Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amazon search directory vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2005-4044
Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Search Directory 1.0.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, possibly the search parameter.
Mr. Cgi Guy Amazon Search Directory
4
CVSSv2
CVE-2013-4485
389 Directory Server 1.2.11.15 (aka Red Hat Directory Server prior to 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.
Redhat Enterprise Linux 6.0
Fedoraproject 389 Directory Server 1.2.11.15
Redhat Directory Server
Redhat Directory Server 8.1
Redhat Directory Server 8.0
Redhat Directory Server 7.1
4.4
CVSSv2
CVE-2017-6189
Untrusted search path vulnerability in Amazon Kindle for PC prior to 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer.
Amazon Kindle For Pc
6.9
CVSSv2
CVE-2010-5268
Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 30884 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .azw file. NOTE: some of these details are obtained ...
Amazon Kindle For Pc 1.3.0.30884
4
CVSSv2
CVE-2018-10935
A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.
Redhat 389 Directory Server
2.1
CVSSv2
CVE-2019-10224
A flaw has been found in 389-ds-base versions 1.4.x.x prior to 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard e...
Fedoraproject 389 Directory Server
4
CVSSv2
CVE-2018-10871
389-ds-base prior to 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with suf...
Fedoraproject 389 Directory Server
Debian Debian Linux 8.0
3.5
CVSSv2
CVE-2019-14824
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated malicious user to view private attributes, such as password hashes.
Fedoraproject 389 Directory Server -
Redhat Enterprise Linux 7.0
Debian Debian Linux 8.0
5
CVSSv2
CVE-2019-3883
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this time...
Fedoraproject 389 Directory Server
Debian Debian Linux 8.0
Redhat Enterprise Linux 6.0
4
CVSSv2
CVE-2022-0996
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
Redhat 389 Directory Server 1.4.0.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Redhat Enterprise Linux 8.0
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »