37 matches found
EUVD-2011-0783
Malware in sbrugna...
EUVD-2012-2289
Malware in sbrugna...
EUVD-2016-3154
Malware in sbrugna...
EUVD-2012-3745
Malware in sbrugna...
EUVD-2011-3666
Malware in sbrugna...
EUVD-2012-2707
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2011-3707
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JanRain PHP OpenID library aka php-openid 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the...
CVE-2012-3798
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks...
JanRain PHP OpenID library security bypass vulnerability
JanRain PHP OpenID library is a U.S. JanRain company's OpenID library for PHP5 . The examples/consumer/common.php file in the JanRain PHP OpenID library fails to properly check for the 'openid.realm' parameter sent via the SERVERNAME element, allowing remote attackers to Modifying the Host HTTP...
CVE-2016-2049
examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...
Design/Logic Flaw
examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...
CVE-2016-2049
examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...
CVE-2016-2049
The CVE-2016-2049 entry describes a vulnerability in the JanRain PHP OpenID library (php-openid), where examples/consumer/common.php improperly compares the openid.realm parameter to the SERVER_NAME value from the SERVER superglobal. This mismatch can allow remote attackers to hijack user authent...
CVE-2016-2049
examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...
CVE-2012-2296
The Janrain Engage formerly RPX module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability...
Design/Logic Flaw
The Janrain Engage formerly RPX module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability...
CVE-2012-2296
The Janrain Engage formerly RPX module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability...
CVE-2012-2296
The CVE-2012-2296 issue affects the Janrain Engage (formerly RPX) Drupal module. It states that user profile data from Engage is stored in session tables (and also in the users table) for Drupal 6.x-1.x, 6.x-2.x prior to 6.x-2.2, and 7.x-2.x prior to 7.x-2.2, which could enable remote attackers t...
CVE-2012-3798
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks...
CVE-2012-2727
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter...