EUVD-2018-17498

Malware in sbrugna...

EUVD-2001-0611

Malware in sbrugna...

EUVD-2020-23185

Malware in sbrugna...

EUVD-2018-17499

Malware in sbrugna...

CVE-2023-23749

The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database...

Alibaba Cloud Linux 3 : 0024: 389-ds:1.4 (ALINUX3-SA-2021:0024)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0024 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-35518: When binding against a DN during...

Denial Of Service (DoS)

org.openidentityplatform.opendj, opendj-server-legacy is vulnerable to a Denial Of Service DoS. The vulnerability is due to an alias loop in the LDAP database, which allows an attacker to make the server unresponsive to all LDAP requests due to infinite alias dereferencing...

CVE-2025-27497

Summary for CVE-2025-27497 : OpenDJ (LDAPv3 directory service) prior to 4.9.3 is vulnerable to a denial-of-service caused by an alias loop in the LDAP database. When an ldapsearch request dereferences aliases with type "always" on an alias entry, the server becomes unresponsive to all LDAP reques...

Code injection

The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database...

NewStart CGSL CORE 5.05 / MAIN 5.05 : 389-ds-base Vulnerability (NS-SA-2022-0026)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has 389-ds-base packages installed that are affected by a vulnerability: - When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an...

CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames

GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it ca...

LDAP-Password-Hunter - Password Hunter In The LDAP Infamous Database

It happens that due to legacy services requirements or just bad security practices password are world-readable in the LDAP database by any user who is able to authenticate. LDAP Password Hunter is a tool which wraps features of getTGT.py Impacket and ldapsearch in order to look up for password...

Fedora 33 : 389-ds-base / dogtag-pki / freeipa / pki-core (2021-7458e2d835)

The remote Fedora 33 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2021-7458e2d835 advisory. - When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an...

GOsa Incorrect Access Control Vulnerability

GOsa is an LDAP manager. The product is mainly used for system administration to manage users and groups, applications, phones and faxes. A security vulnerability exists in GOsa. An attacker could exploit this vulnerability to gain unauthorized access to the LDAP database...

Debian DLA-1875-1 : fusiondirectory security update

In FusionDirectory, an LDAP web-frontend written in PHP originally derived GOsa² 2.6.x, a vulnerability was found that could theoretically lead to unauthorized access to the LDAP database managed with FusionDirectory. LDAP queries' result status 'Success' checks had not been strict enough. The...

ipa, slapi security update

CentOS Errata and Security Advisory CESA-2015:0728 Updated ipa and slapi-nis packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring...

Moderate: Red Hat Security Advisory: ipa and slapi-nis security and bug fix update

Updated ipa and slapi-nis packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

krb5 security update

CentOS Errata and Security Advisory CESA-2015:0439 Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common...

MGASA-2014-0536 Updated krb5 packages fix CVE-2014-5353

Updated krb5 packages fix security vulnerability: In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause a NULL dereference by attempting to use a named ticket policy object as a password policy for a principal. The attacker needs to b...

CVE-2014-5354

plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in MIT Kerberos 5 aka krb5 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash by creating a database entry for a keyless principal, as...