CVE-2024-6202

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping XSW vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 and patches starting from...

CVE-2024-6202 HaloITSM - SAML XML Signature Wrapping (XSW)

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping XSW vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 and patches starting from...

CVE-2024-6202

CVE-2024-6202 concerns HaloITSM. A SAML XML Signature Wrapping (XSW) vulnerability affects HaloITSM versions up to 2.146.1 with a SAML integration configured, allowing anonymous actors to impersonate arbitrary HaloITSM users by knowing their email address. The issue is addressed in versions past ...

CVE-2023-34923

TOPdesk CVE-2023-34923 involves XML Signature Wrapping (XSW) in the SAML-based SSO of TOPdesk v12.10.12. The vulnerability affects the SAML Response handling and, per the description, allows attackers with valid credentials to authenticate with the Identity Provider and impersonate any TOPdesk us...

Signature Verification Bypass

github.com/moov-io/signedxml is vulnerable to Signature Verification Bypass. The vulnerability exists because parsing the raw XML as received can result in different output than parsing the canonicalized XML in the Validate function of validator.go, which allows an attacker to bypass signature...

Signature validation bypass in github.com/moov-io/signedxml

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

GHSA-JQVR-J2VG-GJRV Signature validation bypass in github.com/moov-io/signedxml

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

CVE-2023-34205

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

Input validation

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

CVE-2023-34205

In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...

CVE-2023-34205

CVE-2023-34205 affects moov-io/signedxml up to version 1.0.0, where parsing raw vs canonicalized XML can produce different outputs, enabling a Signature Wrapping (XSW) bypass of signature validation. The issue is documented across multiple feeds (NVD, Red Hat, GHSA, OSV) with a high CVSS (CRITICA...

CVE-2020-5390

A verification flaw was found in python-pysaml2, where it did not check that the signature in a SAML document was enveloped, which enabled XML signature wrapping XSW attacks. A remote attacker could exploit this flaw to convince SAML processing to verify the signature and accept malicious data...

CVE-2020-5390

CVE-2020-5390 affects PySAML2 prior to 5.0.0 where SAML signature enveloping is not checked, enabling XML Signature Wrapping (XSW) and causing the verification to succeed while using the wrong data (e.g., assertions). The connected documents indicate a fix is available: PySAML2 patch CVE-2020-539...

mx.theoilandgasjob.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-972853 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

SAML Raider - SAML2 Burp Extension

SAML Raider is a Burp Suite extension for testing SAML infrastructures. It contains two core functionalities: Manipulating SAML Messages and manage X.509 certificates. This software was created by Roland Bischofberger and Emanuel Duss during a bachelor thesis at the Hochschule für Technik...

Apache Axis2 XML signature-wrapping安全漏洞

Apache Axis2是Apache web services/SOAP/WDSL引擎，它是Apache SOAP项目的延续。 Apache Axis2受XML Signature Wrapping XSW攻击影响，允许攻击者利用漏洞绕过对签名请求的验证，对应用进行进一步攻击。 0 Apache Axis2 厂商解决方案 目前没有详细解决方案提供： http://ws.apache.org/axis/...

CVE-1999-0972

CVE-1999-0972 describes a buffer overflow in the Xshipwars xsw program. The vulnerability is reported with a CVSS v2 base score of 7.5 (HIGH), with network attack vector, low access complexity, no authentication, and partial impacts to confidentiality, integrity, and availability. The provided do...

CVE-1999-0972

Buffer overflow in Xshipwars xsw program...