CVE-2018-12421

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

Fedora 19 : php-ZendFramework-1.12.9-1.fc19 (2014-12344)

Contains fixes for two security relevant bugs : - 'ZF2014-05: Anonymous authentication in ldapbind function of PHP, using null byte' http://framework.zend.com/security/advisory/ZF2014-05 - 'ZF2014-06: SQL injection vector when manually quoting values for sqlsrv extension, using null byte'...

Anonymous authentication in ldap_bind() function of PHP, using null byte

More info at https://framework.zend.com/security/advisory/ZF2014-05...

Debian DSA-1371-1 : phpwiki - several vulnerabilities

Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2024 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file...

CVE-2007-3193

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORDLENGTHMINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldapbind to return true when used with certain LDAP implementations...

CVE-2007-3193

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORDLENGTHMINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldapbind to return true when used with certain LDAP implementations...