5.2 Update / Security Update 2008-001. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

10CVSS7.8AI score0.27482EPSS
Exploits3References1
NVD
NVD
added 2010/03/30 6:30 p.m.24 views

CVE-2010-0521

Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests...

5CVSS5.8AI score0.01781EPSS
Exploits0References2
Prion
Prion
added 2010/03/30 6:30 p.m.18 views

Design/Logic Flaw

Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests...

5CVSS6.3AI score0.01781EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2010/03/30 6:0 p.m.30 views

CVE-2010-0521

Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests...

8.5AI score0.01781EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2009/04/22 7:21 p.m.11 views

RSA Panel Review – Macs in the Enterprise

Managing IT for a software company has its challenges. For me, the lines between efficiency, security and innovation are difficult to draw at a company like nCircle where engineers require some freedom to perform their best. The panelists at the RSA session “Responding to the ignored threat – Mac...

7.1AI score
Exploits0
Prion
Prion
added 2007/10/30 11:46 p.m.15 views

Unrestricted file upload

Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details...

7.5CVSS8AI score0.02385EPSS
Exploits1References4
CVE
CVE
added 2007/10/30 11:0 p.m.36 views

CVE-2007-5733

The CVE-2007-5733 entry describes an unrestricted file upload in Japanese PHP Gallery Hosting (upload/upload.php) when Open directory mode is enabled. The vulnerability allows remote attackers to upload and execute arbitrary PHP code by crafting a ServerPath parameter with a filename using a doub...

7.5CVSS7.6AI score0.02385EPSS
Exploits1References4Affected Software1
Check Point Advisories
Check Point Advisories
added 2006/07/19 12:0 a.m.7 views

Preemptive Protection agains Apple Open Directory Denial of Service Vulnerability

The OpenLDAP software allows LDAP-aware programs on a network to get information from a server. Apple uses OpenLDAP as a part of their Open Directory product. An error in the implementation of OpenLDAP may allow a remote attacker with the ability to send a malformed LDAP request to cause Open...

5CVSS6AI score0.08042EPSS
Exploits1
securityvulns
securityvulns
added 2006/06/30 12:0 a.m.34 views

[Full-disclosure] [MU-200606-02] Apple Open Directory Pre-Authentication Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apple Open Directory Pre-Authentication Denial of Service MU-200606-02 June 27, 2006 http://labs.musecurity.com/advisories.html Affected Product/Versions: OSX 10.4.4 through 10.4.6 Product Overview:...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2006/06/27 12:0 a.m.28 views

Apple Mac OSX 10.4.x - OpenLDAP Denial of Service

source: https://www.securityfocus.com/bid/18728/info Mac OS X Open Directory Server is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions. An attacker can exploit this issue to cause a crash in the LDAP server, effectively denying service to legitimate...

7AI score
Exploits0
NVD
NVD
added 2005/12/01 2:7 a.m.21 views

CVE-2005-3701

Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors...

7.2CVSS6.5AI score0.00363EPSS
Exploits0References7
Rows per page
Query Builder