EUVD-2021-1565

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-33900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI...

CVE-2021-33900

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...

GHSA-P9QJ-4RJP-J3W9 Apache Directory Studio Command Injection

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet...

Apache Directory Studio Command Injection

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet...

Confidentiality Protection Bypass

Apache Directory Studio is vulnerable to confidentiality protection bypass. The vulnerability exists because it does not apply SASL confidentiality layer when SASL authentication mechanism is used...

Missing encryption in Apache Directory Studio

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...

CVE-2021-33900

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...

Authentication flaw

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...

CVE-2021-33900

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...

CVE-2021-33900 StartTLS and SASL confidentiality protection bypass

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...

CVE-2021-33900

CVE-2021-33900 affects Apache Directory Studio up to version 2.0.0.v20210213-M16 and earlier. The issue is that StartTLS encryption was not applied for SASL authentication methods (DIGEST-MD5, GSSAPI) and that any configured SASL confidentiality layer was not applied. The stem cause is the encryp...

PT-2021-3958 · Apache · Apache Directory Studio

Name of the Vulnerable Software and Affected Versions: Apache Directory Studio versions prior to 2.0.0.v20210213-M16 Description: The issue is related to the absence of protection for service data. An attacker could exploit this to disclose protected information. The problem arises when configure...

Design/Logic Flaw

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet...

CVE-2015-5349

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet...

CVE-2015-5349

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet...

Apache Directory Studio Command Injection Vulnerability

Apache Directory Studio is a suite of LDAP tool platforms for connecting to, managing and developing any LDAP server. Apache Directory Studio fails to adequately filter user-submitted input, allowing remote attackers to exploit the vulnerability by submitting special requests to execute arbitrary...