43 matches found
curl: lib/ldap.c follows attacker-controlled LDAP referrals and binds to a second server; WinLDAP builds leak current logon credentials (confirmed on Window
Summary: curl's generic LDAP backend lib/ldap.c does not disable automatic LDAP referral chasing, unlike lib/openldap.c, which explicitly sets LDAPOPTREFERRALS to LDAPOPTOFF. As a result, a malicious first-hop LDAP server can return a referral to an attacker-controlled second LDAP server and caus...
EUVD-2017-11813
Malware in sbrugna...
EUVD-2023-59106
Malicious code in bioql PyPI...
EUVD-2022-50341
Malicious code in bioql PyPI...
CVE-2023-6905
A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiate...
Design/Logic Flaw
A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiate...
CVE-2023-6905 Jahastech NxFilter Bind Request ldap injection
A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiate...
CVE-2023-46527
TP-LINK TL-WR886N V7.03.0.14Build221115Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle...
CVE-2022-47581
Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request...
Isode M-Vault 安全漏洞
Isode M-Vault is a high performance secure LDAP/X.500 server from Isode UK. A security vulnerability exists in Isode M-Vault versions R16.0v0 through R17.0v23, which stems from a program that crashes on LDAP v1 bind requests...
CVE-2022-24190
The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The usertoken header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to acce...
GHSA-CFW5-V7CW-69CW Credential leak in org.apache.directory.api:apache-ldap-api
In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contain...
Server side request forgery (ssrf)
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any informati...
CVE-2018-1337
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any informati...
CVE-2018-1337
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any informati...
DEBIAN-CVE-2017-2668
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service...
CVE-2017-2668
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service...
CVE-2017-2668
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service...
CVE-2017-2668
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service...
CVE-2017-2668
CVE-2017-2668 affects 389-ds-base before 1.3.5.17 and 1.3.6.10, where an invalid pointer dereference in LDAP bind handling allows remote unauthenticated attackers to crash ns-slapd, causing denial of service. Affected product is 389 Directory Server; impact is denial of service via crafted LDAP b...