45 matches found
CVE-2026-33609
A flaw was found in PowerDNS. When running with 8bit-dns enabled, incomplete escaping of Lightweight Directory Access Protocol LDAP queries allows authenticated users to perform queries of internal domain subtrees. This vulnerability can lead to information disclosure, potentially exposing...
CVE-2026-40459
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10...
Bouncy Castle Java 安全漏洞
Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java prior to 1.84 contained security vulnerabilities, which were caused by improper handling of special elements in LDAP queries. These vulnerabilities could lead to...
EUVD-2006-6537
Malware in sbrugna...
EUVD-2021-26962
Malware in sbrugna...
EUVD-2014-5995
Malware in sbrugna...
EUVD-2022-29542
Malicious code in bioql PyPI...
CVE-2021-33668
Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application...
Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resolveDistinguishedName method. The issue results from the lack of...
October 10, 2023—KB5031411 (Security-only update)
October 10, 2023—KB5031411 Security-only update REMINDER Windows Server 2008 SP2 Extended Security Updates third and final year of ESU ended on January 10, 2023. Many customers are taking advantage of Azures commitment to security and compliance and have moved to Azure to protect their Windows...
ForgeRock Access Management 6.0.0.x / 6.5.0.x / 6.5.2.x / 6.5.3 / 6.5.4 / 7.0.x / 7.1 / 7.1.1 Multiple Vulnerabilities
The version of ForgeRock Access Management detected on the remote host is affected by multiple vulnerabilities, including the following: - It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network service...
CVE-2022-24670
An attacker can use the unrestricted LDAP queries to determine configuration entries...
Design/Logic Flaw
An attacker can use the unrestricted LDAP queries to determine configuration entries...
CVE-2022-24670 Any user can run unrestricted LDAP queries against a configuration endpoint
An attacker can use the unrestricted LDAP queries to determine configuration entries...
CVE-2022-24670 Any user can run unrestricted LDAP queries against a configuration endpoint
An attacker can use the unrestricted LDAP queries to determine configuration entries...
Aced - Tool to parse and resolve a single targeted Active Directory principal's DACL
Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging...
USN-5424-1 openldap vulnerability
It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database...
ADReaper - A Fast Enumeration Tool For Windows Active Directory Pentesting Written In Go
ADReaper is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds. Installation You can download precompiled executable binaries for Windows/Linux from latest releases Install from source To build from source, clone the repo and build it with...
CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it ca...
CVE-2021-33668
CVE-2021-33668 involves an LDAP injection due to improper input sanitization in SAP SCIMONO components. An unauthenticated attacker could inject specially crafted LDAP queries, potentially compromising confidentiality. Connected documents confirm this vulnerability in SCIMONO-related deployments ...