582 matches found
SimpleSAMLphp 跨站脚本漏洞
SimpleSAMLphp is a PHP authentication application that implements SAML 2.0 service provider and identity provider functionality. SimpleSAMLphp suffers from a cross-site scripting vulnerability that stems from some unknown processing that manipulates to cause cross-site scripting...
PT-2023-9888 · Unknown · Simplesamlphp
Name of the Vulnerable Software and Affected Versions: simpleSAMLphp versions prior to 1.0 Description: A vulnerability was found in the Information Cards Module and classified as problematic. This issue affects some unknown processing, leading to cross-site scripting. The attack may be initiated...
GHSA-GGJ9-6X8J-49W9 SimpleSAMLphp simplesamlphp-module-openid
A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to...
SimpleSAMLphp simplesamlphp-module-openid
A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to...
CVE-2010-10002
UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site...
Cross site scripting
UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site...
CVE-2010-10002
The vulnerability CVE-2010-10002 affects the SimpleSAMLphp package, specifically the simplesamlphp-module-openid OpenID Handler. The issue is an input manipulation in the file templates/consumer.php (AuthState) that enables cross-site scripting. Exploitation can be performed remotely; the attack ...
SimpleSAMLphp 跨站脚本漏洞
SimpleSAMLphp is a PHP authentication application that implements SAML 2.0 service provider and identity provider functionality. A cross-site scripting vulnerability exists in SimpleSAMLphp that stems from cross-site scripting due to misuse of the parameter AuthState...
PT-2023-9886 · Unknown · Simplesamlphp-Module-Openid +1
Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp simplesamlphp-module-openid versions prior to 1.0 Description: A vulnerability has been found in the OpenID Handler component of SimpleSAMLphp simplesamlphp-module-openid. The issue affects an unknown function of the file...
Malicious code in simplesamlphp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1b0f54563dff6c02ddade2dbcd3f6bf7e1ed1c736d76c1e001d807410dc02c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6127 Malicious code in simplesamlphp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1b0f54563dff6c02ddade2dbcd3f6bf7e1ed1c736d76c1e001d807410dc02c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2018-7711
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...
SimpleSAMLphp Incorrect IV generation for encryption
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...
GHSA-WW3W-592J-5QRW SimpleSAMLphp Incorrect IV generation for encryption
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...
GHSA-44PR-MGCP-V36R SimpleSAMLphp Unauthenticated encryption in CBC mode
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
SimpleSAMLphp Unauthenticated encryption in CBC mode
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
SimpleSAMLphp Open redirection protection bypass
SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL...
GHSA-2QFC-48V5-4W5H SimpleSAMLphp Open redirection protection bypass
SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL...
SimpleSAMLphp SAML2 spoof SAML responses
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...
GHSA-R8V4-7VWJ-983X SimpleSAMLphp SAML2 spoof SAML responses
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...