Showing 1 - 1 of 1

CVE-2023-29050

Status Candidate

Overview

The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known.

Related Files

OX App Suite 7.10.6 XSS / Command Execution / LDAP Injection: Posted Jan 9, 2024; Authored by Martin Heiland; OX App Suite version 7.10.6-rev50 suffers from remote code execution and LDAP injection vulnerabilities. Version 7.10.6-rev33 suffers from a cross site scripting vulnerability.; tags | advisory, remote, vulnerability, code execution, xss; advisories | CVE-2023-29048, CVE-2023-29049, CVE-2023-29050; SHA-256 | 592f2b04fcdcc6f8a886a43ccea679f6723dca85956b3e11029cce5b8e4022ec; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 246 files
indoushka 169 files
Jay Turla 150 files
Ubuntu 73 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,120)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,166)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,794)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,837)
UNIX (9,454)
UnixWare (188)
Windows (6,768)
Other

CVE-2023-29050

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems