Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ldap account manager ldap account manager vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-4453
Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote malicious users to inject arbitrary web script or HTML via the language parameter.
Ldap-account-manager Ldap Account Manager 4.2.1
Ldap-account-manager Ldap Account Manager 4.3
4.3
CVSSv2
CVE-2007-1840
lib/modules.inc in LDAP Account Manager (LAM) prior to 1.3.0 does not escape HTML special characters in LDAP data, which allows remote malicious users to have an unknown impact, probably cross-site scripting (XSS).
Ldap Account Manager Ldap Account Manager
7.2
CVSSv2
CVE-2006-7191
Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) prior to 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.
Ldap Account Manager Ldap Account Manager
6.8
CVSSv2
CVE-2022-31084
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. T...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
6
CVSSv2
CVE-2022-31086
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Co...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
7.2
CVSSv2
CVE-2022-31087
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attack...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
4.3
CVSSv2
CVE-2022-31085
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryp...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
5
CVSSv2
CVE-2022-31088
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This is...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
3.5
CVSSv2
CVE-2022-24851
LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated us...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
6.8
CVSSv2
CVE-2018-8764
Roland Gruber Softwareentwicklung LDAP Account Manager prior to 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote malicious users to defeat a CSRF protection mechanism by leveraging logging.
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Ldap-account-manager Ldap Account Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »