53 matches found
EUVD-2011-1473
Malware in sbrugna...
EUVD-2011-4069
Malware in sbrugna...
EUVD-2024-44220
Malicious code in bioql PyPI...
CVE-2022-31085
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
Linux Distros Unpatched Vulnerability : CVE-2017-11144
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing...
Linux Distros Unpatched Vulnerability : CVE-2015-1855
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - verifycertificateidentity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate...
CVE-2024-4611
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decryptvalue' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the sit...
PT-2024-31911 · WordPress · Apppresser
Name of the Vulnerable Software and Affected Versions: AppPresser plugin for WordPress versions up to, and including, 4.3.2 Description: The issue arises from improper missing encryption exception handling on the decrypt value and doCookieAuth functions. This allows unauthenticated attackers to l...
CVE-2024-3729 Frontend Admin by DynamiApps <= 3.19.4 - Improper Missing Encryption Exception Handling to Form Manipulation
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'feaencrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can ...
SUSE CVE-2011-1468
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service memory consumption via 1 plaintext data to the opensslencrypt function or 2 ciphertext data to the openssldecrypt function...
SUSE CVE-2011-4121
The OpenSSL extension of Ruby Git trunk versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation...
SUSE CVE-2015-1855
verifycertificateidentity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to 1 multiple wildcards, 1 wildcards in IDNA names, 3 case...
SUSE CVE-2017-11144
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in...
LDAP Account Manager Cross-Site Scripting Vulnerability (CNVD-2022-53547)
LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory. cross-site scripting vulnerability exists in LDAP Account Manager LAM versions prior to 8.0, which stems from the fact that if the PHP OpenSSL extension is not installed o...
CVE-2022-31085
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
Design/Logic Flaw
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
CVE-2022-31085 Missing Encryption of Sensitive Data in ldap-account-manager
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
CVE-2022-31085
CVE-2022-31085 affects LDAP Account Manager (LAM). In versions prior to 8.0, session files can contain LDAP usernames and passwords in clear text when the PHP OpenSSL extension is not installed or session encryption is disabled. The issue is fixed in LAM 8.0; if upgrading is not possible, enable ...
PT-2022-3280 · Unknown +1 · Ldap Account Manager +1
Name of the Vulnerable Software and Affected Versions: LDAP Account Manager versions prior to 8.0 Description: The issue is related to the lack of protection for confidential information in the LDAP Account Manager web application. Exploitation of this issue may allow an attacker to obtain LDAP...
Ruby OpenSSL extension encryption issue vulnerability
Ruby is a cross-platform, object-oriented, dynamically-typed programming language from the software developer Yukihiro Matsumoto. openSSL extension is an OpenSSL security extension used in it. A cryptographic issue exists in the OpenSSL extension in Ruby versions 2011-09-01 through 2011-11-03,...