EUVD-2004-2245

Malware in sbrugna...

SurgeLDAP 1.0 User.CGI Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10103/info SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. A remote attacker could exploi...

SurgeLDAP 1.0 Web Administration Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10294/info SurgeLDAP is an LDAP server implementation for Microsoft Windows and various Unix operating systems. It includes a built-in web server to permit remote user access via HTTP. It has been reported that the...

SurgeLDAP 1.0 d User.CGI Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8407/info SurgeLDAP is prone to cross-site scripting attacks. Remote attackers may exploit this issue by enticing a user to visiting a malicious link that includes hostile HTML and script code. This code may be rendered i...

SurgeLDAP 1.0 d Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8406/info SurgeLDAP is prone to a path disclosure vulnerability. It is possible to gain access to sensitive path information by issuing an HTTP GET request for an invalid resource. This issue exists in the web server...

File Disclosure in SurgeLDAP

There is a vulnerability in the current version of SurgeLDAP that allows an attacker to retrieve arbitrary files from the webserver that reside outside the bounding HTML root directory. SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources,...

CVE-2004-2253

CVE-2004-2253 describes a directory traversal in SurgeLDAP’s web component. Affected: SurgeLDAP 1.0g and earlier. Issue: an attacker can exploit a ".." in the page parameter of the show command in user.cgi to read arbitrary files from the server. The connected documents corroborate this file-disc...

CVE-2004-2253

Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command...

CVE-2004-2254

SurgeLDAP 1.0g (Build 12), and possibly earlier 1.0h, contains an authentication bypass vulnerability in the administration interface. The issue allows remote attackers to bypass login by sending a direct request to admin.cgi with a modified utoken parameter. The affected product/version informat...

CVE-2004-2254

SurgeLDAP 1.0g Build 12, and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter...

CVE-2004-2253

Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command...

CVE-2004-2254

SurgeLDAP 1.0g Build 12, and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter...

SurgeLDAP 1.0 - Web Administration Authentication Bypass

source: https://www.securityfocus.com/bid/10294/info SurgeLDAP is an LDAP server implementation for Microsoft Windows and various Unix operating systems. It includes a built-in web server to permit remote user access via HTTP. It has been reported that the SurgeLDAP web administration application...

SurgeLDAP 1.0 - Web Administration Authentication Bypass

SurgeLDAP 1.0 - Web Administration Authentication Bypass source: https://www.securityfocus.com/bid/10294/info SurgeLDAP is an LDAP server implementation for Microsoft Windows and various Unix operating systems. It includes a built-in web server to permit remote user access via HTTP. It has been...

SurgeLDAP directory traversal

user.cgi allows to download any file...

[NT] SurgeLDAP Web Service user.cgi File Retrieval

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

SurgeLDAP10.txt

SurgeLDAP 1.0g Web service user.cgi File retrieval Release Date: April 13, 2004 Severity: Low Vendor: http://netwinsite.com Details: SurgeLDAP is an advanced easy to manage and install high performance LDAP v3 server. It supports any number of schemas, easy to add/modify existing schemas,...

SurgeLDAP 1.0 - User.cgi Directory Traversal

SurgeLDAP 1.0 - User.cgi Directory Traversal source: https://www.securityfocus.com/bid/10103/info SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. A remote attacker...

SurgeLDAP 1.0 - 'User.cgi' Directory Traversal

source: https://www.securityfocus.com/bid/10103/info SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. A remote attacker could exploit this issue to gain access to...

SurgeLDAP 1.0 d - User.cgi Cross-Site Scripting

SurgeLDAP 1.0 d - User.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/8407/info SurgeLDAP is prone to cross-site scripting attacks. Remote attackers may exploit this issue by enticing a user to visiting a malicious link that includes hostile HTML and script code. This code may...