11 matches found
EUVD-2024-44026
Malicious code in bioql PyPI...
CVE-2024-4393
The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to lo...
CVE-2024-4393
The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to lo...
Steam Socialite Provider v1 does not correctly validate openid server
Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...
Jasig CAS 4.0.1 Cross Site Scripting
Jasig CAS server version 4.0.1 is prone to xss vulnerabilities Timeline: 20.02.2015 - Vendor notified 11.05.2015 - Patches released 21.09.2015 - Bugtraq disclosure Vulnerable version: 4.0.1 Fixed version: 4.0.2 Vulnerabilities details: 1 XSS in OpenID server Obtain method: Paste thi url...
JOIDS (Java OpenID Server) multiple vulnerabilities
Hi, This is a public disclosure with disarmed Proof of Concept of unpatched vulnerabilities in JOIDS Java OpenID Server. "JOIDS Java OpenID Server is a multi-domain, multi-user OpenID Provider based on OpenID4Java, Spring Framework, Hibernate, Velocity" https://code.google.com/p/openid-server/...
Java OpenID Server 1.2.1 XSS / Session Fixation
Hi, This is a public disclosure with disarmed Proof of Concept of unpatched vulnerabilities in JOIDS Java OpenID Server. "JOIDS Java OpenID Server is a multi-domain, multi-user OpenID Provider based on OpenID4Java, Spring Framework, Hibernate, Velocity" https://code.google.com/p/openid-server/...
FreeBSD : drupal7 -- multiple vulnerabilities (2adc3e78-22d1-11e2-b9f0-d0df9acfd7e5)
Drupal Security Team reports : - Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original...
drupal7 -- multiple vulnerabilities
Drupal Security Team reports: Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original...
Authentication bypass via attacker provided openid server
Description Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These a...
Authentication bypass via attacker provided openid server
Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...