MiracleLinux 7 : ipsilon-1.0.0-13.el7 (AXSA:2016-955:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-955:01 advisory. Ipsilon is a multi-protocol Identity Provider service. Its function is to bridge authentication providers and applications to achieve Single Sign On and...

EUVD-2015-5214

Malware in sbrugna...

EUVD-2015-0038

Malware in sbrugna...

EUVD-2015-0037

Malware in sbrugna...

EUVD-2022-2125

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-5216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes i...

Linux Distros Unpatched Vulnerability : CVE-2015-5217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service...

Linux Distros Unpatched Vulnerability : CVE-2015-5301

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which...

RHSA-2016:2809 Red Hat Security Advisory: ipsilon security update

Bulletin has no description...

SUSE CVE-2016-8638

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

GHSA-6875-FF47-R6P6 Ipsilon denial of service via a duplicate SP name

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider SP owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name...

Ipsilon denial of service via a duplicate SP name

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider SP owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name...

GHSA-9QP4-79Q8-58PR Ipsilon denial of service by deleting a SAML2 Service Provider (SP)

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider SP...

Ipsilon denial of service by deleting a SAML2 Service Provider (SP)

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider SP...

Session Fixation in ipsilon

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

GHSA-376M-3RM2-9JM6 Session Fixation in ipsilon

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

CVE-2015-5215

The default configuration of the Jinja templating engine used in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via template variables. NOTE: This may be a duplica...

CVE-2015-5216

The Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via an HTTP response...

Cross site scripting

The Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via an HTTP response...

Cross site scripting

DISPUTED The default configuration of the Jinja templating engine used in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via template variables. NOTE: This may be ...