Published: 03/04/2007 Updated: 29/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

lib/modules.inc in LDAP Account Manager (LAM) prior to 1.3.0 does not escape HTML special characters in LDAP data, which allows remote malicious users to have an unknown impact, probably cross-site scripting (XSS).

Vulnerable Product	Search on Vulmon	Subscribe to Product
ldap account manager ldap account manager

Two vulnerabilities have been identified in the version of ldap-account-manager shipped with Debian 31 (sarge) CVE-2006-7191 An untrusted PATH vulnerability could allow a local attacker to execute arbitrary code with elevated privileges by providing a malicious rm executable and specifying a PATH environment variable referencing this ...

NVD-CWE-Other http://lam.cvs.sourceforge.net/lam/lam/lib/modules.inc?r1=1.173&r2=1.174 http://lam.sourceforge.net/changelog/index.htm http://secunia.com/advisories/24687 http://www.us.debian.org/security/2007/dsa-1287 http://www.securityfocus.com/bid/23190 http://secunia.com/advisories/25157 http://www.vupen.com/english/advisories/2007/1149 https://exchange.xforce.ibmcloud.com/vulnerabilities/33307 https://nvd.nist.gov https://www.debian.org/security/./dsa-1287

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-1840

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect