CVE-2004-2253 – SurgeLDAP 1.0 - 'User.cgi' Directory Traversal
https://notcve.org/view.php?id=CVE-2004-2253
Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command. • https://www.exploit-db.com/exploits/23987 http://members.lycos.co.uk/r34ct/main/SurgeLDAP%201.0g.txt http://secunia.com/advisories/11343 http://www.securityfocus.com/bid/10103 https://exchange.xforce.ibmcloud.com/vulnerabilities/15851 •
CVE-2004-2254 – SurgeLDAP 1.0 - Web Administration Authentication Bypass
https://notcve.org/view.php?id=CVE-2004-2254
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. • https://www.exploit-db.com/exploits/24094 http://netwinsite.com/surgeldap/updates.htm http://secunia.com/advisories/11549 http://securitytracker.com/alerts/2004/May/1010113.html http://securitytracker.com/id?1010068 http://www.osvdb.org/5890 http://www.securityfocus.com/bid/10294 https://exchange.xforce.ibmcloud.com/vulnerabilities/16076 •