UBUNTU-CVE-2023-1055

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes...

CVE-2023-1055

A flaw was found in RHDS 11 and 12. While browsing entries, LDAP tries to decode the userPassword attribute instead of the userCertificate attribute, which could lead into sensitive information being leaked. This issue could allow an attacker with a local account with cockpit-389-ds running to li...

CVE-2023-1055

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes...

PT-2023-16722 · Red Hat +1 · Rhds +1

Name of the Vulnerable Software and Affected Versions: RHDS versions 11 through 12 Description: A flaw was found in RHDS where LDAP tries to decode the userPassword attribute instead of the userCertificate attribute, potentially leading to sensitive information leakage. An attacker with a local...

CVE-2023-1055

CVE-2023-1055 affects RHDS 11/12 and Red Hat Directory Server components (389-ds-base). The issue occurs when LDAP browsing entries decodes userPassword instead of userCertificate, leaking sensitive information. A local attacker with a cockpit-389-ds process can list processes and display hashed ...

CVE-2023-1055

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes...

EulerOS 2.0 SP5 : 389-ds-base (EulerOS-SA-2022-2264)

According to the versions of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that...

Privilege Escalation

org.openidentityplatform.openam:openam-auth-nt is vulnerable to privilege escalation. A local authenticated attacker is able to cause a replace Samba username attack via the userPassword parameter in process function...

CVE-2017-11365: Empty passwords validation issue

Affected versions Symfony 2.7.30, 2.7.31, 2.8.23, 2.8.24, 3.2.10, 3.2.11, 3.3.3, and 3.3.4 versions of the Symfony Security component are affected by this security issue. The issue has been fixed in Symfony 2.7.32, 2.8.25, 3.2.12, and 3.3.5. Description When fixing issue 23319 with 23341, we...

Fedora 14 : libuser-0.56.18-3.fc14 (2011-0316)

Fixes default userPassword value on LDAP; note that this affects only accounts for which the password was not changed later. In addition to installing this update, maintainers of LDAP servers used for authentication should review their LDAP directory for unexpected plaintext userPassword values...

Sepcity Lawyer Portal (deptdisplay.asp ID) SQL Injection Vulnerability

No description provided by source. By Osmanizim Security Specialist Contacts : www.osmanizim.com Title: Lawyer Portal = SQL Injection Vulnerability. Download:http://www.sepcity.com/freelawyerportalsoftware.aspx Demo : http://freeasp.sepcity.com/faculty/default.asp // Exploit --...

r.cms 2 SQL Injection

r.cms V2 - Multiple SQL Injection Vulnerabilities Vulnerability discovered by: LidlosesAuge Greetz to: -=Player=- , Suicide, g4ms3, enco, Palme, GPM, Free-Hack Date: 16.12.2008 Admin Panel: Target/rcms/ Description: Almost every GET parameter is vulnerable to SQL Injection, so i won't list 'em al...

r.cms 2.0 - Multiple SQL Injections

r.cms V2 - Multiple SQL Injection Vulnerabilities Vulnerability discovered by: LidlosesAuge Greetz to: -=Player=- , Suicide, g4ms3, enco, Palme, GPM, Free-Hack Date: 16.12.2008 Admin Panel: Target/rcms/ Description: Almost every GET parameter is vulnerable to SQL Injection, so i won't list 'em al...

OtomiGenX 2.2 - userAccount SQL Injection

OtomiGenX 2.2 - userAccount SQL Injection source: https://www.securityfocus.com/bid/29470/info OtomiGenX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

ElkaGroup Image Gallery Property.PHP SQL注入漏洞

ElkaGroup Image Gallery是一款基于PHP的WEB应用程序。 ElkaGroup Image Gallery不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Property.PHP'脚本对用户提交的'pid'参数缺少过滤，提交恶意SQL查询作为参数数据，可导致应用程序处理时更改原来的SQL逻辑，攻击者可以获得敏感信息或者操作数据库。 Elkagroup Image Gallery 1.0 目前没有解决方案提供： http://www.elkagroup.com/...

Techno Dreams Articles & Papers 2.0 - SQL Injection

Title : Articles&Papers Package =v2.0ArticlesTableview.asp Remote SQL Injection Vulnerability Author : ajann Script Page : http://www.t-dreams.com Exploit; http://target/path/ArticlesTableview.asp?key='SQL HERE Example:...

Alex DownloadEngine 1.4.1 - comments.php SQL Injection

Alex DownloadEngine 1.4.1 - comments.php SQL Injection source: https://www.securityfocus.com/bid/18293/info DownloadEngine is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...

CVE-2003-0174

The LDAP name service nsd in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password...

PT-2003-1416 · Sgi · Irix

Name of the Vulnerable Software and Affected Versions: IRIX versions 6.5.19 and earlier Description: The issue concerns the LDAP name service nsd not properly verifying if the USERPASSWORD attribute has been provided by an LDAP server. This could allow attackers to log in without a password...

Vulnerability in nsd LDAP Implementation on IRIX

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title : Vulnerability in nsd LDAP Implementation Number : 20030407-01-P Date : April 25, 2003 Reference: CVE CAN-2003-0174 Reference: SGI BUGS 834042 874955 Fixed in : IRIX 6.5.20 when available or patch 5063 - ----------------------- - ---...