10 matches found
EUVD-2011-3666
Malware in sbrugna...
JanRain PHP OpenID library security bypass vulnerability
JanRain PHP OpenID library is a U.S. JanRain company's OpenID library for PHP5 . The examples/consumer/common.php file in the JanRain PHP OpenID library fails to properly check for the 'openid.realm' parameter sent via the SERVERNAME element, allowing remote attackers to Modifying the Host HTTP...
CVE-2016-2049
examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...
Design/Logic Flaw
examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...
CVE-2016-2049
examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...
CVE-2016-2049
The CVE-2016-2049 entry describes a vulnerability in the JanRain PHP OpenID library (php-openid), where examples/consumer/common.php improperly compares the openid.realm parameter to the SERVER_NAME value from the SERVER superglobal. This mismatch can allow remote attackers to hijack user authent...
CVE-2016-2049
examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...
Information disclosure
JanRain PHP OpenID library aka php-openid 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files...
CVE-2011-3707
JanRain PHP OpenID library aka php-openid 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files...
CVE-2011-3707
JanRain PHP OpenID library aka php-openid 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files...