20 matches found
EUVD-2020-27993
Malware in sbrugna...
EUVD-2017-0106
Malware in sbrugna...
SUSE CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
GHSA-M269-WJ6G-C459 PySAML2 XML external entity attack
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
CVE-2022-23610 Improper Verification of Cryptographic Signature in wire-server
wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was...
Important: Red Hat Security Advisory: lasso security update
An update for lasso is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Cross site scripting
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...
CVE-2020-6850
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...
Ubuntu: Security Advisory (USN-3402-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3402-1: PySAML2 vulnerability
It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. A remote attacker could use this issue to read arbitrary files...
PYSEC-2017-25
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
CVE-2016-10149
CVE-2016-10149 affects PySAML2 up to version 4.4.0, exposing an XML External Entity (XXE) vulnerability that allows a remote attacker to read arbitrary files via crafted SAML XML requests/responses. Root cause: improper XML processing/external-entity handling. Documented impact: read access to fi...
CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
CVE-2016-10127
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
CVE-2016-10127
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
CVE-2016-5697
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...
XML External Entity (XXE)
PySAML2 is vulnerable to XML external entity attacks XXE. The library does not look for SAML XML requests or responses resulting in the ability to attack...