Lucene search
K

12 matches found

OSV
OSV
added 2025/12/19 9:15 p.m.6 views

CVE-2023-53958

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...

8.6CVSS5.8AI score0.00349EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/19 9:5 p.m.27 views

CVE-2023-53958 LDAP Tool Box Self Service Password 1.5.2 Account Takeover via HTTP Host Header

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...

8.6CVSS0.00349EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.5 views

PT-2025-52528

Name of the Vulnerable Software and Affected Versions LDAP Tool Box Self Service Password version 1.5.2 Description The software contains a password reset issue where attackers can manipulate HTTP Host headers during token generation. This allows crafting malicious password reset requests that...

8.6CVSS6.6AI score0.00349EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-4394

Malware in sbrugna...

9.8CVSS9.5AI score0.02759EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/20 12:0 a.m.2 views

LDAP Tool Box Self Service Password Security Vulnerability

LDAP Tool Box Self Service Password is an open source PHP application for LDAP Tool Box that allows users to change passwords in the LDAP directory. A security vulnerability exists in LDAP Tool Box Self Service Password prior to v.1.5.4 that could allow a remote attacker to execute arbitrary code...

9.8CVSS7.4AI score0.01232EPSS
Exploits0References2
0day.today
0day.today
added 2023/04/06 12:0 a.m.240 views

LDAP Tool Box Self Service Password v1.5.2 - Account takeover Vulnerability

Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users to change their...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/06 12:0 a.m.251 views

LDAP Tool Box Self Service Password 1.5.2 Account Takeover

Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Date: 02/17/2023 Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users...

6.8AI score
Exploits0
NVD
NVD
added 2018/06/14 7:29 p.m.18 views

CVE-2018-12421

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

9.8CVSS9.4AI score0.02759EPSS
Exploits0References3
Prion
Prion
added 2018/06/14 7:29 p.m.12 views

Type confusion

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

5CVSS9.3AI score0.02759EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/06/14 7:29 p.m.10 views

CVE-2018-12421

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

9.8CVSS9.5AI score
Exploits0References3
CVE
CVE
added 2018/06/14 7:0 p.m.46 views

CVE-2018-12421

LTB Self Service Password prior to 1.3 has a vulnerability: a crafted POST can change a user’s password without the old one because ldap_bind return value handling and PHP typing are mishandled. Affected product: LTB Self Service Password. CVSS3 base score 9.8 (CRITICAL) with impact to confidenti...

9.8CVSS9.3AI score0.02759EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/06/14 7:0 p.m.20 views

CVE-2018-12421

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

9.4AI score0.02759EPSS
Exploits0References3
Rows per page
Query Builder