LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

PT-2024-34618 · Altai · Altai Ix500 Indoor 22 802.11Ac Wave 2 Ap

Name of the Vulnerable Software and Affected Versions: Altai X500 Indoor 22 802.11ac Wave 2 AP affected versions not specified Description: The issue concerns a weak password leakage in the web management of the Altai X500 Indoor 22 802.11ac Wave 2 AP. This weakness may lead to unauthorized acces...

bouncycastle: potential blind LDAP injection attack using a self-signed certificate

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...

bouncycastle: potential blind LDAP injection attack using a self-signed certificate

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...

bouncycastle: potential blind LDAP injection attack using a self-signed certificate

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...

bouncycastle: potential blind LDAP injection attack using a self-signed certificate

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...

bouncycastle: potential blind LDAP injection attack using a self-signed certificate

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...

bouncycastle: potential blind LDAP injection attack using a self-signed certificate

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...

bouncycastle: potential blind LDAP injection attack using a self-signed certificate

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...

GHSA-HR8G-6V94-X4M9 Bouncy Castle For Java LDAP injection vulnerability

Bouncy Castle provides the X509LDAPCertStoreSpi.java class which can be used in conjunction with the CertPath API for validating certificate paths. Pre-1.73 the implementation did not check the X.500 name of any certificate, subject, or issuer being passed in for LDAP wild cards, meaning the...

Description of the Microsoft Office for Mac 2011 14.3.2 Update

Describes the security update for Microsoft Office for Mac 2011 14.3.2, that was released on March12, 2013.IntroductionMicrosoft has released security bulletin MS13-026. This security bulletin contains all the relevant information about the security update for Microsoft Office for Mac 2011. To vi...

Design/Logic Flaw

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to...

CVE-2017-2801

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to...

CVE-2017-2801

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to...

Solaris 8 (sparc) : 116997-01

SunOS 5.8: Federated Naming Service FNS X500 patch. Date this patch was last updated by Sun : May/04/05 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'...

Solaris 8 (x86) : 116998-01

SunOS 5.8x86: Federated Naming Service FNS X500 patch. Date this patch was last updated by Sun : May/04/05 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...