Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username
WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without
A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter with
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module (lemur/auth/ldap.py) constructs LDAP search filters using unsanitized user input via Python string interpolat
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the ar
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the
A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirm_logged_in of the file student_trans.p
A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/login_query.php. Executing manipulation of t
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is direc
An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to pro
A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published arti
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed a
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The
maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search f
A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /forgot_password_process.php. The manipulatio
A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The at
A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation
Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allo
Page 1+ Next →