OESA-2024-2164 three-eight-nine-ds-base security update

389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration. Security Fixes: An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed...

Default credentials

EMC ESRS Policy Manager prior to 6.8 contains an undocumented account OpenDS admin with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server...

CVE-2017-4976

EMC ESRS Policy Manager prior to 6.8 contains an undocumented account OpenDS admin with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server...

CVE-2017-4976

EMC ESRS Policy Manager prior to 6.8 contains an undocumented account OpenDS admin with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server...

EMC ESRS Policy Manager Undocumented Account Vulnerability

EMC ESRS Policy Manager is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Versions prior to 6.8 are affected. EMC ESRS Policy Manager Undocumented Account Vulnerability CVE Identifier: CVE-2017-4976...

RedHat Update for 389-ds-base RHSA-2016:2594-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name rootDN password when a privileged user 1 runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including 2 ldapadd, 3 ldapdelete, 4 ldapmodify, 5 ldapmodrd...

CVE-2005-2377

CVE-2005-2377 concerns nss_ldap, where versions 181 through 212 (before 213) used in Mandrake Corporate Server, Mandrake 10.0, and other OSes fail to handle a SIGPIPE when issuing an LDAP search. This can allow a remote attacker to cause a denial of service by making the LDAP server unavailable, ...

Critical Path InJoin Directory Server 4.0 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/4717/info Critical Path provides an LDAP Lightweight Directory Access Protocol Directory Server called InJoin. InJoin Directory is provided for Microsoft Windows operating systems and Unix variants. HTML code is not filtered from URL parameters that are...