PHP phpLDAPadmin Remote Code Execution (CVE-2011-4075)

A remote code execution vulnerability has been reported in phpLDAPadmin web server...

Fedora Update for phpldapadmin FEDORA-2011-14924

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 15 : phpldapadmin-1.2.1.1-2.20111006git.fc15 (2011-14993)

Update to the latest upstream development code to fix CVE-2011-4074 and CVE-2011-4075 XSS and code injection vulnerabilities in versions = 1.2.1.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Fedora 14 : phpldapadmin-1.2.1.1-2.20111006git.fc14 (2011-14986)

Update to the latest upstream development code to fix CVE-2011-4074 and CVE-2011-4075 XSS and code injection vulnerabilities in versions = 1.2.1.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Fedora 16 : phpldapadmin-1.2.1.1-2.20111006git.fc16 (2011-14924)

Update to the latest upstream development code to fix CVE-2011-4074 and CVE-2011-4075 XSS and code injection vulnerabilities in versions = 1.2.1.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Fedora Update for phpldapadmin FEDORA-2011-14993

Check for the Version of phpldapadmin OpenVAS Vulnerability Test Fedora Update for phpldapadmin FEDORA-2011-14993 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Fedora Update for phpldapadmin FEDORA-2011-14986

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for phpldapadmin MDVSA-2011:163 (phpldapadmin)

Check for the Version of phpldapadmin OpenVAS Vulnerability Test Mandriva Update for phpldapadmin MDVSA-2011:163 phpldapadmin Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

phpLDAPadmin orderby Parameter Arbitrary PHP Code Execution

The version of phpLDAPadmin installed on the remote host does not sanitize input to the 'orderby' parameter of the 'cmd.php' script when 'cmd' is set to 'queryengine' before using it in a call to 'createfunction'. An unauthenticated, remote attacker can leverage this issue to execute arbitrary PH...

CVE-2011-4075

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter aka sortby variable in a queryengine action to cmd.php, as exploited in the wild in October 2011...

CVE-2011-4075

CVE-2011-4075 affects phpLDAPadmin 1.2.x prior to 1.2.2, where the orderby parameter sent to query_engine via cmd.php allowed remote PHP code execution due to unsanitized input in the PHP create_function() call. The vulnerability enables unauthenticated remote code execution on the web server run...

Debian DSA-2333-1 : phpldapadmin - several vulnerabilities

Two vulnerabilities have been discovered in phpLDAPadmin, a web-based interface for administering LDAP servers. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-4074 Input appended to the URL in cmd.php when 'cmd' is set to 'debug' is not properly...

[SECURITY] [DSA 2333-1] phpldapadmin security update

-------------------------------------------------------------------------- Debian Security Advisory DSA-2333-1 [email protected] http://www.debian.org/security/ Jonathan Wiltshire Oct 31th, 2011 http://www.debian.org/security/faq -...

phpLDAPadmin query_engine Remote PHP Code Injection

This module exploits a vulnerability in the lib/functions.php for phpLDAPadmin versions 1.2.1.1 and earlier that allows attackers input parsed directly to the createfunction php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parse...

CVE-2011-4075

creationtimestamp| type| source ---|---|--- 2011-10-23 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/18021 2011-10-25 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/18031 2018-05-29 15:50:33+00:00| seen|...