576 matches found
CVE-2012-0040
Cross-site scripting XSS vulnerability in modules/core/www/nocookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter...
CVE-2012-0040
Cross-site scripting XSS vulnerability in modules/core/www/nocookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter...
CVE-2012-0040
CVE-2012-0040 is a cross-site scripting (XSS) vulnerability in SimpleSAMLphp 1.8.1 (and possibly earlier versions before 1.8.2) where an attacker can inject arbitrary script/HTML via the retryURL parameter in modules/core/www/no_cookie.php. Affected software is SimpleSAMLphp; root cause is improp...
CVE-2012-0908
Cross-site scripting XSS vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the linkhref parameter...
CVE-2012-0908
CVE-2012-0908 concerns a cross-site scripting (XSS) flaw in SimpleSAMLphp. The vulnerability occurs in logout.php where the link_href parameter is not properly sanitized, allowing remote attackers to inject arbitrary script or HTML. Affected version scope includes 1.8.1 and potentially other vers...
CVE-2012-0908
Cross-site scripting XSS vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the linkhref parameter...
SimpleSAMLphp Detection
The remote web server hosts SimpleSAMLphp, an implementation of SAML Security Assertion Markup Language for written in PHP. It acts as both a Service Provider, authenticating users to PHP applications, as well as an Identity Provider, storing information about them. C Tenable Network Security, In...
SimpleSAMLphp logout.php link_href Parameter XSS
The version of SimpleSAMLphp on the remote host contains a cross-site scripting vulnerability because it fails to sanitize input to the 'linkhref' parameter of the 'logout.php' script before including it in a web page. An attacker can leverage this issue by enticing a user to follow a malicious...
Debian DSA-2387-1 : simplesamlphp - insufficient input sanitation
'timtai1' discovered that simpleSAMLphp, an authentication and federation platform, is vulnerable to a cross site scripting attack, allowing a remote attacker to access sensitive client data. The oldstable distribution lenny does not contain a simplesamlphp package. %NASLMINLEVEL 70300 C Tenable...
[SECURITY] [DSA 2387-1] simplesamlphp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2387-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 11, 2012 http://www.debian.org/security/faq -...
DSA-2387-1 simplesamlphp - cross site scripting
Bulletin has no description...
[SECURITY] [DSA 2330-1] simplesamlphp security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2330-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 27, 2011 http://www.debian.org/security/faq -...
Debian DSA-2330-1 : simplesamlphp - XML encryption weakness
Issues were found in the handling of XML encryption in simpleSAMLphp, an application for federated authentication. The following two issues have been addressed : It may be possible to use an SP as an oracle to decrypt encrypted messages sent to that SP. It may be possible to use the SP as a key...
[SECURITY] [DSA 2330-1] simplesamlphp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2330-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 27, 2011 http://www.debian.org/security/faq -...
DSA-2330-1 simplesamlphp - several
Bulletin has no description...
Signature validation bypass
More info at https://simplesamlphp.org/security/201710-01...