1049 matches found
OpenStack Keystone Default Credentials
It is possible to log into the remote OpenStack Keystone instance by providing default credentials. Knowing these, an attacker can gain administrative control of the affected application and would then be able to read and write to Keystone, which is used as an identity provider by other services...
SimpleSAMLphp Detection
The remote web server hosts SimpleSAMLphp, an implementation of SAML Security Assertion Markup Language for written in PHP. It acts as both a Service Provider, authenticating users to PHP applications, as well as an Identity Provider, storing information about them. C Tenable Network Security, In...
CVE-2009-3300
Multiple cross-site scripting XSS vulnerabilities in the Identity Provider IdP 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Identity Provider IdP 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via...
CVE-2009-3300
Multiple cross-site scripting XSS vulnerabilities in the Identity Provider IdP 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via...
DEBIAN-CVE-2009-3300
Multiple cross-site scripting XSS vulnerabilities in the Identity Provider IdP 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via...
CVE-2009-3300
Multiple cross-site scripting XSS vulnerabilities in the Identity Provider IdP 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via...
CVE-2009-3300
Multiple cross-site scripting XSS vulnerabilities in the Identity Provider IdP 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via...
DUO-PSA-2019-002: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2019-002 CVE: CVE-2019-3465 Publication Date: 2019-11-12 Revision Date: 2019-11-12 Status: Confirmed, Fixed Document Revision: 1 Overview A third-party software library, which the Duo Access Gateway DAG uses to enable SAML as a first-factor...