719 matches found
CVE-2005-0173
squidldapauth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists ACLs via a username with a space at the beginning or end, which is ignored by the LDAP server...
IBM iSeries AS400 LDAP Server - Remote Information Disclosure
IBM iSeries AS400 LDAP Server - Remote Information Disclosure source: https://www.securityfocus.com/bid/12991/info A remote information disclosure issue affects IBM iSeries AS400 LDAP Server. This issue is due to a failure of the application to properly secure sensitive information. An...
CVE-2005-0173
squidldapauth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists ACLs via a username with a space at the beginning or end, which is ignored by the LDAP server...
CVE-2005-0173
squidldapauth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists ACLs via a username with a space at the beginning or end, which is ignored by the LDAP server...
LDAP Server NULL Bind Detection
Binary data 1172.prm...
LDAP Server NULL Bind Connection Information Disclosure
Binary data 1947.prm...
LDAP Server NULL Bind Connection Information Disclosure
Binary data 1949.prm...
SurgeLDAP 1.0 - Web Administration Authentication Bypass
SurgeLDAP 1.0 - Web Administration Authentication Bypass source: https://www.securityfocus.com/bid/10294/info SurgeLDAP is an LDAP server implementation for Microsoft Windows and various Unix operating systems. It includes a built-in web server to permit remote user access via HTTP. It has been...
Novell NetWare LDAP Server Anonymous Bind
The server's directory base is set to NULL. This allows information to be enumerated without any prior knowledge of the directory structure. %NASLMINLEVEL 70300 This script was written by David Kyger Changes by Tenable: - Revised plugin title, output formatting 9/3/09 - Replaced broken URL, added...
eLDAPo index.php Plaintext Password Disclosure
The remote host is hosting eLDAPo, a PHP-based CGI suite designed to perform LDAP queries. This application stores the passwords to the LDAP server in plaintext in its source file. An attacker can read the source code of index.php and use the information contained to gain credentials on a...
CVE-2003-0378
The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set...
CVE-2001-0502
The CVE-2001-0502 issue affects Windows 2000 LDAP over SSL where a function fails to properly verify permissions when the directory principal is a domain user and the data attribute is the domain password, allowing local users to modify other users’ login passwords. Affected component: LDAP over ...
CVE-2001-0502
Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users...
CVE-2002-0007
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server...
LDAP NULL BASE Search Access
The remote LDAP server supports search requests with a NULL, or empty, base object. This allows information to be retrieved without any prior knowledge of the directory structure. Coupled with a NULL BIND, an anonymous user may be able to query your LDAP server using a tool such as 'LdapMiner'...
LDAP Server NULL Bind Connection Information Disclosure
The LDAP server on the remote host is currently configured such that a user can connect to it without authentication - via a 'NULL BIND' - and query it for information. Although the queries that are allowed are likely to be fairly restricted, this may result in disclosure of information that an...
CVE-2001-0502
Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users...
CVE-2000-0516
The CVE-2000-0516 entry concerns Shiva Access Manager 5.0.0, where configuration data stored in an LDAP directory includes the root DN and password written in cleartext to a file that is world-readable. This local-access vulnerability enables a local attacker to read sensitive credentials and com...
Timbuktu v3.0 and Public LDAP Server
Timbuktu v3.0 by Netopia, for those who don't know, is a remote control software package for Windows 9x, NT, and the Macintosh that gives you GUI console access. LDAP support was recently introduced to make it easier to find machines that have Timbuktu on them in your enterprise. This is good and...