EUVD-2015-0037

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2015-5217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service...

Cross site scripting

DISPUTED The default configuration of the Jinja templating engine used in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via template variables. NOTE: This may be ...

CVE-2015-5216

The Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via an HTTP response...

Ipsilon IdP Server Denial of Service Vulnerability

Ipsilon is a server and toolkit for configuring Apache-based service providers. In Ipsilon versions 0.1.0-1.0.2, 1.1.x-1.1.1, the IdP server's providers/saml2/admin.py fails to properly check permissions, which can be exploited by a remote attacker to cause a denial of service by removing the SAM...

PYSEC-2015-42

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider SP...