EUVD-2020-0603

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-14878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 8.0.21 and prior...

GHSA-82MG-X548-GQ3J LDAP Injection in ldapauth

Versions 2.2.4 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter. Recommendation ldapauth is not actively maintained, having not seen a publish since 2014. As a result, there i...

group-lunches (>=0.0.2 <=0.0.10), lets-chat-ldap (>=0.1.0 <=0.4.0) +5 more potentially affected by CVE-2015-7294 via ldapauth-fork (=2.2.19)

ldapauth-fork NPM version =2.2.19 is affected by a known vulnerability. The following packages have a transitive dependency on ldapauth-fork and may be impacted: - group-lunches =0.0.2, =0.1.0, =0.0.2, =0.1.0, =0.0.0, =0.0.1 Source cves: CVE-2015-7294 Source advisory: OSV:GHSA-82MG-X548-GQ3J...

LDAP Injection in ldapauth

Versions 2.2.4 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter. Recommendation ldapauth is not actively maintained, having not seen a publish since 2014. As a result, there i...

ldapauth-fork injection attack vulnerability

ldapauth-fork is a node.js library for authenticating against LDAP servers. A security vulnerability exists in ldapauth-fork 2.3.2 and earlier versions. A remote attacker can exploit this vulnerability to perform an LDAP injection attack with a specially crafted username...

CVE-2015-7294

ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username...

Code injection

ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username...

CVE-2015-7294

ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username...

CVE-2015-7294

CVE-2015-7294 affects ldapauth-fork before 2.3.3, where a remote attacker can trigger LDAP injection through a crafted username parameter. The vulnerability is linked to the ldapauth-fork library used for authenticating against LDAP servers. Several connected sources confirm the affected version ...

LDAP Injection

Overview Versions 2.2.4 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter. Recommendation ldapauth is not actively maintained, having not seen a publish since 2014. As a result...

LDAP Injection

Overview Versions 2.3.2 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter. Recommendation Update to ldapauth-fork version 2.3.3 or later. References -...

AIX 7.1 TL 1 : ldapauth (IV18464)

AIX could allow a local attacker to gain elevated privileges on the system, caused by an error in the getpwnam function when customer extended LDAP user filtering is configured. A local attacker could exploit this vulnerability to gain lateral or elevated privileges on the system. %NASLMINLEVEL...

AIX 6.1 TL 7 : ldapauth (IV18637)

AIX could allow a local attacker to gain elevated privileges on the system, caused by an error in the getpwnam function when customer extended LDAP user filtering is configured. A local attacker could exploit this vulnerability to gain lateral or elevated privileges on the system. %NASLMINLEVEL...

AIX 6.1 TL 6 : ldapauth (IV19077)

AIX could allow a local attacker to gain elevated privileges on the system, caused by an error in the getpwnam function when customer extended LDAP user filtering is configured. A local attacker could exploit this vulnerability to gain lateral or elevated privileges on the system. %NASLMINLEVEL...

AIX 7.1 TL 0 : ldapauth (IV19098)

AIX could allow a local attacker to gain elevated privileges on the system, caused by an error in the getpwnam function when customer extended LDAP user filtering is configured. A local attacker could exploit this vulnerability to gain lateral or elevated privileges on the system. %NASLMINLEVEL...

AIX 6.1 TL 6 : ldapauth (IZ97416)

After installing bos.rte.security 6.1.6.4 fileset, an LDAP user will be able to log in with an incorrect password. This occurs only when authtype is set to ldapauth in the /etc/security/ldap/ldap.cfg file. Non-LDAP users can also log in with incorrect passwords if the local users have their SYSTE...

AIX 6.1 TL 5 : ldapauth (IV19097)

AIX could allow a local attacker to gain elevated privileges on the system, caused by an error in the getpwnam function when customer extended LDAP user filtering is configured. A local attacker could exploit this vulnerability to gain lateral or elevated privileges on the system. %NASLMINLEVEL...