576 matches found
SimpleSAMLphp Security Bypass Vulnerability
SimpleSAMLphp is an application written in native PHP for handling validation.The SAML2Utils class provides a series of methods to validate XML digital signatures against given keywords. A security bypass vulnerability exists in SimpleSAMLphp. An attacker can bypass security constraints to perfor...
play.telecentro.com.ar XSS vulnerability
Vulnerable URL: http://play.telecentro.com.ar/simplesamlphp-telecentro/www/module.php/logintlc/cliente.php?jsoncallback=prompt/OPENBUGBOUNTY/...
simplesamlphp Link Injection
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SIMPLESAML-PHP-LINK-INJECTION.txt + ISR: apparitionsec Vendor: ================= simplesamlphp.org Product: ====================== simplesamlphp 1.14.4 Vulnerability Type:...
Link injection
More info at https://simplesamlphp.org/security/201606-01...
CVE-2013-4552
lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name uid in a cookie...
CVE-2013-4552
lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name uid in a cookie...
CVE-2013-4552
The CVE affects the drupalauth module for simpleSAMLphp, specifically lib/Auth/Source/External.php in versions before 1.2.2. The underlying issue enables remote attackers to authenticate as an arbitrary user by manipulating the uid value in a cookie, effectively bypassing authentication. This con...
Debian: Security Advisory (DSA-2387-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 2387-1 (simplesamlphp)
The remote host is missing an update to simplesamlphp announced via advisory DSA 2387-1. OpenVAS Vulnerability Test $Id: deb23871.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2387-1 simplesamlphp Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft...
Debian Security Advisory DSA 2330-1 (simplesamlphp)
The remote host is missing an update to simplesamlphp announced via advisory DSA 2330-1. OpenVAS Vulnerability Test $Id: deb23301.nasl 8970 2018-02-27 15:16:18Z cfischer $ Description: Auto-generated from advisory DSA 2330-1 simplesamlphp Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft...
Debian: Security Advisory (DSA-2330-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2012-0908
Cross-site scripting XSS vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the linkhref parameter...
CVE-2012-0908
Cross-site scripting XSS vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the linkhref parameter...
CVE-2012-0040
Cross-site scripting XSS vulnerability in modules/core/www/nocookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter...
CVE-2012-0040
Cross-site scripting XSS vulnerability in modules/core/www/nocookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter...
CVE-2012-0908
Cross-site scripting XSS vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the linkhref parameter...
DEBIAN-CVE-2012-0040
Cross-site scripting XSS vulnerability in modules/core/www/nocookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the linkhref parameter...
CVE-2012-0908
Cross-site scripting XSS vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the linkhref parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in modules/core/www/nocookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter...