ldap-account-manager
Security Productsoss-project
Top products
Latest CVEs
The 14 most recently published vulnerabilities affecting ldap-account-manager.
- CVE-2026-27895LAM has incorrect regular expression in PDF export component that allows user to upload files of any type4.3
- CVE-2026-27894LAM has Authenticated Local File Inclusion (LFI) in PDF export8.8
- CVE-2024-23333LAM vulnerable to Authenticated Remote Code Execution7.9
- CVE-2022-31085Missing Encryption of Sensitive Data in ldap-account-manager6.1
- CVE-2022-31084Unauthenticated Remote Code Execution in ldap-account-manager8.1
- CVE-2022-31086Incorrect Regular Expressions in ldap-account-manager8.8
- CVE-2022-31087Incorrect Default Permissions in ldap-account-manager7.8
- CVE-2022-31088Unauthenticated LDAP Injection in ldap-account-manager5.3
- CVE-2022-24851Stored XSS and path traversal in LDAPAccountManager/lam8.1
- CVE-2012-1115A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.6.1
- CVE-2012-1114A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.6.1
- CVE-2018-8764Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mec...8.8
- CVE-2018-8763Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/p...6.1
- CVE-2013-4453Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.4.3