Lucene search
+L

10 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.20 views

PT-2026-45039

Summary modules/sso/clients.php validates an adm csrf token on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, ...

5.4CVSS5.8AI score0.00016EPSS
Exploits0References3
NVD
NVD
added 2024/09/25 12:15 p.m.28 views

CVE-2024-6594

Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by...

7.5CVSS0.00501EPSS
Exploits0References1
NVD
NVD
added 2024/09/25 12:15 p.m.32 views

CVE-2024-6592

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway aka Single Sign-On Agent on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through...

9.1CVSS0.01026EPSS
Exploits0References1
CVE
CVE
added 2024/09/25 11:16 a.m.60 views

CVE-2024-6592

CVE-2024-6592 affects WatchGuard Authentication Gateway (Single Sign-On Agent) on Windows and WatchGuard SSO Client on Windows and macOS. Root cause: incorrect authorization in the protocol communication between gateway and clients, enabling authentication bypass. Affected versions: Authenticatio...

9.1CVSS9.4AI score0.01026EPSS
Exploits0References1Affected Software2
Github Security Blog
Github Security Blog
added 2023/09/04 4:36 p.m.27 views

Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client

Impact Improper input validation in the init function allows arbitrary javascript to be executed using the javascript: prefix ts SSO.init'javascript:alert"javascript successfully injected"' Patches This vulnerability was patched on version 0.1.0 Workarounds This vulnerability can be prevented if...

7.5CVSS6.9AI score0.00399EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/09/01 7:35 p.m.54 views

CVE-2023-41049 Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client

@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the init function allows arbitrary javascript to be executed using the javascript: prefix. This vulnerability has been patched on version 0.1.0. Users are...

7.5CVSS7.8AI score0.00399EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/01 12:0 a.m.8 views

PT-2023-27760 · Unknown · @Dcl/Single-Sign-On-Client

Name of the Vulnerable Software and Affected Versions: @dcl/single-sign-on-client versions prior to 0.1.0 Description: The issue concerns improper input validation in the init function, allowing arbitrary JavaScript to be executed using the javascript: prefix. This can be exploited by passing...

7.5CVSS6.3AI score0.00399EPSS
Exploits0References9
Prion
Prion
added 2012/06/16 12:55 a.m.23 views

Code injection

The Single Sign On Client ubuntu-sso-client for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle MITM attack...

6.8CVSS6.8AI score0.01243EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2012/06/16 12:0 a.m.60 views

CVE-2011-4408

CVE-2011-4408 affects the Ubuntu Single Sign On Client (ubuntu-sso-client) on Ubuntu 11.04 and 11.10. The issue is that SSL certificates were not properly validated over HTTPS, enabling remote attackers to perform MITM attacks to spoof a server and read or modify sensitive data. Public references...

6.8CVSS6.4AI score0.01243EPSS
Exploits0References5Affected Software1
Ubuntu
Ubuntu
added 2012/06/06 1:24 p.m.55 views

USN-1464-1: Ubuntu Single Sign On Client vulnerability

It was discovered that the Ubuntu Single Sign On Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information...

6.8CVSS5.3AI score0.01243EPSS
Exploits0
Rows per page
Query Builder