Debian Phpldapadmin vulnerabilities

CVE-2024-9102 [MEDIUM] CVE-2024-9102: phpldapadmin - phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 all... phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection. NOTE: Th

CVE-2024-9101 [LOW] CVE-2024-9101: phpldapadmin - A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of p... A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where

CVE-2020-35132 [MEDIUM] CVE-2020-35132: phpldapadmin - An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows user... An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. Scope: local bookworm: resolved (fixed in 1.2.6.3-0.3) forky: resolved (fixed in 1.2.6.3-0.3) sid: resolved (fixed in 1.2.6.3-0.3) trixie: resolved (fixed in 1.2.6.

CVE-2018-12689 [CRITICAL] CVE-2018-12689: phpldapadmin - phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a ... phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel. Scope: local bookworm: open forky: open sid: open trixie: open

CVE-2017-11107 [MEDIUM] CVE-2017-11107: phpldapadmin - phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, ele... phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. Scope: local bookworm: resolved (fixed in 1.2.2-6.2) forky: resolved (fixed in 1.2.2-6.2) sid: resolved (fixed in 1.2.2-6.2) trixie: resolved (fixed in 1.2.2-6.2)

CVE-2016-15039 [MEDIUM] CVE-2016-15039: phpldapadmin - A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to ... A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajax_functions.js. The manipulation leads to http request smuggling. The attack can be launched remotely. This product does not use versioning. This is wh

CVE-2012-1114 [MEDIUM] CVE-2012-1114: ldap-account-manager - A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) ... A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php. Scope: local bookworm: resolved (fixed in 3.6-2) bullseye: resolved (fixed in 3.6-2) forky: resolved (fixed in 3.6-2) sid: resolved (fixed in 3.6-2) trixi

CVE-2012-0834 [MEDIUM] CVE-2012-0834: phpldapadmin - Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin ... Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php. Scope: local bookworm: resolved (fixed in 1.2.2-1) forky: resolved (fixed in 1.2.2-1) sid: resolved (fixed in 1.2.2-1) trixie: resolved (fixed

CVE-2012-1115 [MEDIUM] CVE-2012-1115: ldap-account-manager - A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) ... A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. Scope: local bookworm: resolved (fixed in 3.6-2) bullseye: resolved (fixed in 3.6-2) forky: resolved (fixed in 3.6-2) sid: resolved (fixed in 3.6-2) trixie: resolved (fixed in 3.6-2)

CVE-2011-4082 [HIGH] CVE-2011-4082: phpldapadmin - A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 p... A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request. Scope: local bookworm: resolved (fixed in 0.9.8-1) forky: resolved (fixed in 0.9.8-1) sid: resolved (fixed in 0.9.8-1) trixie

CVE-2011-4075 [HIGH] CVE-2011-4075: phpldapadmin - The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allo... The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011. Scope: local bookworm: resolved (fixed in 1.2.0.5-2.1) forky: resolved (fixed in 1.2.0.5-2.1) sid: resolved

CVE-2011-4074 [MEDIUM] CVE-2011-4074: phpldapadmin - Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before... Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command. Scope: local bookworm: resolved (fixed in 1.2.0.5-2.1) forky: resolved (fixed in 1.2.0.5-2.1) sid: resolved (fixed in 1.2.0.5-2.1) trixie: resolved (fixed in 1.2.0.5-2.1)

CVE-2009-4427 [HIGH] CVE-2009-4427: phpldapadmin - Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remo... Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. Scope: local bookworm: resolved (fixed in 1.1.0.7-1.1) forky: resolved (fixed in 1.1.0.7-1.1) sid: resolved (fixed in 1.1.0.7-1.1) trixie: resolved (fixed in 1.1.0.7-1.1)

CVE-2006-2016 [LOW] CVE-2006-2016: phpldapadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and ea... Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name,

CVE-2005-2654 [HIGH] CVE-2005-2654: phpldapadmin - phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to t... phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set. Scope: local bookworm: resolved (fixed in 0.9.6c-5) forky: resolved (fixed in 0.9.6c-5) sid: resolved (fixed in 0.9.6c-5) trixie: resolved (fixed in 0.9.6c-5)

CVE-2005-2793 [HIGH] CVE-2005-2793: phpldapadmin - PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and... PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter. Scope: local bookworm: resolved (fixed in 0.9.6c-7) forky: resolved (fixed in 0.9.6c-7) sid: resolved (fixed in 0.9.6c-7) trixie: resolved (fixed in 0.9.6c-7)

CVE-2005-2792 [MEDIUM] CVE-2005-2792: phpldapadmin - Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7... Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter. Scope: local bookworm: resolved (fixed in 0.9.6c-7) forky: resolved (fixed in 0.9.6c-7) sid: resolved (fixed in 0.9.6c-7) trixie: resolved (fixed in 0.9.6c-7)