41 matches found
CVE-2026-40459
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10...
Bouncy Castle Java 安全漏洞
Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java prior to 1.84 contained security vulnerabilities, which were caused by improper handling of special elements in LDAP queries. These vulnerabilities could lead to...
EUVD-2006-6537
Malware in sbrugna...
EUVD-2014-5995
Malware in sbrugna...
EUVD-2021-26962
Malware in sbrugna...
EUVD-2022-29542
Malicious code in bioql PyPI...
CVE-2021-33668
Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application...
Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resolveDistinguishedName method. The issue results from the lack of...
October 10, 2023—KB5031411 (Security-only update)
October 10, 2023—KB5031411 Security-only update REMINDER Windows Server 2008 SP2 Extended Security Updates third and final year of ESU ended on January 10, 2023. Many customers are taking advantage of Azures commitment to security and compliance and have moved to Azure to protect their Windows...
CVE-2022-24670
An attacker can use the unrestricted LDAP queries to determine configuration entries...
Design/Logic Flaw
An attacker can use the unrestricted LDAP queries to determine configuration entries...
CVE-2022-24670 Any user can run unrestricted LDAP queries against a configuration endpoint
An attacker can use the unrestricted LDAP queries to determine configuration entries...
USN-5424-1 openldap vulnerability
It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database...
ADReaper - A Fast Enumeration Tool For Windows Active Directory Pentesting Written In Go
ADReaper is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds. Installation You can download precompiled executable binaries for Windows/Linux from latest releases Install from source To build from source, clone the repo and build it with...
CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it ca...
CVE-2021-33668
CVE-2021-33668 involves an LDAP injection due to improper input sanitization in SAP SCIMONO components. An unauthenticated attacker could inject specially crafted LDAP queries, potentially compromising confidentiality. Connected documents confirm this vulnerability in SCIMONO-related deployments ...
CVE-2021-33668
Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application...
MGASA-2020-0289 Updated samba packages fix security vulnerability
Updated samba packages fix security vulnerabilities: Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2020-10730. Douglas Bagnall...
USN-4409-1 samba vulnerabilities
Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.10 and Ubuntu 20.04 LTS...
USN-4341-2 samba vulnerability
USN-4341-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources,...