34 matches found
EUVD-2011-4248
Malware in sbrugna...
php-saml
This is a PHP library for implementing SAML Security Assertion Markup Language authentication and authorization. It is a toolkit for adding SAML support to PHP software. The library is compatible with PHP 5.3.2 and later versions, and it uses the xmlseclibs library for XML encryption and...
SUSE CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
GHSA-J473-C3RR-RX9P OpenID4Java does not verify that Attribute Exchange (AX) information is signed
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
OpenID4Java does not verify that Attribute Exchange (AX) information is signed
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
CVE-2012-0825
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle MITM attack...
CVE-2012-0825
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle MITM attack...
Information disclosure
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle MITM attack...
CVE-2012-0825
CVE-2012-0825 affects Drupal 6.x up to 6.23 and 7.x up to 7.11, where Attribute Exchange (AX) information is not signed, enabling MITM modification of AX data. Related advisories confirm this CVE in multiple distributions (e.g., Debian DSA-2776-1; MiracleLinux AXSA-2012-98:01). Remediation in aff...
CVE-2012-0825
Removed by vendor...
CVE-2012-0825
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle MITM attack...
CVE-2012-6359
IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed i...
Design/Logic Flaw
IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed i...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
SA-CORE-2012-001 - Drupal core multiple vulnerabilities
Cross Site Request Forgery vulnerability in Aggregator module CVE: CVE-2012-0826 An XSRF vulnerability can force an aggregator feed to update. Since some services are rate-limited e.g. Twitter limits requests to 150 per hour this could lead to a denial of service. This issue affects Drupal 6.x an...
DEBIAN-CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...