Vulnerabilities > Phpldapadmin Project

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-11	CVE-2020-35132	Cross-site Scripting vulnerability in multiple products An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. network low complexity phpldapadmin-project fedoraproject CWE-79	5.4
2019-11-26	CVE-2011-4082	Resource Exhaustion vulnerability in multiple products A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. network low complexity phpldapadmin-project debian CWE-400	5.0
2018-06-22	CVE-2018-12689	Unspecified vulnerability in PHPldapadmin Project PHPldapadmin 1.2.2 phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel. network low complexity phpldapadmin-project	7.5
2017-07-08	CVE-2017-11107	Cross-site Scripting vulnerability in multiple products phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. network phpldapadmin-project debian CWE-79	4.3
2009-12-28	CVE-2009-4427	Path Traversal vulnerability in PHPldapadmin Project PHPldapadmin 1.1.0.5 Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. network low complexity phpldapadmin-project CWE-22	7.5
2006-04-25	CVE-2006-2016	Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php. network high complexity phpldapadmin-project debian CWE-79	2.6
2005-09-02	CVE-2005-2793	Command Injection vulnerability in PHPldapadmin Project PHPldapadmin 0.9.6/0.9.7 PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter. network low complexity phpldapadmin-project CWE-77	7.5
2005-09-02	CVE-2005-2792	Path Traversal vulnerability in PHPldapadmin Project PHPldapadmin 0.9.6/0.9.7 Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. network low complexity phpldapadmin-project CWE-22	5.0
2005-08-30	CVE-2005-2654	Unspecified vulnerability in PHPldapadmin Project PHPldapadmin phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set. network low complexity phpldapadmin-project	7.5

Vulnerabilities > Phpldapadmin Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Phpldapadmin Project"}]}

Vulnerabilities > Phpldapadmin Project