ch.exense.commons:exense-auth-ldap (>=1.3.0 <=1.3.1), ch.exense.commons:exense-core-server (>=1.3.0 <=1.3.1) +12 more potentially affected by CVE-2026-40458 +1 more via org.pac4j:pac4j-ldap (>=4.0.0 <=4.4.0)

org.pac4j:pac4j-ldap MAVEN version =4.0.0, =1.3.0, =1.3.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =1.0.0.RELEASE, =1.0.1.RELEASE Source cves: CVE-2026-40458, CVE-2026-40459 Source advisory: SNYK:JAVA-ORGPAC4J-16109662...

EUVD-2015-1043

Malware in sbrugna...

CVE-2015-10027

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The patch is...

CVE-2024-28820

CVE-2024-28820 concerns the Three Rings OpenVPN LDAP plugin (openvpn-auth-ldap) 2.0.4. The flaw is a buffer overflow in extract_openvpn_cr (openvpn-cr.c) when handling the challenge/response password field; an attacker with a valid LDAP username who can control that field can supply input with mo...

CVE-2024-28820

Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...

CVE-2024-28820

Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...

CVE-2024-28820

Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...

CVE-2015-10027

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The patch is...

Information disclosure

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The patch is...

CVE-2015-10027 hydrian TTRSS-Auth-LDAP Username ldap injection

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The patch is...

CVE-2015-10027 hydrian TTRSS-Auth-LDAP Username ldap injection

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The patch is...

CVE-2015-10027

CVE-2015-10027 affects hydrian TTRSS-Auth-LDAP's Username Handler, with LDAP injection in unknown functionality prior to 2.0b1. Upgrading to version 2.0b1 addresses the issue; the patch is identified as a7f7a5a82d9202a5c40d606a5c519ba61b224eb8 (VDB-217622). Multiple connected sources corroborate ...

TTRSS-Auth-LDAP 注入漏洞

TTRSS-Auth-LDAP is a GitHub repository for the authldap plugin for Tiny Tiny RSS from the individual developer Ben Tyger. An injection vulnerability exists in TTRSS-Auth-LDAP. An attacker could exploit this vulnerability to cause LDAP injection...

group-lunches (>=0.0.2 <=0.0.10), lets-chat-ldap (>=0.1.0 <=0.4.0) +5 more potentially affected by CVE-2015-7294 via ldapauth-fork (=2.2.19)

ldapauth-fork NPM version =2.2.19 is affected by a known vulnerability. The following packages have a transitive dependency on ldapauth-fork and may be impacted: - group-lunches =0.0.2, =0.1.0, =0.0.2, =0.1.0, =0.0.0, =0.0.1 Source cves: CVE-2015-7294 Source advisory: OSV:GHSA-82MG-X548-GQ3J...

Debian Security Advisory DSA 952-1 (libapache-auth-ldap)

The remote host is missing an update to libapache-auth-ldap announced via advisory DSA 952-1. Seregorn discovered a format string vulnerability in the logging function of libapache-auth-ldap, an LDAP authentication module for the Apache webserver, that can lead to the execution of arbitrary code...

Debian: Security Advisory (DSA-952-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-952-1 : libapache-auth-ldap - format string

'Seregorn' discovered a format string vulnerability in the logging function of libapache-auth-ldap, an LDAP authentication module for the Apache webserver, that can lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

[SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 952-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 23rd, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 952-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 23rd, 2006 http://www.debian.org/security/faq -...

PT-2006-1039 · Apache · Apache Auth Ldap

Name of the Vulnerable Software and Affected Versions: Apache auth ldap versions 1.6.0 and earlier auth ldap version 1.4.8 Description: The issue concerns multiple format string vulnerabilities in the auth ldap log reason function. This allows remote attackers to execute arbitrary code via variou...