Vulnerabilities > Ldap Account Manager

DATE CVE VULNERABILITY TITLE RISK
2022-06-27 CVE-2022-31084 LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g.
network
high complexity
ldap-account-manager debian
8.1
2022-06-27 CVE-2022-31085 Insufficiently Protected Credentials vulnerability in multiple products
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g.
network
low complexity
ldap-account-manager debian CWE-522
6.1
2022-06-27 CVE-2022-31086 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g.
network
low complexity
ldap-account-manager debian CWE-434
8.8
2022-06-27 CVE-2022-31087 Incorrect Authorization vulnerability in multiple products
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g.
local
low complexity
ldap-account-manager debian CWE-863
7.8
2022-06-27 CVE-2022-31088 LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g.
network
low complexity
ldap-account-manager debian
5.3
2022-04-15 CVE-2022-24851 Cross-site Scripting vulnerability in multiple products
LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory.
network
low complexity
ldap-account-manager debian CWE-79
4.8
2019-12-05 CVE-2012-1115 Cross-site Scripting vulnerability in multiple products
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
6.1
2019-12-05 CVE-2012-1114 Cross-site Scripting vulnerability in multiple products
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action.
6.1
2018-03-27 CVE-2018-8764 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.
network
low complexity
debian ldap-account-manager CWE-352
8.8
2018-03-27 CVE-2018-8763 Cross-site Scripting vulnerability in multiple products
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.
network
low complexity
debian ldap-account-manager CWE-79
6.1