2 results (0.001 seconds)
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 4CVSS: 9.8EPSS: 13%CPEs: 6EXPL: 6
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 4CVE-2004-2253 – SurgeLDAP 1.0 - 'User.cgi' Directory Traversal
https://notcve.org/view.php?id=CVE-2004-2253
31 Dec 2004 — Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command. • https://www.exploit-db.com/exploits/23987 •
CVSS: 9.8EPSS: 13%CPEs: 6EXPL: 6CVE-2004-2254 – SurgeLDAP 1.0 - Web Administration Authentication Bypass
https://notcve.org/view.php?id=CVE-2004-2254
31 Dec 2004 — SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. • https://www.exploit-db.com/exploits/24094 •