4 matches found
CVE-2004-2253
Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command...
CVE-2004-2254
SurgeLDAP 1.0g Build 12, and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter...
SurgeLDAP 1.0 - User.cgi Directory Traversal
SurgeLDAP 1.0 - User.cgi Directory Traversal source: https://www.securityfocus.com/bid/10103/info SurgeLDAP is prone to a directory traversal vulnerability in one of the scripts included with the built-in web administrative server, potentially resulting in disclosure of files. A remote attacker...
SurgeLDAP 1.0 d - User.cgi Cross-Site Scripting
SurgeLDAP 1.0 d - User.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/8407/info SurgeLDAP is prone to cross-site scripting attacks. Remote attackers may exploit this issue by enticing a user to visiting a malicious link that includes hostile HTML and script code. This code may...