5 matches found
EUVD-2018-20373
Malware in sbrugna...
CVE-2018-8764
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sectoken parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging...
CVE-2018-8764
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sectoken parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging...
CVE-2018-8764
CVE-2018-8764 affects LDAP Account Manager (Roland Gruber Softwareentwicklung) prior to 6.3. The flaw exposes the CSRF token in the sec_token parameter of a URI, enabling an attacker to bypass CSRF protection by leveraging logging and potentially perform unauthorized actions in a logged-in sessio...
CVE-2018-8763
CVE-2018-8763 affects LDAP Account Manager prior to 6.3, with a Reflected XSS via the dn parameter to templates/3rdParty/pla/htdocs/cmd.php or the cmd=rename_form parameter. The issue is documented across Debian security advisories (DSA-4165-1) and related OSS/Nessus references. Debian fixes: old...