CVE-2024-49370

CVE-2024-49370 affects Pimcore portal engine prior to 4.1.7 and 3.1.16. When a PortalUserObject is linked to a PimcoreUser and the “Use Pimcore Backend Password” option is set, the change password function stores the new password without hashing, making it readable by others. This could enable pa...

Faronics WINSelect Hardcoded Credentials / Bad Permissions / Unhashed Password

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities allowing complete bypass product: Faronics WINSelect Standard + Enterprise vulnerable version: 8.30.xx.903 fixed version: 8.30.xx.903 CVE number:...

MariaDB: Path traversal in command line client

The command line client has a directory traversal bug which allows server chosen files to be dlopened when it connects to a malicious server. The path can also be padded with / characters so that strxnmov drops the .so extension. The dlopen call is performed here: Impact In rare situations where...

Debian DLA-1483-1 : 389-ds-base security update

CVE-2018-10871 By default nsslapd-unhashed-pw-switch was set to 'on'. So a copy of the unhashed password was kept in modifiers and was possibly logged in changelog and retroCL. Unless it is used by some plugin it does not require to keep unhashed passwords. The nsslapd-unhashed-pw-switch option i...

Red Hat 389 Directory Server Information Disclosure Vulnerability (CNVD-2015-01643)

Red Hat 389 Directory Server formerly known as Fedora Directory Server is an enterprise-class Linux directory server from Red Hat. The server fully supports the LDAPv3 specification and features scalability, multi-master replication, and more. A security vulnerability exists in Red Hat 389...

Important: Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update

Updated 389-ds-base packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...

RHEL 7 : 389-ds-base (RHSA-2015:0416)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0416 advisory. The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and...

UBUNTU-CVE-2012-2678

389 Directory Server before 1.2.11.6 aka Red Hat Directory Server before 8.2.10-3, after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhasheduserpassword attribute...