Vulnerabilites related to phpldapadmin_project - phpldapadmin
cve-2018-12689
Vulnerability from cvelistv5
Published
2018-06-22 20:00
Modified
2024-09-16 16:47
Severity ?
EPSS score ?
Summary
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/44926/ | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T08:45:00.678Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "44926", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44926/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-22T20:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "44926", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44926/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-12689", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "44926", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44926/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-12689", datePublished: "2018-06-22T20:00:00Z", dateReserved: "2018-06-22T00:00:00Z", dateUpdated: "2024-09-16T16:47:46.996Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2654
Vulnerability from cvelistv5
Published
2005-08-30 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2005/dsa-790 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:45:01.237Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-790", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-790", }, { name: "GLSA-200509-04", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-08-30T00:00:00", descriptions: [ { lang: "en", value: "phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2005-09-20T09:00:00", orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", shortName: "debian", }, references: [ { name: "DSA-790", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-790", }, { name: "GLSA-200509-04", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@debian.org", ID: "CVE-2005-2654", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-790", refsource: "DEBIAN", url: "http://www.debian.org/security/2005/dsa-790", }, { name: "GLSA-200509-04", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", assignerShortName: "debian", cveId: "CVE-2005-2654", datePublished: "2005-08-30T04:00:00", dateReserved: "2005-08-22T00:00:00", dateUpdated: "2024-08-07T22:45:01.237Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-11107
Vulnerability from cvelistv5
Published
2017-07-08 12:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/leenooks/phpLDAPadmin/issues/50 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/10/msg00023.html | mailing-list, x_refsource_MLIST | |
| https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:57:57.991Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/leenooks/phpLDAPadmin/issues/50", }, { name: "[debian-lts-announce] 20181031 [SECURITY] [DLA 1561-1] phpldapadmin security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00023.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-08T00:00:00", descriptions: [ { lang: "en", value: "phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-01T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/leenooks/phpLDAPadmin/issues/50", }, { name: "[debian-lts-announce] 20181031 [SECURITY] [DLA 1561-1] phpldapadmin security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00023.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-11107", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/leenooks/phpLDAPadmin/issues/50", refsource: "MISC", url: "https://github.com/leenooks/phpLDAPadmin/issues/50", }, { name: "[debian-lts-announce] 20181031 [SECURITY] [DLA 1561-1] phpldapadmin security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00023.html", }, { name: "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731", refsource: "MISC", url: "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-11107", datePublished: "2017-07-08T12:00:00", dateReserved: "2017-07-08T00:00:00", dateUpdated: "2024-08-05T17:57:57.991Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35132
Vulnerability from cvelistv5
Published
2020-12-11 04:36
Modified
2024-08-04 16:55
Severity ?
EPSS score ?
Summary
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474 | x_refsource_MISC | |
| https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2 | x_refsource_MISC | |
| https://github.com/leenooks/phpLDAPadmin/issues/130 | x_refsource_MISC | |
| https://github.com/leenooks/phpLDAPadmin/compare/1.2.5...1.2.6.2 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XA42XDSUPCOXL5ZCP5RGD3FD4JQQWNX/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6PZH3EY2T66N2MGOA7DWCAIVYIJH4BC/ | vendor-advisory, x_refsource_FEDORA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:55:10.993Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/leenooks/phpLDAPadmin/issues/130", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/leenooks/phpLDAPadmin/compare/1.2.5...1.2.6.2", }, { name: "FEDORA-2020-6cc5654c0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XA42XDSUPCOXL5ZCP5RGD3FD4JQQWNX/", }, { name: "FEDORA-2020-c6fa47ecd7", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6PZH3EY2T66N2MGOA7DWCAIVYIJH4BC/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-21T03:06:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/leenooks/phpLDAPadmin/issues/130", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/leenooks/phpLDAPadmin/compare/1.2.5...1.2.6.2", }, { name: "FEDORA-2020-6cc5654c0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XA42XDSUPCOXL5ZCP5RGD3FD4JQQWNX/", }, { name: "FEDORA-2020-c6fa47ecd7", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6PZH3EY2T66N2MGOA7DWCAIVYIJH4BC/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-35132", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474", refsource: "MISC", url: "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474", }, { name: "https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2", refsource: "MISC", url: "https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2", }, { name: "https://github.com/leenooks/phpLDAPadmin/issues/130", refsource: "MISC", url: "https://github.com/leenooks/phpLDAPadmin/issues/130", }, { name: "https://github.com/leenooks/phpLDAPadmin/compare/1.2.5...1.2.6.2", refsource: "MISC", url: "https://github.com/leenooks/phpLDAPadmin/compare/1.2.5...1.2.6.2", }, { name: "FEDORA-2020-6cc5654c0e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XA42XDSUPCOXL5ZCP5RGD3FD4JQQWNX/", }, { name: "FEDORA-2020-c6fa47ecd7", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6PZH3EY2T66N2MGOA7DWCAIVYIJH4BC/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-35132", datePublished: "2020-12-11T04:36:03", dateReserved: "2020-12-11T00:00:00", dateUpdated: "2024-08-04T16:55:10.993Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4075
Vulnerability from cvelistv5
Published
2011-11-02 17:00
Modified
2024-08-06 23:53
Severity ?
EPSS score ?
Summary
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:53:32.825Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/tracker/index.php?func=detail&aid=3417184&group_id=61828&atid=498546", }, { name: "76594", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/76594", }, { name: "50331", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/50331", }, { name: "[oss-security] 20111025 Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2011/10/25/2", }, { name: "18021", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/18021/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=lib/functions.php%3Bh=eb160dc9f7d74e563131e21d4c85d7849a0c6638%3Bhp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0%3Bhb=76e6dad13ef77c5448b8dfed1a61e4acc7241165%3Bhpb=5d4245f93ae6f065e7535f268e3cd87a23b07744", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://dev.metasploit.com/redmine/issues/5820", }, { name: "46672", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/46672", }, { name: "46551", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/46551", }, { name: "[oss-security] 20111024 CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2011/10/24/9", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page", }, { name: "DSA-2333", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2011/dsa-2333", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-10-24T00:00:00", descriptions: [ { lang: "en", value: "The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-01-27T10:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/tracker/index.php?func=detail&aid=3417184&group_id=61828&atid=498546", }, { name: "76594", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/76594", }, { name: "50331", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/50331", }, { name: "[oss-security] 20111025 Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2011/10/25/2", }, { name: "18021", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/18021/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=lib/functions.php%3Bh=eb160dc9f7d74e563131e21d4c85d7849a0c6638%3Bhp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0%3Bhb=76e6dad13ef77c5448b8dfed1a61e4acc7241165%3Bhpb=5d4245f93ae6f065e7535f268e3cd87a23b07744", }, { tags: [ "x_refsource_MISC", ], url: "http://dev.metasploit.com/redmine/issues/5820", }, { name: "46672", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/46672", }, { name: "46551", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/46551", }, { name: "[oss-security] 20111024 CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2011/10/24/9", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page", }, { name: "DSA-2333", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2011/dsa-2333", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-4075", datePublished: "2011-11-02T17:00:00", dateReserved: "2011-10-18T00:00:00", dateUpdated: "2024-08-06T23:53:32.825Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4082
Vulnerability from cvelistv5
Published
2019-11-26 04:02
Modified
2024-08-06 23:53
Severity ?
EPSS score ?
Summary
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4082 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4082 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2011-4082 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpldapadmin | phpldapadmin |
Version: before 0.9.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:53:32.751Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2011-4082", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4082", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2011-4082", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "phpldapadmin", vendor: "phpldapadmin", versions: [ { status: "affected", version: "before 0.9.8", }, ], }, ], descriptions: [ { lang: "en", value: "A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the \"Accept-Language\" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.", }, ], problemTypes: [ { descriptions: [ { description: "Other", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-26T04:02:45", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-tracker.debian.org/tracker/CVE-2011-4082", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4082", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2011-4082", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2011-4082", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "phpldapadmin", version: { version_data: [ { version_value: "before 0.9.8", }, ], }, }, ], }, vendor_name: "phpldapadmin", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the \"Accept-Language\" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Other", }, ], }, ], }, references: { reference_data: [ { name: "https://security-tracker.debian.org/tracker/CVE-2011-4082", refsource: "MISC", url: "https://security-tracker.debian.org/tracker/CVE-2011-4082", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4082", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4082", }, { name: "https://access.redhat.com/security/cve/cve-2011-4082", refsource: "MISC", url: "https://access.redhat.com/security/cve/cve-2011-4082", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-4082", datePublished: "2019-11-26T04:02:45", dateReserved: "2011-10-18T00:00:00", dateUpdated: "2024-08-06T23:53:32.751Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4074
Vulnerability from cvelistv5
Published
2011-11-02 17:00
Modified
2024-08-06 23:53
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/50331 | vdb-entry, x_refsource_BID | |
| http://openwall.com/lists/oss-security/2011/10/25/2 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/46672 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/46551 | third-party-advisory, x_refsource_SECUNIA | |
| http://openwall.com/lists/oss-security/2011/10/24/9 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/76593 | vdb-entry, x_refsource_OSVDB | |
| http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page | x_refsource_CONFIRM | |
| http://www.debian.org/security/2011/dsa-2333 | vendor-advisory, x_refsource_DEBIAN | |
| http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=htdocs/cmd.php%3Bh=0ddf0044355abc94160be73122eb34f3e48ab2d9%3Bhp=34f3848fe4a6d4c00c7c568afa81f59579f5d724%3Bhb=64668e882b8866fae0fa1b25375d1a2f3b4672e2%3Bhpb=caeba72171ade4f588fef1818aa4f6243a68b85e | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:53:32.686Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "50331", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/50331", }, { name: "[oss-security] 20111025 Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2011/10/25/2", }, { name: "46672", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/46672", }, { name: "46551", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/46551", }, { name: "[oss-security] 20111024 CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2011/10/24/9", }, { name: "76593", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/76593", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page", }, { name: "DSA-2333", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2011/dsa-2333", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=htdocs/cmd.php%3Bh=0ddf0044355abc94160be73122eb34f3e48ab2d9%3Bhp=34f3848fe4a6d4c00c7c568afa81f59579f5d724%3Bhb=64668e882b8866fae0fa1b25375d1a2f3b4672e2%3Bhpb=caeba72171ade4f588fef1818aa4f6243a68b85e", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-10-24T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-01-27T10:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "50331", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/50331", }, { name: "[oss-security] 20111025 Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2011/10/25/2", }, { name: "46672", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/46672", }, { name: "46551", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/46551", }, { name: "[oss-security] 20111024 CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2011/10/24/9", }, { name: "76593", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/76593", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page", }, { name: "DSA-2333", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2011/dsa-2333", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=htdocs/cmd.php%3Bh=0ddf0044355abc94160be73122eb34f3e48ab2d9%3Bhp=34f3848fe4a6d4c00c7c568afa81f59579f5d724%3Bhb=64668e882b8866fae0fa1b25375d1a2f3b4672e2%3Bhpb=caeba72171ade4f588fef1818aa4f6243a68b85e", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-4074", datePublished: "2011-11-02T17:00:00", dateReserved: "2011-10-18T00:00:00", dateUpdated: "2024-08-06T23:53:32.686Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2793
Vulnerability from cvelistv5
Published
2005-09-02 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/16617/ | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22103 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=112542447219235&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/14695 | vdb-entry, x_refsource_BID | |
| http://www.rgod.altervista.org/phpldap.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:45:02.266Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "16617", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16617/", }, { name: "phpldapadmin-welcome-file-include(22103)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103", }, { name: "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=112542447219235&w=2", }, { name: "14695", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14695", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.rgod.altervista.org/phpldap.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-08-29T00:00:00", descriptions: [ { lang: "en", value: "PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "16617", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16617/", }, { name: "phpldapadmin-welcome-file-include(22103)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103", }, { name: "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=112542447219235&w=2", }, { name: "14695", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14695", }, { tags: [ "x_refsource_MISC", ], url: "http://www.rgod.altervista.org/phpldap.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-2793", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "16617", refsource: "SECUNIA", url: "http://secunia.com/advisories/16617/", }, { name: "phpldapadmin-welcome-file-include(22103)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103", }, { name: "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=112542447219235&w=2", }, { name: "14695", refsource: "BID", url: "http://www.securityfocus.com/bid/14695", }, { name: "http://www.rgod.altervista.org/phpldap.html", refsource: "MISC", url: "http://www.rgod.altervista.org/phpldap.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-2793", datePublished: "2005-09-02T04:00:00", dateReserved: "2005-09-02T00:00:00", dateUpdated: "2024-08-07T22:45:02.266Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2792
Vulnerability from cvelistv5
Published
2005-09-02 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/16617/ | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22103 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=112542447219235&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/14695 | vdb-entry, x_refsource_BID | |
| http://www.rgod.altervista.org/phpldap.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:45:02.255Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "16617", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16617/", }, { name: "phpldapadmin-welcome-file-include(22103)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103", }, { name: "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=112542447219235&w=2", }, { name: "14695", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14695", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.rgod.altervista.org/phpldap.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-08-29T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "16617", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16617/", }, { name: "phpldapadmin-welcome-file-include(22103)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103", }, { name: "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=112542447219235&w=2", }, { name: "14695", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14695", }, { tags: [ "x_refsource_MISC", ], url: "http://www.rgod.altervista.org/phpldap.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-2792", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "16617", refsource: "SECUNIA", url: "http://secunia.com/advisories/16617/", }, { name: "phpldapadmin-welcome-file-include(22103)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103", }, { name: "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=112542447219235&w=2", }, { name: "14695", refsource: "BID", url: "http://www.securityfocus.com/bid/14695", }, { name: "http://www.rgod.altervista.org/phpldap.html", refsource: "MISC", url: "http://www.rgod.altervista.org/phpldap.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-2792", datePublished: "2005-09-02T04:00:00", dateReserved: "2005-09-02T00:00:00", dateUpdated: "2024-08-07T22:45:02.255Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-0834
Vulnerability from cvelistv5
Published
2012-02-11 02:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=commit%3Bh=7dc8d57d6952fe681cb9e8818df7f103220457bd | x_refsource_CONFIRM | |
| http://secunia.com/advisories/47852 | third-party-advisory, x_refsource_SECUNIA | |
| https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2012/02/03/3 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2012/02/02/9 | mailing-list, x_refsource_MLIST | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:020 | vendor-advisory, x_refsource_MANDRIVA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:38:14.804Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=commit%3Bh=7dc8d57d6952fe681cb9e8818df7f103220457bd", }, { name: "47852", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/47852", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546", }, { name: "[oss-security] 20120203 Re: CVE request: phpldapadmin \"base\" Cross-Site Scripting Vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2012/02/03/3", }, { name: "[oss-security] 20120202 CVE request: phpldapadmin \"base\" Cross-Site Scripting Vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2012/02/02/9", }, { name: "MDVSA-2012:020", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:020", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-02-02T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-02-22T10:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=commit%3Bh=7dc8d57d6952fe681cb9e8818df7f103220457bd", }, { name: "47852", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/47852", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546", }, { name: "[oss-security] 20120203 Re: CVE request: phpldapadmin \"base\" Cross-Site Scripting Vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2012/02/03/3", }, { name: "[oss-security] 20120202 CVE request: phpldapadmin \"base\" Cross-Site Scripting Vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2012/02/02/9", }, { name: "MDVSA-2012:020", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:020", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-0834", datePublished: "2012-02-11T02:00:00", dateReserved: "2012-01-19T00:00:00", dateUpdated: "2024-08-06T18:38:14.804Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-2016
Vulnerability from cvelistv5
Published
2006-04-25 10:00
Modified
2024-08-07 17:35
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/17643 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25959 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/19747 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/20124 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/1450 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/24790 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25958 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/24793 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/24792 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/24789 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/24788 | vdb-entry, x_refsource_OSVDB | |
| http://pridels0.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html | x_refsource_MISC | |
| http://www.osvdb.org/24794 | vdb-entry, x_refsource_OSVDB | |
| http://www.debian.org/security/2006/dsa-1057 | vendor-advisory, x_refsource_DEBIAN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T17:35:31.360Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "17643", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/17643", }, { name: "phpldapadmin-templateengine-xss(25959)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25959", }, { name: "19747", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19747", }, { name: "20124", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/20124", }, { name: "ADV-2006-1450", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/1450", }, { name: "24790", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/24790", }, { name: "phpldapadmin-scope-dn-xss(25958)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25958", }, { name: "24793", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/24793", }, { name: "24792", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/24792", }, { name: "24789", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/24789", }, { name: "24788", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/24788", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://pridels0.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html", }, { name: "24794", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/24794", }, { name: "DSA-1057", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1057", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-04-21T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-19T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "17643", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/17643", }, { name: "phpldapadmin-templateengine-xss(25959)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25959", }, { name: "19747", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19747", }, { name: "20124", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/20124", }, { name: "ADV-2006-1450", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/1450", }, { name: "24790", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/24790", }, { name: "phpldapadmin-scope-dn-xss(25958)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25958", }, { name: "24793", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/24793", }, { name: "24792", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/24792", }, { name: "24789", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/24789", }, { name: "24788", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/24788", }, { tags: [ "x_refsource_MISC", ], url: "http://pridels0.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html", }, { name: "24794", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/24794", }, { name: "DSA-1057", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1057", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-2016", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "17643", refsource: "BID", url: "http://www.securityfocus.com/bid/17643", }, { name: "phpldapadmin-templateengine-xss(25959)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25959", }, { name: "19747", refsource: "SECUNIA", url: "http://secunia.com/advisories/19747", }, { name: "20124", refsource: "SECUNIA", url: "http://secunia.com/advisories/20124", }, { name: "ADV-2006-1450", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/1450", }, { name: "24790", refsource: "OSVDB", url: "http://www.osvdb.org/24790", }, { name: "phpldapadmin-scope-dn-xss(25958)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25958", }, { name: "24793", refsource: "OSVDB", url: "http://www.osvdb.org/24793", }, { name: "24792", refsource: "OSVDB", url: "http://www.osvdb.org/24792", }, { name: "24789", refsource: "OSVDB", url: "http://www.osvdb.org/24789", }, { name: "24788", refsource: "OSVDB", url: "http://www.osvdb.org/24788", }, { name: "http://pridels0.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html", refsource: "MISC", url: "http://pridels0.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html", }, { name: "24794", refsource: "OSVDB", url: "http://www.osvdb.org/24794", }, { name: "DSA-1057", refsource: "DEBIAN", url: "http://www.debian.org/security/2006/dsa-1057", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-2016", datePublished: "2006-04-25T10:00:00", dateReserved: "2006-04-25T00:00:00", dateUpdated: "2024-08-07T17:35:31.360Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-4427
Vulnerability from cvelistv5
Published
2009-12-28 18:27
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:023 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.osvdb.org/61139 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/37848 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/10410 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/37327 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T07:01:20.727Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDVSA-2010:023", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:023", }, { name: "61139", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/61139", }, { name: "37848", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37848", }, { name: "10410", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/10410", }, { name: "37327", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/37327", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-12-10T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-03-26T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "MDVSA-2010:023", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:023", }, { name: "61139", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/61139", }, { name: "37848", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37848", }, { name: "10410", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/10410", }, { name: "37327", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/37327", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-4427", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MDVSA-2010:023", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:023", }, { name: "61139", refsource: "OSVDB", url: "http://www.osvdb.org/61139", }, { name: "37848", refsource: "SECUNIA", url: "http://secunia.com/advisories/37848", }, { name: "10410", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/10410", }, { name: "37327", refsource: "BID", url: "http://www.securityfocus.com/bid/37327", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-4427", datePublished: "2009-12-28T18:27:00", dateReserved: "2009-12-28T00:00:00", dateUpdated: "2024-08-07T07:01:20.727Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2006-04-25 12:50
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpldapadmin_project | phpldapadmin | * | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:*:*:*:*:*:*:*:*", matchCriteriaId: "6538805C-3311-4077-8D90-DAAB07F7CEB8", versionEndIncluding: "0.9.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", matchCriteriaId: "2CAE037F-111C-4A76-8FFE-716B74D65EF3", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", matchCriteriaId: "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.", }, ], id: "CVE-2006-2016", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2006-04-25T12:50:00.000", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://pridels0.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://secunia.com/advisories/19747", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/20124", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2006/dsa-1057", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/24788", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/24789", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/24790", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/24792", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/24793", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/24794", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/17643", }, { source: "cve@mitre.org", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2006/1450", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25958", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25959", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://pridels0.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://secunia.com/advisories/19747", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/20124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2006/dsa-1057", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/24788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/24789", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/24790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/24792", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/24793", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/24794", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/17643", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2006/1450", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25958", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25959", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-11-02 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpldapadmin_project | phpldapadmin | 1.2.0 | |
| phpldapadmin_project | phpldapadmin | 1.2.0.1 | |
| phpldapadmin_project | phpldapadmin | 1.2.0.2 | |
| phpldapadmin_project | phpldapadmin | 1.2.0.3 | |
| phpldapadmin_project | phpldapadmin | 1.2.0.4 | |
| phpldapadmin_project | phpldapadmin | 1.2.0.5 | |
| phpldapadmin_project | phpldapadmin | 1.2.1 | |
| phpldapadmin_project | phpldapadmin | 1.2.1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "20FBCE2F-ACBA-4DA1-AE55-B287E3B8597A", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "629C1EBF-667C-4C35-9E82-5009A4242B1B", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "879C3DF2-7CBE-40D0-84A3-BACCF0E50A50", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6848A21C-BFEE-4300-AB69-BF343EDB340B", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "7F3F4309-CC01-4F52-9CBE-94BE4B055C67", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "AC0434DC-A552-4512-A5CD-428AF21DC9BB", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BD2AE159-BCC4-4FAD-816F-A53392EADF9A", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5F171FF-FD24-4C88-BAC0-B178513646AA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en cmd.php en phpLDAPadmin v1.2.x anterior a v1.2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un comando _debug.", }, ], id: "CVE-2011-4074", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2011-11-02T17:55:01.277", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "http://openwall.com/lists/oss-security/2011/10/24/9", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "http://openwall.com/lists/oss-security/2011/10/25/2", }, { source: "secalert@redhat.com", url: "http://osvdb.org/76593", }, { source: "secalert@redhat.com", url: "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=htdocs/cmd.php%3Bh=0ddf0044355abc94160be73122eb34f3e48ab2d9%3Bhp=34f3848fe4a6d4c00c7c568afa81f59579f5d724%3Bhb=64668e882b8866fae0fa1b25375d1a2f3b4672e2%3Bhpb=caeba72171ade4f588fef1818aa4f6243a68b85e", }, { source: "secalert@redhat.com", url: "http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46551", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/46672", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2011/dsa-2333", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/50331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://openwall.com/lists/oss-security/2011/10/24/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://openwall.com/lists/oss-security/2011/10/25/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/76593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=htdocs/cmd.php%3Bh=0ddf0044355abc94160be73122eb34f3e48ab2d9%3Bhp=34f3848fe4a6d4c00c7c568afa81f59579f5d724%3Bhb=64668e882b8866fae0fa1b25375d1a2f3b4672e2%3Bhpb=caeba72171ade4f588fef1818aa4f6243a68b85e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46551", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/46672", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2011/dsa-2333", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/50331", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-11 05:15
Modified
2024-11-21 05:26
Severity ?
Summary
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpldapadmin_project | phpldapadmin | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:*:*:*:*:*:*:*:*", matchCriteriaId: "CF8E90AC-508B-464A-8DBD-15B5653267FB", versionEndExcluding: "1.2.6.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.", }, { lang: "es", value: "Se detectó un problema de tipo XSS en phpLDAPadmin versiones anteriores a 1.2.6.2, que permite a usuarios almacenar valores maliciosos que pueden ser ejecutados por otros usuarios en un momento posterior por medio de la función get_request en la biblioteca lib/function.php", }, ], id: "CVE-2020-35132", lastModified: "2024-11-21T05:26:49.787", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-11T05:15:12.950", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/leenooks/phpLDAPadmin/compare/1.2.5...1.2.6.2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/leenooks/phpLDAPadmin/issues/130", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XA42XDSUPCOXL5ZCP5RGD3FD4JQQWNX/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6PZH3EY2T66N2MGOA7DWCAIVYIJH4BC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/leenooks/phpLDAPadmin/compare/1.2.5...1.2.6.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/leenooks/phpLDAPadmin/issues/130", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XA42XDSUPCOXL5ZCP5RGD3FD4JQQWNX/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6PZH3EY2T66N2MGOA7DWCAIVYIJH4BC/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-11-02 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpldapadmin_project | phpldapadmin | 1.2.0 | |
| phpldapadmin_project | phpldapadmin | 1.2.0.1 | |
| phpldapadmin_project | phpldapadmin | 1.2.0.2 | |
| phpldapadmin_project | phpldapadmin | 1.2.0.3 | |
| phpldapadmin_project | phpldapadmin | 1.2.0.4 | |
| phpldapadmin_project | phpldapadmin | 1.2.0.5 | |
| phpldapadmin_project | phpldapadmin | 1.2.1 | |
| phpldapadmin_project | phpldapadmin | 1.2.1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "20FBCE2F-ACBA-4DA1-AE55-B287E3B8597A", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "629C1EBF-667C-4C35-9E82-5009A4242B1B", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "879C3DF2-7CBE-40D0-84A3-BACCF0E50A50", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6848A21C-BFEE-4300-AB69-BF343EDB340B", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "7F3F4309-CC01-4F52-9CBE-94BE4B055C67", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "AC0434DC-A552-4512-A5CD-428AF21DC9BB", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BD2AE159-BCC4-4FAD-816F-A53392EADF9A", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5F171FF-FD24-4C88-BAC0-B178513646AA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.", }, { lang: "es", value: "La función masort en lib/functions.php en phpLDAPadmin v1.2.x antes de v1.2.2 permite a atacantes remotos ejecutar código PHP de su elección a través del parámetro orderby (también conocido como la variable SortBy) en una acción query_engine a cmd.php, tal y como fue \"explotado\" en Octubre de 2011.", }, ], id: "CVE-2011-4075", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-11-02T17:55:01.387", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://dev.metasploit.com/redmine/issues/5820", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "http://openwall.com/lists/oss-security/2011/10/24/9", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "http://openwall.com/lists/oss-security/2011/10/25/2", }, { source: "secalert@redhat.com", url: "http://osvdb.org/76594", }, { source: "secalert@redhat.com", url: "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=lib/functions.php%3Bh=eb160dc9f7d74e563131e21d4c85d7849a0c6638%3Bhp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0%3Bhb=76e6dad13ef77c5448b8dfed1a61e4acc7241165%3Bhpb=5d4245f93ae6f065e7535f268e3cd87a23b07744", }, { source: "secalert@redhat.com", url: "http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46551", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/46672", }, { source: "secalert@redhat.com", url: "http://sourceforge.net/tracker/index.php?func=detail&aid=3417184&group_id=61828&atid=498546", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2011/dsa-2333", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/18021/", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/50331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://dev.metasploit.com/redmine/issues/5820", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://openwall.com/lists/oss-security/2011/10/24/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://openwall.com/lists/oss-security/2011/10/25/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/76594", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=lib/functions.php%3Bh=eb160dc9f7d74e563131e21d4c85d7849a0c6638%3Bhp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0%3Bhb=76e6dad13ef77c5448b8dfed1a61e4acc7241165%3Bhpb=5d4245f93ae6f065e7535f268e3cd87a23b07744", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46551", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/46672", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sourceforge.net/tracker/index.php?func=detail&aid=3417184&group_id=61828&atid=498546", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2011/dsa-2333", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.exploit-db.com/exploits/18021/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/50331", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-02-11 02:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpldapadmin_project | phpldapadmin | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:*:*:*:*:*:*:*:*", matchCriteriaId: "69A20A34-D62D-48C0-891D-638E1D5EA38B", versionEndIncluding: "1.2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en lib/QueryRender.php en phpLDAPadmin v1.2.2\r\npermite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro base en una acción query_engin sobre cmd.php", }, ], id: "CVE-2012-0834", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-02-11T02:55:01.033", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2012/02/02/9", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2012/02/03/3", }, { source: "secalert@redhat.com", url: "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=commit%3Bh=7dc8d57d6952fe681cb9e8818df7f103220457bd", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/47852", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:020", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2012/02/02/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2012/02/03/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=commit%3Bh=7dc8d57d6952fe681cb9e8818df7f103220457bd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/47852", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-08 12:29
Modified
2025-04-20 01:37
Severity ?
Summary
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/leenooks/phpLDAPadmin/issues/50 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/10/msg00023.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/leenooks/phpLDAPadmin/issues/50 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/10/msg00023.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpldapadmin_project | phpldapadmin | * | |
| debian | debian_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:*:*:*:*:*:*:*:*", matchCriteriaId: "B754CCF0-CBD1-45E5-93BC-AEA72E5B78C9", versionEndIncluding: "1.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.", }, { lang: "es", value: "phpLDAPadmin hasta versión 1.2.3 presenta una vulnerabilidad de tipo cross-site scripting XSS en el archivo htdocs/entry_chooser.php por medio de los parámetros form, element, rdn o container.", }, ], id: "CVE-2017-11107", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-08T12:29:00.177", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/leenooks/phpLDAPadmin/issues/50", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/leenooks/phpLDAPadmin/issues/50", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00023.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-12-28 19:00
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/37848 | Third Party Advisory | |
| cve@mitre.org | http://www.exploit-db.com/exploits/10410 | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:023 | Third Party Advisory | |
| cve@mitre.org | http://www.osvdb.org/61139 | Broken Link, Exploit | |
| cve@mitre.org | http://www.securityfocus.com/bid/37327 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37848 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.exploit-db.com/exploits/10410 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:023 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/61139 | Broken Link, Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37327 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpldapadmin_project | phpldapadmin | 1.1.0.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "02F4D952-EACF-43E8-A9B1-8F94F6E118CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en cmd.php en phpLDAPadmin v1.1.0.5 permite a atacantes remotos incluir y ejecutar ficheros de su elección mediante los caracteres .. (punto punto) en el parámetro \"cmd\".", }, ], id: "CVE-2009-4427", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-12-28T19:00:00.687", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/37848", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/10410", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:023", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/61139", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/37327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/37848", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/10410", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", ], url: "http://www.osvdb.org/61139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/37327", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-09-02 23:03
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=112542447219235&w=2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/16617/ | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.rgod.altervista.org/phpldap.html | Broken Link | |
| cve@mitre.org | http://www.securityfocus.com/bid/14695 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/22103 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=112542447219235&w=2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16617/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.rgod.altervista.org/phpldap.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14695 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/22103 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpldapadmin_project | phpldapadmin | 0.9.6 | |
| phpldapadmin_project | phpldapadmin | 0.9.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "88760DAB-D59C-4633-8D8B-920834D3745C", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "21D801F8-03E6-4D44-B885-3088656F00DB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.", }, ], id: "CVE-2005-2792", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-09-02T23:03:00.000", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=112542447219235&w=2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://secunia.com/advisories/16617/", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.rgod.altervista.org/phpldap.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/14695", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=112542447219235&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://secunia.com/advisories/16617/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.rgod.altervista.org/phpldap.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/14695", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-22 20:29
Modified
2024-11-21 03:45
Severity ?
Summary
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.exploit-db.com/exploits/44926/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44926/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpldapadmin_project | phpldapadmin | 1.2.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "37596FC0-0413-4CE7-ADE6-AC0F5F2D63AF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.", }, { lang: "es", value: "phpLDAPadmin 1.2.2 permite la inyección LDAP mediante un parámetro server_id en una petición cmd.php?cmd=login_form o un nombre de usuario y contraseña manipulados en el panel de inicio de sesión.", }, ], id: "CVE-2018-12689", lastModified: "2024-11-21T03:45:40.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-22T20:29:00.227", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44926/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44926/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-08-30 17:03
Modified
2025-04-03 01:03
Severity ?
Summary
phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@debian.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423 | Third Party Advisory | |
| security@debian.org | http://www.debian.org/security/2005/dsa-790 | Patch, Third Party Advisory | |
| security@debian.org | http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-790 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpldapadmin_project | phpldapadmin | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:*:*:*:*:*:*:*:*", matchCriteriaId: "BA4FF6B9-F198-4CA9-90AD-41F364DBE14E", versionEndExcluding: "0.9.6c", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.", }, ], id: "CVE-2005-2654", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-08-30T17:03:00.000", references: [ { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423", }, { source: "security@debian.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.debian.org/security/2005/dsa-790", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.debian.org/security/2005/dsa-790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200509-04.xml", }, ], sourceIdentifier: "security@debian.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 05:15
Modified
2024-11-21 01:31
Severity ?
Summary
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2011-4082 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4082 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2011-4082 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2011-4082 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4082 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2011-4082 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpldapadmin_project | phpldapadmin | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:*:*:*:*:*:*:*:*", matchCriteriaId: "83FD530D-724C-434C-A53E-595B82CBC5BB", versionEndExcluding: "0.9.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the \"Accept-Language\" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.", }, { lang: "es", value: "Se encontró un fallo de inclusión de archivo local en la manera en que phpLDAPadmin versiones anteriores a 0.9.8 procesó determinados valores del encabezado HTTP \"Accept-Language\". Un atacante remoto podría usar este fallo para causar una denegación de servicio por medio de una petición especialmente diseñada.", }, ], id: "CVE-2011-4082", lastModified: "2024-11-21T01:31:48.730", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T05:15:11.880", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2011-4082", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4082", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "https://security-tracker.debian.org/tracker/CVE-2011-4082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2011-4082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://security-tracker.debian.org/tracker/CVE-2011-4082", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-09-02 23:03
Modified
2025-04-03 01:03
Severity ?
Summary
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpldapadmin_project | phpldapadmin | 0.9.6 | |
| phpldapadmin_project | phpldapadmin | 0.9.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.6:*:*:*:*:*:*:*", matchCriteriaId: "88760DAB-D59C-4633-8D8B-920834D3745C", vulnerable: true, }, { criteria: "cpe:2.3:a:phpldapadmin_project:phpldapadmin:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "21D801F8-03E6-4D44-B885-3088656F00DB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.", }, ], id: "CVE-2005-2793", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-09-02T23:03:00.000", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=112542447219235&w=2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://secunia.com/advisories/16617/", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.rgod.altervista.org/phpldap.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/14695", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=112542447219235&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://secunia.com/advisories/16617/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.rgod.altervista.org/phpldap.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/14695", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }