32 matches found
CVE-2024-33470
An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2024-33470
An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2024-33470
The CVE-2024-33470 entry affects AVTECH Room Alert 4E v4.4.0, with a root cause in the SMTP Email Settings that can expose credentials in plaintext via a passback attack. The issue is documented across multiple sources (including PT-2024-25275) and is tied to products that are no longer supported...
PT-2024-25275 · Avtech · Avtech Room Alert 4E
Name of the Vulnerable Software and Affected Versions: AVTECH Room Alert 4E version 4.4.0 Description: An issue in the SMTP Email Settings allows attackers to gain access to credentials in plaintext via a passback attack. This issue only affects products that are no longer supported by the...
CVE-2023-4505
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative...
CVE-2023-4505
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative...
Input validation
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative...
CVE-2023-4506 Active Directory Integration / LDAP Integration <= 4.1.10 - LDAP Passback
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access an...
CVE-2023-4505
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative...
CVE-2023-4506 Active Directory Integration / LDAP Integration <= 4.1.10 - LDAP Passback
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access an...
CVE-2023-4505 Staff / Employee Business Directory for Active Directory <= 1.2.3 - Authenticated (Admin+) LDAP Passback
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative...
Staff / Employee Business Directory for Active Directory < 1.3 - Admin LDAP Credentials Retrieval
Description The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with...