Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simplesamlphp simplesamlphp vulnerabilities and exploits
(subscribe to this query)
772
VMScore
CVE-2019-11043
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code exec...
Php Php
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 EDB exploits
40 Github repositories
1 Article
756
VMScore
CVE-2016-9814
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp prior to 1.14.10 and simplesamlphp/saml2 library prior to 1.9.1, 1.10.x prior to 1.10.3, and 2.x prior to 2.3.3 allows remote malicious users to spoof SAML responses or possibly cause a denial of service (memo...
Simplesamlphp Simplesamlphp 1.10
Simplesamlphp Simplesamlphp
Simplesamlphp Saml2 2.0.0
Simplesamlphp Saml2 2.0.1
Simplesamlphp Saml2 1.10.1
Simplesamlphp Saml2 1.10.2
Simplesamlphp Saml2 2.3.2
Simplesamlphp Saml2 1.10
Simplesamlphp Saml2 2.3
Simplesamlphp Saml2 2.3.1
Simplesamlphp Saml2 2.1
Simplesamlphp Saml2 2.2
Simplesamlphp Saml2
703
VMScore
CVE-2017-5661
In Apache FOP prior to 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the use...
Apache Formatting Objects Processor
668
VMScore
CVE-2020-11656
In SQLite up to and including 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
Sqlite Sqlite
Netapp Ontap Select Deploy Administration Utility -
Oracle Communications Network Charging And Control 6.0.1
Oracle Communications Network Charging And Control
Oracle Communications Network Charging And Control 12.0.2
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Mysql
Oracle Mysql Workbench
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
Oracle Zfs Storage Appliance Kit 8.8
Oracle Communications Messaging Server 8.1
Siemens Sinec Infrastructure Network Services
Tenable Tenable.sc
668
VMScore
CVE-2019-11049
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locati...
Php Php
Php Php 7.4.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 10.0
Tenable Securitycenter
668
VMScore
CVE-2019-19919
Versions of handlebars before 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an malicious user to execute arbitrary code through crafted payloads.
Handlebars.js Project Handlebars.js 1.0.6
Handlebars.js Project Handlebars.js 1.0.7
Handlebars.js Project Handlebars.js 1.0.8
Handlebars.js Project Handlebars.js 1.0.9
Handlebars.js Project Handlebars.js 1.0.10
Handlebars.js Project Handlebars.js 1.0.11
Handlebars.js Project Handlebars.js 1.0.12
Handlebars.js Project Handlebars.js 1.1.0
Handlebars.js Project Handlebars.js 1.1.1
Handlebars.js Project Handlebars.js 1.1.2
Handlebars.js Project Handlebars.js 1.2.0
Handlebars.js Project Handlebars.js 1.2.1
Handlebars.js Project Handlebars.js 1.3.0
Handlebars.js Project Handlebars.js 2.0.0
Handlebars.js Project Handlebars.js 3.0.0
Handlebars.js Project Handlebars.js 3.0.1
Handlebars.js Project Handlebars.js 3.0.2
Handlebars.js Project Handlebars.js 3.0.3
Handlebars.js Project Handlebars.js 4.0.0
Handlebars.js Project Handlebars.js 4.0.1
Handlebars.js Project Handlebars.js 4.0.2
Handlebars.js Project Handlebars.js 4.0.3
668
VMScore
CVE-2019-19646
pragma.c in SQLite up to and including 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
Sqlite Sqlite
Siemens Sinec Infrastructure Network Services
Tenable Tenable.sc
Oracle Mysql Workbench
Netapp Cloud Backup -
Netapp Ontap Select Deploy Administration Utility -
668
VMScore
CVE-2019-15537
The proxystatistics module prior to 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.
Cesnet Proxystatistics
668
VMScore
CVE-2018-6521
The sqlauth module in SimpleSAMLphp prior to 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote malicious users to bypass intended access restrictions.
Simplesamlphp Simplesamlphp
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
668
VMScore
CVE-2017-12873
SimpleSAMLphp 1.7.0 up to and including 1.14.10 might allow malicious users to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
Simplesamlphp Simplesamlphp
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »