Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid - vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2019-11027
Ruby OpenID (aka ruby-openid) up to and including 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the...
Openid Ruby-openid
755
VMScore
CVE-2008-4529
Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote malicious users to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, ...
Asicms Asicms 0.208
1 EDB exploit
685
VMScore
CVE-2007-5173
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote malicious users to execute arbitrary PHP code via a URL in the openid_root_path parameter.
Openid Openid 0.2.0
Phpbb Phpbb
1 EDB exploit
668
VMScore
CVE-2021-45786
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.
Maccms Maccms 10.0
668
VMScore
CVE-2021-22851
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
Hgiga Oaklouds Openid
668
VMScore
CVE-2019-12419
Apache CXF prior to 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the suppli...
Apache Cxf
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Retail Order Broker 15.0
Oracle Enterprise Manager Base Platform 13.2.1.0
Oracle Commerce Guided Search 11.3.2
668
VMScore
CVE-2019-15941
OpenID Connect Issuer in LemonLDAP::NG 2.x up to and including 2.0.5 may allow an malicious user to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with we...
Lemonldap-ng Lemonldap\\ \\
Debian Debian Linux 10.0
668
VMScore
CVE-2019-11066
openid.php in LightOpenID up to and including 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method.
Lightopenid Project Lightopenid
668
VMScore
CVE-2019-4155
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.
Ibm Api Connect
668
VMScore
CVE-2018-1851
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote malicious user to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execu...
Ibm Websphere Application Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »