Description
The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Post to PDF Cross-Site Scripting (2.3.1)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-20330)
PHP NULL Pointer Dereference Vulnerability (CVE-2017-9229)
Drupal Core 7.x Cross-Site Scripting (7.0 - 7.72)
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Multiple Vulnerabilities (6.9.9)