[] NeoSense
E X P L O I T S
title author type platform port cve id

SurgeLDAP 1.0 - Web Administration Authentication Bypass

Author: GSS IT
type: webapps
platform: cgi
port: 
date_added: 2004-05-05 
date_updated: 2013-01-14 
verified: 1 
codes: CVE-2004-2254;OSVDB-5890 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/10294/info

SurgeLDAP is an LDAP server implementation for Microsoft Windows and various Unix operating systems. It includes a built-in web server to permit remote user access via HTTP.

It has been reported that the SurgeLDAP web administration application is prone to an authentication bypass vulnerability, possibly allowing remote attackers manager access.

Once administration access is granted, it may be possible for an attacker to modify records in the LDAP database, destroy data, crash the server, or possibly further attacks on other services utilizing SurgeLDAP for it's authentication data.

http://www.example.com/admin.cgi?cmd=show&page=main.tpl&utoken=manager
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.