Lucene search
+L

719 matches found

NVD
NVD
added 2005/05/02 4:0 a.m.13 views

CVE-2005-0173

squidldapauth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists ACLs via a username with a space at the beginning or end, which is ignored by the LDAP server...

7.5CVSS6AI score0.31942EPSS
Exploits0References14
exploitpack
exploitpack
added 2005/04/04 12:0 a.m.15 views

IBM iSeries AS400 LDAP Server - Remote Information Disclosure

IBM iSeries AS400 LDAP Server - Remote Information Disclosure source: https://www.securityfocus.com/bid/12991/info A remote information disclosure issue affects IBM iSeries AS400 LDAP Server. This issue is due to a failure of the application to properly secure sensitive information. An...

7.3AI score
Exploits0
Cvelist
Cvelist
added 2005/02/06 5:0 a.m.30 views

CVE-2005-0173

squidldapauth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists ACLs via a username with a space at the beginning or end, which is ignored by the LDAP server...

5.9AI score0.31942EPSS
Exploits0References14
Debian CVE
Debian CVE
added 2005/02/06 5:0 a.m.30 views

CVE-2005-0173

squidldapauth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists ACLs via a username with a space at the beginning or end, which is ignored by the LDAP server...

7.5CVSS6.4AI score0.31942EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.14 views

LDAP Server NULL Bind Detection

Binary data 1172.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.24 views

LDAP Server NULL Bind Connection Information Disclosure

Binary data 1947.prm...

10CVSS7.3AI score0.1821EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.27 views

LDAP Server NULL Bind Connection Information Disclosure

Binary data 1949.prm...

10CVSS7.3AI score0.1821EPSS
Exploits0References2
exploitpack
exploitpack
added 2004/05/05 12:0 a.m.15 views

SurgeLDAP 1.0 - Web Administration Authentication Bypass

SurgeLDAP 1.0 - Web Administration Authentication Bypass source: https://www.securityfocus.com/bid/10294/info SurgeLDAP is an LDAP server implementation for Microsoft Windows and various Unix operating systems. It includes a built-in web server to permit remote user access via HTTP. It has been...

1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/03/15 12:0 a.m.25 views

Novell NetWare LDAP Server Anonymous Bind

The server's directory base is set to NULL. This allows information to be enumerated without any prior knowledge of the directory structure. %NASLMINLEVEL 70300 This script was written by David Kyger Changes by Tenable: - Revised plugin title, output formatting 9/3/09 - Replaced broken URL, added...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/06/18 12:0 a.m.17 views

eLDAPo index.php Plaintext Password Disclosure

The remote host is hosting eLDAPo, a PHP-based CGI suite designed to perform LDAP queries. This application stores the passwords to the LDAP server in plaintext in its source file. An attacker can read the source code of index.php and use the information contained to gain credentials on a...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2003/06/06 4:0 a.m.27 views

CVE-2003-0378

The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set...

6.7AI score0.01433EPSS
Exploits1References2
CVE
CVE
added 2002/03/09 5:0 a.m.51 views

CVE-2001-0502

The CVE-2001-0502 issue affects Windows 2000 LDAP over SSL where a function fails to properly verify permissions when the directory principal is a domain user and the data attribute is the domain password, allowing local users to modify other users’ login passwords. Affected component: LDAP over ...

4.6CVSS6.4AI score0.02004EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.19 views

CVE-2001-0502

Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users...

6.4AI score0.02004EPSS
Exploits0References4
NVD
NVD
added 2002/01/31 5:0 a.m.17 views

CVE-2002-0007

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server...

10CVSS6.7AI score0.02371EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2001/08/13 12:0 a.m.942 views

LDAP NULL BASE Search Access

The remote LDAP server supports search requests with a NULL, or empty, base object. This allows information to be retrieved without any prior knowledge of the directory structure. Coupled with a NULL BIND, an anonymous user may be able to query your LDAP server using a tool such as 'LdapMiner'...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2001/08/13 12:0 a.m.845 views

LDAP Server NULL Bind Connection Information Disclosure

The LDAP server on the remote host is currently configured such that a user can connect to it without authentication - via a 'NULL BIND' - and query it for information. Although the queries that are allowed are likely to be fairly restricted, this may result in disclosure of information that an...

5.6AI score
Exploits0
NVD
NVD
added 2001/07/21 4:0 a.m.21 views

CVE-2001-0502

Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users...

4.6CVSS6.4AI score0.02004EPSS
Exploits0References4
CVE
CVE
added 2000/10/13 4:0 a.m.50 views

CVE-2000-0516

The CVE-2000-0516 entry concerns Shiva Access Manager 5.0.0, where configuration data stored in an LDAP directory includes the root DN and password written in cleartext to a file that is world-readable. This local-access vulnerability enables a local attacker to read sensitive credentials and com...

7.2CVSS6.6AI score0.00713EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2000/04/05 12:0 a.m.114 views

Timbuktu v3.0 and Public LDAP Server

Timbuktu v3.0 by Netopia, for those who don't know, is a remote control software package for Windows 9x, NT, and the Macintosh that gives you GUI console access. LDAP support was recently introduced to make it easier to find machines that have Timbuktu on them in your enterprise. This is good and...

0.1AI score
Exploits0
Rows per page
Query Builder