CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36 matches found

NVD•added 2025/10/14 8:15 a.m.•2 views

CVE-2025-41705

An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...

6.8CVSS0.00038EPSS

Exploits0References2

Vulnrichment•added 2025/10/14 8:5 a.m.•2 views

CVE-2025-41705 Phoenix Contact: WebSocket Message Interception Leaks Webfrontend Credentials

An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...

6.8CVSS6.9AI score0.00038EPSS

Exploits0References1

Cvelist•added 2025/10/14 8:5 a.m.•7 views

CVE-2025-41705 Phoenix Contact: WebSocket Message Interception Leaks Webfrontend Credentials

An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...

6.8CVSS0.00038EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-20845

Malicious code in bioql PyPI...

7.9CVSS7.6AI score0.05756EPSS

Exploits0References2

NVD•added 2024/03/18 9:15 p.m.•13 views

CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

7.9CVSS7.8AI score0.05756EPSS

Exploits0References2

Cvelist•added 2024/03/18 9:7 p.m.•20 views

CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution

7.9CVSS7.9AI score0.05756EPSS

Exploits0References2

Vulnrichment•added 2024/03/18 9:7 p.m.•12 views

CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution

7.9CVSS6.9AI score0.05756EPSS

Exploits0References2

Debian CVE•added 2024/03/18 9:7 p.m.•20 views

CVE-2024-23333

7.9CVSS7.7AI score0.05756EPSS

Exploits0

CVE•added 2024/03/18 9:7 p.m.•70 views

CVE-2024-23333

LAM (LDAP Account Manager) contains a vulnerability where log configuration allows arbitrary log-file paths. In versions before 8.7, an attacker could cause PHP code to be written to a log file and later executed when accessed via web. Mitigation requires knowledge of LAM’s master configuration p...

7.9CVSS6.8AI score0.05756EPSS

Exploits0References2Affected Software1

Veracode•added 2022/07/06 7:52 p.m.•28 views

Remote Code Execution (RCE)

ldap-account-manager:sid is vulnerable to remote code execution. LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf...

8.8CVSS9.2AI score0.01329EPSS

Exploits0References4Affected Software1

Veracode•added 2022/07/06 7:52 p.m.•25 views

Arbitrary Code Injection

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed ...

5.3CVSS5.7AI score0.00552EPSS

Exploits0References4Affected Software1

Prion•added 2022/06/27 9:15 p.m.•15 views

Code injection

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to cod...

6.8CVSS8.2AI score0.01567EPSS

Exploits1References4Affected Software2

UbuntuCve•added 2022/06/27 9:15 p.m.•34 views

CVE-2022-31085

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...

6.1CVSS6.3AI score0.00093EPSS

Exploits0References3

UbuntuCve•added 2022/06/27 9:15 p.m.•42 views

CVE-2022-31086

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the...

8.8CVSS6.8AI score0.01329EPSS

Exploits0References3

UbuntuCve•added 2022/06/27 9:15 p.m.•38 views

CVE-2022-31088

6.5CVSS6.7AI score0.00552EPSS

Exploits0References3

UbuntuCve•added 2022/06/27 9:15 p.m.•28 views

CVE-2022-31084

9CVSS7.4AI score0.01567EPSS

Exploits1References3

Prion•added 2022/06/27 9:15 p.m.•23 views

Default configuration

6CVSS8.8AI score0.01329EPSS

Exploits0References3Affected Software2

CVE•added 2022/06/27 8:55 p.m.•85 views

CVE-2022-31085

CVE-2022-31085 affects LDAP Account Manager (LAM). In versions prior to 8.0, session files can contain LDAP usernames and passwords in clear text when the PHP OpenSSL extension is not installed or session encryption is disabled. The issue is fixed in LAM 8.0; if upgrading is not possible, enable ...

6.1CVSS6AI score0.00093EPSS

Exploits0References3Affected Software1

Debian CVE•added 2022/06/27 8:55 p.m.•37 views

CVE-2022-31084

9CVSS8.9AI score0.01567EPSS

Exploits1