20 matches found
EUVD-2011-3666
Malware in sbrugna...
EUVD-2022-2640
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-2049
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the...
Linux Distros Unpatched Vulnerability : CVE-2011-3707
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JanRain PHP OpenID library aka php-openid 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the...
SUSE CVE-2013-4701
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...
Authentication Hijack
openid/php-openid is vulnerable to authentication hijack. examples/consumer/common.php incorrectly checks the openid.realm parameter against the SERVERNAME element. This can be leveraged by attackers to hijack authentication through HTTP host headers...
JanRain PHP OpenID library security bypass vulnerability
JanRain PHP OpenID library is a U.S. JanRain company's OpenID library for PHP5 . The examples/consumer/common.php file in the JanRain PHP OpenID library fails to properly check for the 'openid.realm' parameter sent via the SERVERNAME element, allowing remote attackers to Modifying the Host HTTP...
CVE-2016-2049
examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...
Design/Logic Flaw
examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...
CVE-2016-2049
examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...
CVE-2016-2049
examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...
CVE-2013-4701
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...
UBUNTU-CVE-2013-4701
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...
CVE-2013-4701
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...
Xxe
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...
CVE-2013-4701
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...
JVN#24713981: PHP OpenID Library vulnerable to XML external entity injection
The PHP OpenID Library contains an XML external entity injection vulnerability. Impact When processing specially crafted XRDS data, information on the server may be disclosed or server resources may be consumed excessively. Solution Apply a Patch The source code in the repository has been fixed...
Information disclosure
JanRain PHP OpenID library aka php-openid 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files...
CVE-2011-3707
JanRain PHP OpenID library aka php-openid 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files...
CVE-2011-3707
JanRain PHP OpenID library aka php-openid 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files...