phpLDAPadmin -- Remote PHP code injection vulnerability

EgiX n0b0d13s at gmail dot com reports: The $sortby parameter passed to 'masort' function in file lib/functions.php isn't properly sanitized before being used in a call to createfunction at line 1080. This can be exploited to inject and execute arbitrary PHP code. The only possible attack vector ...

phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1)

?php / ------------------------------------------------------------------------ phpLDAPadmin = 1.2.1.1 queryengine Remote PHP Code Injection Exploit ------------------------------------------------------------------------ author...............: EgiX mail.................: n0b0d13satgmaildotcom...

phpLDAPadmin 0.9.4b - Denial of Service

/ Exploit Title: phpLDAPadmin 0.9.4b DoS Google Dork: "phpLDAPadmin - 0.9.4b" Date: 2011-10-23 Author: Alguien Software Link: http://sourceforge.net/projects/phpldapadmin/files/phpldapadmin/0.9.4b/ Version: 0.9.4b Tested on: Red Hat CVE : - Compilation: ------------ $ javac phpldos.java Usage:...

phpLDAPadmin 0.9.4b DoS

Exploit for php platform in category web applications / Exploit Title: phpLDAPadmin 0.9.4b DoS Google Dork: "phpLDAPadmin - 0.9.4b" Date: 2011-10-23 Author: Alguien Software Link: http://sourceforge.net/projects/phpldapadmin/files/phpldapadmin/0.9.4b/ Version: 0.9.4b Tested on: Red Hat CVE : -...

phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection

Exploit for php platform in category web applications ?php / ------------------------------------------------------------------------ phpLDAPadmin = 1.2.1.1 queryengine Remote PHP Code Injection Exploit ------------------------------------------------------------------------ author..................

Debian DSA-1965-1 : phpldapadmin - missing input sanitising

It was discovered that phpLDAPadmin, a web-based interface for administering LDAP servers, doesn't sanitize an internal variable, which allows remote attackers to include and execute arbitrary local files. The oldstable distribution etch is not affected by this problem. %NASLMINLEVEL 70300 C...

Mandriva Update for phpldapadmin MDVSA-2010:023 (phpldapadmin)

Check for the Version of phpldapadmin OpenVAS Vulnerability Test Mandriva Update for phpldapadmin MDVSA-2010:023 phpldapadmin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Mandriva Update for phpldapadmin MDVSA-2010:023 (phpldapadmin)

Check for the Version of phpldapadmin OpenVAS Vulnerability Test Mandriva Update for phpldapadmin MDVSA-2010:023 phpldapadmin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

phpLDAPadmin < 1.2 Local File Inclusion

Binary data 5291.prm...

[SECURITY] [DSA-1965-1] New phpldapadmin packages fix remote file inclusion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1965 [email protected] http://www.debian.org/security/ Giuseppe Iuculano January 06, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1965-1] New phpldapadmin packages fix remote file inclusion

------------------------------------------------------------------------ Debian Security Advisory DSA-1965 [email protected] http://www.debian.org/security/ Giuseppe Iuculano January 06, 2010 http://www.debian.org/security/faq -...

DSA-1965-1 phpldapadmin - remote file inclusion

Bulletin has no description...

Fedora Core 11 FEDORA-2009-13598 (phpldapadmin)

The remote host is missing an update to phpldapadmin announced via advisory FEDORA-2009-13598. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C...

Fedora Core 11 FEDORA-2009-13598 (phpldapadmin)

The remote host is missing an update to phpldapadmin announced via advisory FEDORA-2009-13598. OpenVAS Vulnerability Test $Id: fcore200913598.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-13598 phpldapadmin Authors: Thomas Reinke Copyright:...

CVE-2009-4427

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cmd parameter...

Directory traversal

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cmd parameter...

DEBIAN-CVE-2009-4427

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cmd parameter...

CVE-2009-4427

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cmd parameter...

CVE-2009-4427

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cmd parameter...

CVE-2009-4427

CVE-2009-4427: In phpLDAPadmin, phpLDAPadmin 1.1.0.5 is vulnerable to remote local-file inclusion via cmd.php (parameter cmd) due to insufficient input sanitising, enabling arbitrary local file execution. Debian and related advisories (DSA-1965) fix this by upgrading phpldapadmin to a later packa...