Ldap Account Manager: Security Vulnerabilities
Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.
CVSS Score
7.2
EPSS Score
0.001
Published
2007-04-03
lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).
CVSS Score
4.3
EPSS Score
0.006
Published
2007-04-03