12 matches found
EUVD-2026-44594
The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach...
CVE-2026-12281
The vulnerability CVE-2026-12281 affects the Shibboleth WordPress plugin before 2.5.4. When HTTP header identity mode is enabled without an anti-spoofing key, the plugin does not fail closed and treats any request carrying identity headers as authenticated without verification. This allows an una...
EUVD-2017-5816
Malware in sbrugna...
EUVD-2014-3537
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-36394
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. CVE-2021-36394 Note that Nessus relies on the presence of the...
Linux Distros Unpatched Vulnerability : CVE-2021-40691
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A session hijack risk was identified in the Shibboleth authentication plugin. CVE-2021-40691 Note that Nessus relies on the presence of the package as reported ...
UBUNTU-CVE-2021-36394
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin...
UBUNTU-CVE-2021-40691
A session hijack risk was identified in the Shibboleth authentication plugin...
Moodle Shibboleth 授权问题漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Shibboleth is an open source SAML protocol web single sign-on system for Windows platforms from Shibboleth, UK. Moodle suffers from an...
UBUNTU-CVE-2017-14313
The shibbolethloginform function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of addqueryarg...
CVE-2017-14313
The shibbolethloginform function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of addqueryarg...
CVE-2017-14313
CVE-2017-14313 applies to the Shibboleth WordPress plugin (pre-1.8). The vulnerability is a cross-site scripting flaw in the shibboleth_login_form function caused by improper use of add_query_arg(), enabling injection of arbitrary script/HTML. Public advisories (DSA-3973-1, Debian announcements) ...