Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ldap account manager vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-4976
EMC ESRS Policy Manager before 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server.
Emc Esrs Policy Manager
8.8
CVSSv3
CVE-2022-31086
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Co...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
8.8
CVSSv3
CVE-2018-8764
Roland Gruber Softwareentwicklung LDAP Account Manager prior to 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote malicious users to defeat a CSRF protection mechanism by leveraging logging.
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Ldap-account-manager Ldap Account Manager
8.1
CVSSv3
CVE-2022-31084
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. T...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
7.8
CVSSv3
CVE-2022-31087
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attack...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2019-3883
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this time...
Fedoraproject 389 Directory Server
Debian Debian Linux 8.0
Redhat Enterprise Linux 6.0
7.2
CVSSv3
CVE-2018-10871
389-ds-base prior to 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with suf...
Fedoraproject 389 Directory Server
Debian Debian Linux 8.0
7
CVSSv3
CVE-2017-2624
It was found that xorg-x11-server prior to 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is...
X.org Xorg-server
Debian Debian Linux 7.0
1 Github repository
6.5
CVSSv3
CVE-2019-14824
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated malicious user to view private attributes, such as password hashes.
Fedoraproject 389 Directory Server -
Redhat Enterprise Linux 7.0
Debian Debian Linux 8.0
6.1
CVSSv3
CVE-2022-31085
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryp...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »