CVE-2025-13948

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

CVE-2025-13948

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

CVE-2025-13948 opsre go-ldap-admin JWT docker-compose.yaml hard-coded key

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

CVE-2025-13948

The CVE-2025-13948 entry concerns opsre go-ldap-admin (up to 20251011) with an issue in the JWT Handler’s docs/docker-compose/docker-compose.yaml processing. Manipulating the argument secret key can lead to use of a hard-coded cryptographic key, enabling remote attack. Exploitation details beyond...

EUVD-2025-200976

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

CVE-2025-13948 opsre go-ldap-admin JWT docker-compose.yaml hard-coded key

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

Go Ldap Admin 安全漏洞

Go Ldap Admin is an openLDAP backend management project based on Go+Vue implementation organized by China opsre. A security vulnerability exists in Go Ldap Admin 20251011 and earlier versions, which originates from the use of hard-coded encryption keys by the JWT Handler component in the...

PT-2025-48812

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

Linux Distros Unpatched Vulnerability : CVE-2018-12689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpLDAPadmin 1.2.2 allows LDAP injection via a crafted serverid parameter in a cmd.php?cmd=loginform request, or a crafted username and password in the login...

DEBIAN-CVE-2024-9102

phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...

phpLDAPadmin Environmental Issues Vulnerabilities

PhpLdapAdmin is a web-based LDAP client from the individual developer of PhpLdapAdmin, which is primarily used to manage LDAP servers. An environmental issue vulnerability exists in phpLDAPadmin, which stems from an http request smuggling vulnerability in the makeHttpRequest function in...

USN-4620-1 phpldapadmin vulnerability

It was discovered that phpLDAPadmin didn't properly sanitize before being echoed to the user. A remote attacker could inject arbitrary HTML/Javascript code in a user's context and cause a crash, resulting in denial of service or potential execution of arbitrary code...

DEBIAN-CVE-2011-4082

A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request...

PT-2011-4838 · Php · Phpldapadmin

Name of the Vulnerable Software and Affected Versions: phpLDAPadmin versions 1.2.x through 1.2.1 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an debug command in the cmd.php fil...

CVE-2006-6575

PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Yet Another PHP LDAP Admin Project yaplap 0.6 and 0.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the LOGINstyle parameter...

DEBIAN-CVE-2005-2792

Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. dot dot in the customwelcomepage parameter...