漏洞描述
OpenLDAP 1.2.11及其之前的版本不正确安装权限为群组可写的ud二进制代码,该群组的任意用户可以利用该漏洞借助特洛伊木马移动二进制代码。
OpenLDAP 'ud'群组可写漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2017-11107: phpLDAPadmin <= 1.2.3 - Reflected XSS
- go-ldap-admin /api/log/operation/list 权限绕过漏洞(CVE-2025-13948)
- LemonLDAP::NG 操作系统命令注入漏洞
- POC teampass-ldap: Teampass LDAP Debug Config - Detect
- POC unauth-ldap-account-manager: Unauthenticated LDAP Account Manager
- POC phpldapadmin-xss: PHP LDAP Admin < 1.2.5 - Cross-Site Scripting
- POC ldap-wp-login-xss: Ldap WP Login / Active Directory Integration < 3.0.2 - Cross-Site Scripting
- POC ldap-anonymous-login-detect: LDAP Anonymous Login - Detect
- OpenLDAP back-sql LDAP Search SQL 注入漏洞
- OpenLDAP CVE-2020-36227 拒绝服务漏洞
- LDAP服务-弱口令漏洞
- LDAP未授权访问
- phpLDAPadmin-弱口令