Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

576 matches found

Debian
Debianadded 2019/11/06 1:53 p.m.53 views

[SECURITY] [DLA 1983-1] simplesamlphp security update

Package : simplesamlphp Version : 1.13.1-2+deb8u3 CVE ID : CVE-2019-3465 Debian Bug : 944107 It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. For Debian 8 "Jessie", this problem has been...

8.8CVSS8.7AI score0.01873EPSS
Exploits0
Debian
Debianadded 2019/11/06 1:42 p.m.43 views

[SECURITY] [DSA 4560-1] simplesamlphp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4560-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst November 06, 2019 https://www.debian.org/security/faq -...

8.8CVSS8.7AI score0.01873EPSS
Exploits0
OSV
OSVadded 2019/11/06 12:0 a.m.19 views

DSA-4560-1 simplesamlphp - security update

Bulletin has no description...

8.8CVSS8.6AI score0.01873EPSS
Exploits0
OSV
OSVadded 2019/11/06 12:0 a.m.17 views

DLA-1983-1 simplesamlphp - security update

Bulletin has no description...

8.8CVSS8.6AI score0.01873EPSS
Exploits0
CNVD
CNVDadded 2019/08/27 12:0 a.m.1 views

proxystatistics module for SimpleSAMLphp SQL Injection Vulnerability

proxystatistics module for SimpleSAMLphp is a module for SimpleSAMLphp that supports displaying proxy IdP/SP statistics. A SQL injection vulnerability exists in the lib/Auth/Process/DatabaseCommand.php file in the proxystatistics module prior to version 3.1.0 for SimpleSAMLphp, which can be...

9.8CVSS8.2AI score0.00307EPSS
Exploits0References1
Veracode
Veracodeadded 2019/08/26 5:35 a.m.15 views

SQL Injection

cesnet/simplesamlphp-module-proxystatistics is vulnerable to SQL injection. The vulnerability exists as the statements in lib/Auth/Process/DatabaseCommand.php is not parameterized...

9.8CVSS2.7AI score0.00307EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2019/08/23 6:15 p.m.10 views

CVE-2019-15537

The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php...

9.8CVSS8.5AI score
Exploits0References2
NVD
NVDadded 2019/08/23 6:15 p.m.13 views

CVE-2019-15537

The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php...

9.8CVSS9.9AI score0.00307EPSS
Exploits0References2
Prion
Prionadded 2019/08/23 6:15 p.m.8 views

Sql injection

The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php...

7.5CVSS9.9AI score0.00307EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2019/08/23 5:49 p.m.124 views

CVE-2019-15537

The CVE-2019-15537 entry concerns the proxystatistics module for SimpleSAMLphp, affected when using versions prior to 3.1.0. The underlying issue, as described across connected sources, is an SQL injection vulnerability in lib/Auth/Process/DatabaseCommand.php due to non-parameterized statements. ...

9.8CVSS9.9AI score0.00307EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2019/08/23 5:49 p.m.9 views

CVE-2019-15537

The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php...

10AI score0.00307EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2019/01/03 12:0 a.m.21 views

Fedora 28 : php-simplesamlphp-saml2_3 (2018-8cda2309d6)

SSPSA 201803-01 / CVE-2018-7711 - SSPSA 201802-01 / CVE-2018-7644 - SSPSA 201801-01 / CVE-2018-6519 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much...

8.1CVSS7.4AI score0.00467EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2019/01/03 12:0 a.m.18 views

Fedora 28 : php-simplesamlphp-saml2_1 (2018-0ee228da17)

SSPSA 201803-01 / CVE-2018-7711 - SSPSA 201802-01 / CVE-2018-7644 - SSPSA 201801-01 / CVE-2018-6519 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much...

8.1CVSS7.4AI score0.00467EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2019/01/03 12:0 a.m.26 views

Fedora 28 : php-simplesamlphp-saml2 (2018-85cb15befd)

SSPSA 201803-01 / CVE-2018-7711 - SSPSA 201802-01 / CVE-2018-7644 - SSPSA 201801-01 / CVE-2018-6519 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much...

8.1CVSS7.4AI score0.00467EPSS
Exploits0References5
Friends Of PHP
Friends Of PHPadded 2018/12/20 4:16 p.m.12 views

Credentials exposure in session storage

More info at https://simplesamlphp.org/security/201812-01...

7.2AI score
Exploits0Affected Software1
Veracode
Veracodeadded 2018/07/18 6:12 a.m.18 views

Authentication Bypass

SimpleSAMLphp is vulnerable to authentication bypasses. A malicious user can pass an unsigned SAML response with multiple assertions to the application. As long as one of the assertions are valid the application will consider the SAML response valid and grant access to the malicious user...

8.1CVSS8.6AI score0.00308EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVASadded 2018/07/09 12:0 a.m.21 views

Debian: Security Advisory (DLA-1408-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.1AI score0.00764EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2018/07/02 12:0 a.m.23 views

Debian DLA-1408-1 : simplesamlphp security update

CVE-2017-12872 / CVE-2017-12868 The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret...

9.8CVSS7.4AI score0.00764EPSS
Exploits0References4
Debian
Debianadded 2018/06/29 9:5 p.m.23 views

[SECURITY] [DLA 1408-1] simplesamlphp security update

Package : simplesamlphp Version : 1.13.1-2+deb8u2 CVE ID : CVE-2017-12868 CVE-2017-12872 CVE-2017-12872 / CVE-2017-12868 The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing...

9.8CVSS8.2AI score0.00764EPSS
Exploits0
OSV
OSVadded 2018/06/29 12:0 a.m.25 views

DLA-1408-1 simplesamlphp - security update

Bulletin has no description...

9.8CVSS7.3AI score0.00764EPSS
Exploits0
Rows per page
Query Builder