757 matches found
CVE-2017-16852
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
UBUNTU-CVE-2017-16853
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
CVE-2017-16853
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
CVE-2017-16852
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
CVE-2017-16853
CVE-2017-16853 affects OpenSAML’s DynamicMetadataProvider (OpenSAML-C) prior to 2.6.1. The DynamicMetadataProvider.cpp implementation does not properly configure MetadataFilter plugins and omits key security checks (e.g., signature verification, validity periods, and other deployment-specific che...
CVE-2017-16852
Removed by vendor...
CVE-2017-16853
Removed by vendor...
XML External Entity (XXE) Processing
These PHP packages are vulnerable to XML external entity XXE processing attacks. The attacks exist because they do not properly check the validity of XML string...
XML External Entity (XXE) Processing
These PHP packages are vulnerable to XML external entity XXE processing attacks. The attacks exist because they do not properly scan the validity of XML string...
XML External Entity (XXE) Processing
zendframework is vulnerable to XML external entity XXE processing attacks. The attacks exist because it fails to scan the validity of XML input when loading XML...
Pivotal Cloud Foundry Multiple Product Design Vulnerabilities
Pivotal Cloud Foundry PCF Runtime cf-release and others are products of Pivotal Software, Inc. PCF is an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release of PCF. UAA i...
Moxa AWK-3131A Web Application Nonce Reuse Vulnerability(CVE-2016-8712)
Summary An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Teste...
CVE-2017-12867
The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...
CVE-2017-12867
The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...
CVE-2017-12867
The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset...
NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access) Vulnerability
Exploit for jsp platform in category web applications HTML Decoded PoC: history.pushState'', '', '/' input type="hidden"...
NethServer 7.3.1611 - Cross-Site Request Forgery (Create User Enable SSH Access)
NethServer 7.3.1611 - Cross-Site Request Forgery Create User Enable SSH Access HTML Decoded PoC: history.pushState'', '', '/' input type="hidden" name="AccountUsercreategrou...
NethServer 7.3.1611 CSRF Create User / Enable SSH Access
HTML Decoded PoC: history.pushState'', '', '/' input type="hidden" name="...
Unauthorized Extension Of Token Validity
simplesamlphp is vulnerable to having a token's validity period extended by an unauthorized party. The vulnerability is possible because there is a flaw in the calculateTokenValue function in TimeLimitedToken.php. The flaw allows an attacker to extend the prepended offset as much as needed to hit...
gnutls: Incorrect certificate validation when using OCSP responses (GNUTLS-SA-2016-3)
A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances...