582 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-9814
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2....
Linux Distros Unpatched Vulnerability : CVE-2017-12867
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by...
Linux Distros Unpatched Vulnerability : CVE-2017-18121
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute...
Linux Distros Unpatched Vulnerability : CVE-2017-12870
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and...
Linux Distros Unpatched Vulnerability : CVE-2016-3124
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. CVE-2016-3124 Note...
Linux Distros Unpatched Vulnerability : CVE-2020-5225
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system...
Linux Distros Unpatched Vulnerability : CVE-2018-6521
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might ...
CVE-2024-52596
SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...
CVE-2020-5301
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...
CVE-2020-5225
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...
CVE-2020-5226
Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a...
CVE-2010-10004
A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The...
CVE-2010-10008
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads...
CVE-2010-10002
UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site...
CVE-2019-15537
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php...
Debian: Security Advisory (DLA-4161-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 4161-1] simplesamlphp security update
Debian LTS Advisory DLA-4161-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost May 09, 2025 https://wiki.debian.org/LTS Package : simplesamlphp Version : 1.19.0-1+deb11u2 CVE ID : CVE-2025-27773 Debian Bug : 1100595 A vulnerability has been discovered in SimpleSAMLph...
DLA-4161-1 simplesamlphp - security update
Bulletin has no description...
Debian dla-4161 : simplesamlphp - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4161 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4161-1 [email protected] https://www.debian.org/lts/security/...
Signature Confusion Attack
simplesamlphp/saml2 is vulnerable to a Signature Confusion Attack. The vulnerability is due to improper validation in the HTTP-Redirect binding, which allows an attacker with any signed SAMLResponse to trick the application into accepting an unsigned message...