336 matches found
CVE-2024-9101
A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...
CVE-2024-9101
A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...
CVE-2024-9102
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...
DEBIAN-CVE-2024-9101
A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...
CVE-2024-9102
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...
UBUNTU-CVE-2024-9101
A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...
UBUNTU-CVE-2024-9102
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...
CVE-2024-9102
PHP LDAP Admin (phpLDAPadmin) versions 1.2.0 through 1.2.6.7 are vulnerable to CSV Formula Injection when exporting directory entries to CSV, because the export path does not neutralize elements that can be interpreted as commands by spreadsheet apps. This can allow an attacker-controlled data el...
CVE-2024-9102
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...
CVE-2024-9102 phpLDAPadmin: Improper Neutralization of Formula Elements
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...
CVE-2024-9102 phpLDAPadmin: Improper Neutralization of Formula Elements
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...
CVE-2024-9101 phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php
A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...
CVE-2024-9101
Summary of CVE-2024-9101 : A reflected XSS in phpLDAPadmin’s “Entry Chooser” affects versions 1.2.1 through 1.2.6.7. The vulnerability arises from unsafely passing the user-controlled parameter “element” into JavaScript eval, with exploitation limited to conditions where the window opener is corr...
CVE-2024-9101 phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php
A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...
CVE-2024-9101
A reflected cross-site scripting XSS vulnerability in the 'Entry Chooser' of phpLDAPadmin version 1.2.1 through the latest version, 1.2.6.7 allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' functio...
PT-2024-39431 · Unknown +1 · Phpldapadmin +1
Name of the Vulnerable Software and Affected Versions: phpLDAPadmin versions 1.2.0 through 1.2.6.7 Description: The issue allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a comma...
phpLDAPadmin 安全漏洞
phpLDAPadmin is a web-based LDAP client from the phpLDAPadmin Personal Developer, which is primarily used to manage LDAP servers. A security vulnerability exists in phpLDAPadmin versions 1.2.0 through 1.2.6.7. An attacker exploiting this vulnerability can cause CSV formula injection...
phpLDAPadmin 安全漏洞
phpLDAPadmin is a web-based LDAP client from the phpLDAPadmin personal developer, which is primarily used to manage LDAP servers. A security vulnerability exists in phpLDAPadmin versions 1.2.1 through 1.2.6.7, which stems from the presence of a reflective cross-site scripting vulnerability that...
Telpho10 Backup Credentials Dumper
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Telpho10 Backup Credentials Dumper', 'Description' = %q This module exploits a vulnerability present in all versions of Telpho10 telephone system...
ROS-20240719-02
Vulnerability in the makeHttpRequest function of the htdocs/js/ajaxfunctions.js file of the web administration tool LDAP phpLDAPAPadmin is related to inconsistent interpretation of HTTP requests. Exploitation of the vulnerability could allow an attacker acting remotely to cause smuggling of http...