11 matches found
EUVD-2020-0603
Malware in sbrugna...
GHSA-82MG-X548-GQ3J LDAP Injection in ldapauth
Versions 2.2.4 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter. Recommendation ldapauth is not actively maintained, having not seen a publish since 2014. As a result, there i...
group-lunches (>=0.0.2 <=0.0.10), lets-chat-ldap (>=0.1.0 <=0.4.0) +5 more potentially affected by CVE-2015-7294 via ldapauth-fork (=2.2.19)
ldapauth-fork NPM version =2.2.19 is affected by a known vulnerability. The following packages have a transitive dependency on ldapauth-fork and may be impacted: - group-lunches =0.0.2, =0.1.0, =0.0.2, =0.1.0, =0.0.0, =0.0.1 Source cves: CVE-2015-7294 Source advisory: OSV:GHSA-82MG-X548-GQ3J...
LDAP Injection in ldapauth
Versions 2.2.4 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter. Recommendation ldapauth is not actively maintained, having not seen a publish since 2014. As a result, there i...
ldapauth-fork injection attack vulnerability
ldapauth-fork is a node.js library for authenticating against LDAP servers. A security vulnerability exists in ldapauth-fork 2.3.2 and earlier versions. A remote attacker can exploit this vulnerability to perform an LDAP injection attack with a specially crafted username...
CVE-2015-7294
ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username...
Code injection
ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username...
CVE-2015-7294
ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username...
CVE-2015-7294
CVE-2015-7294 affects ldapauth-fork before 2.3.3, where a remote attacker can trigger LDAP injection through a crafted username parameter. The vulnerability is linked to the ldapauth-fork library used for authenticating against LDAP servers. Several connected sources confirm the affected version ...
LDAP Injection
Overview Versions 2.2.4 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter. Recommendation ldapauth is not actively maintained, having not seen a publish since 2014. As a result...
LDAP Injection
Overview Versions 2.3.2 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter. Recommendation Update to ldapauth-fork version 2.3.3 or later. References -...