EUVD-2015-5328

Malware in sbrugna...

MAL-2022-62 Malicious code in @adnovum-eslint/eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67f2a2007534cb15ef4c1a6e5437440966bfba014700c237c574b05ee09e6216 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @adnovum-eslint/eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67f2a2007534cb15ef4c1a6e5437440966bfba014700c237c574b05ee09e6216 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AdNovum nevisAuth SAML Certificate Matching Vulnerability

AdNovum nevisAuth is a user system authentication and access management solution. AdNovum nevisAuth fails to correctly match X.509 certificates and IdP certificates, allowing remote attackers to submit specially crafted certificates to inject arbitrary SAML assertions...

CVE-2015-5372

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider IdP, which allows remote attackers to inject arbitrary SAML...

Code injection

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider IdP, which allows remote attackers to inject arbitrary SAML...

CVE-2015-5372

The CVE concerns AdNovum nevisAuth SAML 2.0 prior to 4.18.3.1. In SAML POST-Binding, the implementation does not consistently compare attributes of the X.509 certificate embedded in the assertion with the IdP certificate, enabling an attacker to inject arbitrary SAML assertions via a crafted cert...

CVE-2015-5372

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider IdP, which allows remote attackers to inject arbitrary SAML...

nevisAuth Authentication Bypass Vulnerability

nevisAuth versions since 4.13.0.0 2012-11-21 and prior to 4.18.3.1 2015-07-02 suffer from an authentication bypass vulnerability. Product: nevisAuth 1 Vendor: AdNovum 2 CVD ID: CVE-2015-5372 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Authors: Antoine Neuenschwander...

CSNC-2012-004 Generic XSS in AdNovum nevisProxy

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: NevisProxy Vendor: AdNovum CVD ID: CSNC-2012-004 Subject: Cross-site scripting XSS within 302 Redirections Risk: High Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date: 02/23/2012...

AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections

Hi all, nevisProxy is a Swiss secure reverse proxy with integrated web application firewall WAF. It acts as a central upstream entry point for web traffic to integrated online applications. nevisProxy controls user access and protects sensitive data, applications, services, and systems from...

AdNovum NevisProxy XSS

Crossite scripting via 302 redirection...