CVE-2023-53958

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...

CVE-2023-53958 LDAP Tool Box Self Service Password 1.5.2 Account Takeover via HTTP Host Header

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...

PT-2025-52528

Name of the Vulnerable Software and Affected Versions LDAP Tool Box Self Service Password version 1.5.2 Description The software contains a password reset issue where attackers can manipulate HTTP Host headers during token generation. This allows crafting malicious password reset requests that...

LDAP Tool Box Self Service Password 授权问题漏洞

LDAP Tool Box Self Service Password is an open source PHP application for LDAP Tool Box that allows users to change passwords in the LDAP directory. An authorization issue vulnerability exists in LDAP Tool Box Self Service Password version 1.5.2, which stems from an improperly generated password...

EUVD-2018-4394

Malware in sbrugna...

LDAP Tool Box Self Service Password Security Vulnerability

LDAP Tool Box Self Service Password is an open source PHP application for LDAP Tool Box that allows users to change passwords in the LDAP directory. A security vulnerability exists in LDAP Tool Box Self Service Password prior to v.1.5.4 that could allow a remote attacker to execute arbitrary code...

LDAP Tool Box Self Service Password 1.5.2 Account Takeover

Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Date: 02/17/2023 Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users...

LDAP Tool Box Self Service Password v1.5.2 - Account takeover Vulnerability

Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users to change their...

CVE-2020-25013

JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler...

CVE-2018-16718

An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument...

Type confusion

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

CVE-2018-12421

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

CVE-2018-12421

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

CVE-2018-12421

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

CVE-2018-12421

LTB Self Service Password prior to 1.3 has a vulnerability: a crafted POST can change a user’s password without the old one because ldap_bind return value handling and PHP typing are mishandled. Affected product: LTB Self Service Password. CVSS3 base score 9.8 (CRITICAL) with impact to confidenti...

Tool Box (Free) - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Tool Box Free published at the 'play' market has multiple vulnerabilities...