25 matches found
EUVD-2022-52742
Malicious code in bioql PyPI...
CVE-2022-31085
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
SUSE CVE-2007-4662
Buffer overflow in the phpopensslmakeREQ function in PHP before 5.2.4 has unknown impact and attack vectors...
SUSE CVE-2009-3291
The phpopensslapplyverificationpolicy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates...
Information Disclosure
ldap-account-manager is vulnerable to information disclosure. The vulnerability exists because the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration, allowing an attacker to gain sensitive...
LDAP Account Manager Cross-Site Scripting Vulnerability (CNVD-2022-53547)
LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory. cross-site scripting vulnerability exists in LDAP Account Manager LAM versions prior to 8.0, which stems from the fact that if the PHP OpenSSL extension is not installed o...
CVE-2022-31085
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
CVE-2022-31085
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
Design/Logic Flaw
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
CVE-2022-31085 Missing Encryption of Sensitive Data in ldap-account-manager
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
CVE-2022-31085
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
CVE-2022-31085 Missing Encryption of Sensitive Data in ldap-account-manager
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
CVE-2022-31085 Missing Encryption of Sensitive Data in ldap-account-manager
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
CVE-2022-31085
CVE-2022-31085 affects LDAP Account Manager (LAM). In versions prior to 8.0, session files can contain LDAP usernames and passwords in clear text when the PHP OpenSSL extension is not installed or session encryption is disabled. The issue is fixed in LAM 8.0; if upgrading is not possible, enable ...
Open Redirector involving user interaction - ownCloud
The 'Import root certificate' ability that users are able to use once filesexternal is enabled allows users to import their own root certificates for connections. e.g. server-to-server shares to servers using a self-signed certificate or external storages The functionality was using the PHP OpenS...
Disclosure of arbitrary certificate files - ownCloud
The 'Import root certificate' ability that users are able to use once filesexternal is enabled allows users to import their own root certificates for connections. e.g. server-to-server shares to servers using a self-signed certificate or external storages The functionality was using the PHP OpenS...
Server: Open Redirector involving user interaction
The 'Import root certificate' ability that users are able to use once filesexternal is enabled allows users to import their own root certificates for connections. e.g. server-to-server shares to servers using a self-signed certificate or external storages The functionality was using the PHP OpenS...
Server: Disclosure of arbitrary certificate files
The 'Import root certificate' ability that users are able to use once filesexternal is enabled allows users to import their own root certificates for connections. e.g. server-to-server shares to servers using a self-signed certificate or external storages The functionality was using the PHP OpenS...
Amazon Linux: Security Advisory (ALAS-2013-263)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Critical: php55
Issue Overview: A memory corruption flaw was found in the way the opensslx509parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP...