Ldap-account-manager

Ldap Account Manager

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2022-31084

Exploit
  • EPSS 1.49%
  • Veröffentlicht 27.06.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:03:51

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject t...

6.1

CVE-2022-31085

  • EPSS 0.09%
  • Veröffentlicht 27.06.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:03:51

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL exte...

8.8

CVE-2022-31086

  • EPSS 1.33%
  • Veröffentlicht 27.06.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:03:51

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnera...

7.8

CVE-2022-31087

  • EPSS 0.19%
  • Veröffentlicht 27.06.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:03:52

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/....

5.3

CVE-2022-31088

  • EPSS 0.52%
  • Veröffentlicht 27.06.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:03:52

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LD...

4.8

CVE-2022-24851

Exploit
  • EPSS 0.94%
  • Veröffentlicht 15.04.2022 19:15:12
  • Zuletzt bearbeitet 21.11.2024 06:51:14

LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XS...

6.1

CVE-2012-1114

  • EPSS 0.84%
  • Veröffentlicht 05.12.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 01:36:27

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

6.1

CVE-2012-1115

  • EPSS 0.84%
  • Veröffentlicht 05.12.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 01:36:28

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

6.1

CVE-2018-8763

Exploit
  • EPSS 0.45%
  • Veröffentlicht 27.03.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:15

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.

8.8

CVE-2018-8764

Exploit
  • EPSS 0.36%
  • Veröffentlicht 27.03.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:16

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.