28 matches found
EUVD-2014-5160
Malware in sbrugna...
EUVD-2017-0174
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2014-5267
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an...
Drupal OpenID External Entity Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal OpenID External Entity Injection', 'Description' = %q This module abuses an XML External Entity Injection vulnerability on the OpenID modu...
SUSE CVE-2013-4701
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...
Denial Of Service (DoS)
python-openid is vulnerable to Denial of Service DoS attacks. The vulnerability exists due to the usage of an insecure Yardis XRDS parser which contains a series of weaknesses that allows XML attacks such as the Billion Laugh attack...
Denial of service in ruby-openid
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...
GHSA-6C8P-QPHV-668V Denial of service in ruby-openid
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...
Vulnerable to XIE DoS attacks
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...
CVE-2014-5267
modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document...
Design/Logic Flaw
modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document...
UBUNTU-CVE-2014-5267
modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document...
CVE-2014-5267
modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document...
CVE-2014-5267
Removed by vendor...
CVE-2014-5267
CVE-2014-5267 affects Drupal 6.x (before 6.33) and Drupal 7.x (before 7.31). The vulnerability is in modules/openid/xrds.inc where a crafted DOCTYPE declaration in an XRDS document can enable a remote attacker to cause unspecified impact. The root cause is an XRDS DOCTYPE handling weakness in the...
CVE-2013-1812
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...
CVE-2013-1812
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...
Design/Logic Flaw
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...
CVE-2013-1812
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...
CVE-2013-1812
CVE-2013-1812 affects the ruby-openid gem for Ruby, with the vendor reference stating: “before 2.2.2 … allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.” The linked advisories confirm the issue ...