[SECURITY] Fedora 24 Update: php-simplesamlphp-saml2_1-1.10.3-1.fc24

A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp 1, used by OpenConext 2. This library started as a collaboration between UNINETT 3 and SURFnet 4 but everyone is invited to contribute. Autoloader: /usr/share/php/SAML21/autoload.php 1 https://www.simplesamlphp.org/ 2...

[SECURITY] Fedora 24 Update: php-simplesamlphp-saml2-2.3.3-1.fc24

A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp 1, used by OpenConext 2. This library started as a collaboration between UNINETT 3 and SURFnet 4 but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2/autoload.php 1 https://www.simplesamlphp.org/ 2...

[SECURITY] Fedora 25 Update: php-simplesamlphp-saml2-2.3.3-1.fc25

A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp 1, used by OpenConext 2. This library started as a collaboration between UNINETT 3 and SURFnet 4 but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2/autoload.php 1 https://www.simplesamlphp.org/ 2...

Fedora 25 : php-simplesamlphp-saml2 / php-simplesamlphp-saml2_1 (2016-8b1f72df21)

v1.10.3 / v2.3.3 - This is a security release fixing an issue with signature validation. Please upgrade as soon as possible. - 201612-01 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Fedora 24 : php-simplesamlphp-saml2 / php-simplesamlphp-saml2_1 (2016-b000091725)

v1.10.3 / v2.3.3 - This is a security release fixing an issue with signature validation. Please upgrade as soon as possible. - 201612-01 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Incorrect persistent NameID generation

More info at https://simplesamlphp.org/security/201612-04...

SimpleSAMLphp Security Bypass Vulnerability

SimpleSAMLphp is an application written in native PHP for handling validation.The SAML2Utils class provides a series of methods to validate XML digital signatures against given keywords. A security bypass vulnerability exists in SimpleSAMLphp. An attacker can bypass security constraints to perfor...

play.telecentro.com.ar XSS vulnerability

Vulnerable URL: http://play.telecentro.com.ar/simplesamlphp-telecentro/www/module.php/logintlc/cliente.php?jsoncallback=prompt/OPENBUGBOUNTY/...

simplesamlphp Link Injection

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SIMPLESAML-PHP-LINK-INJECTION.txt + ISR: apparitionsec Vendor: ================= simplesamlphp.org Product: ====================== simplesamlphp 1.14.4 Vulnerability Type:...

Link injection

More info at https://simplesamlphp.org/security/201606-01...

CVE-2013-4552

lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name uid in a cookie...

CVE-2013-4552

The CVE affects the drupalauth module for simpleSAMLphp, specifically lib/Auth/Source/External.php in versions before 1.2.2. The underlying issue enables remote attackers to authenticate as an arbitrary user by manipulating the uid value in a cookie, effectively bypassing authentication. This con...

CVE-2013-4552

lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name uid in a cookie...

Debian Security Advisory DSA 2330-1 (simplesamlphp)

The remote host is missing an update to simplesamlphp announced via advisory DSA 2330-1. OpenVAS Vulnerability Test $Id: deb23301.nasl 8970 2018-02-27 15:16:18Z cfischer $ Description: Auto-generated from advisory DSA 2330-1 simplesamlphp Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft...

Debian Security Advisory DSA 2387-1 (simplesamlphp)

The remote host is missing an update to simplesamlphp announced via advisory DSA 2387-1. OpenVAS Vulnerability Test $Id: deb23871.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2387-1 simplesamlphp Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft...

Debian: Security Advisory (DSA-2387-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-2330-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2012-0040

Cross-site scripting XSS vulnerability in modules/core/www/nocookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter...

CVE-2012-0040

Cross-site scripting XSS vulnerability in modules/core/www/nocookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter...

DEBIAN-CVE-2012-0908

Cross-site scripting XSS vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the linkhref parameter...