EUVD-2016-3154

Malware in sbrugna...

EUVD-2022-2640

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2011-3707

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JanRain PHP OpenID library aka php-openid 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the...

SUSE CVE-2013-4701

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

SUSE CVE-2016-2049

examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...

GLSA-202003-09 : OpenID library for Ruby: Server-Side Request Forgery

The remote host is affected by the vulnerability described in GLSA-202003-09 OpenID library for Ruby: Server-Side Request Forgery It was discovered that OpenID library for Ruby performed discovery first, and then verification. Impact : A remote attacker could possibly change the URL used for...

Unspecified Vulnerability in Ruby OpenID

Ruby OpenID is a Ruby library for providing and verifying OpenID identities. A security vulnerability exists in Ruby OpenID 2.8.0 and earlier versions. No details of the vulnerability are provided at this time...

JanRain PHP OpenID library security bypass vulnerability

JanRain PHP OpenID library is a U.S. JanRain company's OpenID library for PHP5 . The examples/consumer/common.php file in the JanRain PHP OpenID library fails to properly check for the 'openid.realm' parameter sent via the SERVERNAME element, allowing remote attackers to Modifying the Host HTTP...

CVE-2016-2049

examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...

CVE-2013-4701

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

UBUNTU-CVE-2013-4701

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

CVE-2013-4701

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

Xxe

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

CVE-2013-4701

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

PHP OpenID Library vulnerable to XML external entity injection

Overview The PHP OpenID Library contains an XML external entity injection vulnerability. Takeshi Terada from Mitsui Bussan Secure Directions, Inc. and Kosuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

JVN#24713981: PHP OpenID Library vulnerable to XML external entity injection

The PHP OpenID Library contains an XML external entity injection vulnerability. Impact When processing specially crafted XRDS data, information on the server may be disclosed or server resources may be consumed excessively. Solution Apply a Patch The source code in the repository has been fixed...

UBUNTU-CVE-2011-3707

JanRain PHP OpenID library aka php-openid 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files...