Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid - vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2007-1651
Cross-site request forgery (CSRF) vulnerability in OpenID allows remote malicious users to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID ser...
Openid Openid
4.3
CVSSv2
CVE-2008-3280
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS ...
Openid Openid -
1 EDB exploit
7.5
CVSSv2
CVE-2007-1652
OpenID allows remote malicious users to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens.
Openid Openid
2.1
CVSSv2
CVE-2012-2760
mod_auth_openid prior to 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
Findingscience Mod Auth Openid 0.2
Findingscience Mod Auth Openid 0.1
Findingscience Mod Auth Openid 0.4
Findingscience Mod Auth Openid 0.3
Findingscience Mod Auth Openid 0.2.1
Findingscience Mod Auth Openid
Findingscience Mod Auth Openid 0.5
1 EDB exploit
5.8
CVSSv2
CVE-2019-9837
Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x prior to 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none val...
Openid Openid Connect
10
CVSSv2
CVE-2019-11027
Ruby OpenID (aka ruby-openid) up to and including 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the...
Openid Ruby-openid
6.8
CVSSv2
CVE-2007-5173
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote malicious users to execute arbitrary PHP code via a URL in the openid_root_path parameter.
Phpbb Phpbb
Openid Openid 0.2.0
1 EDB exploit
4.9
CVSSv2
CVE-2020-26244
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but on...
Python Openid Connect Project Python Openid Connect
6.8
CVSSv2
CVE-2008-6836
Cross-site request forgery (CSRF) vulnerability in OpenID 5.x prior to 5x.-1.2, a module for Drupal, allows remote malicious users to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors.
Peter Wolanin Openid 5.x-1.0
Peter Wolanin Openid 5.x-1.1
Peter Wolanin Openid 5.x-1.x
4.3
CVSSv2
CVE-2008-6835
Cross-site scripting (XSS) vulnerability in OpenID 5.x prior to 5.x-1.2, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Peter Wolanin Openid 5.x-1.0
Peter Wolanin Openid 5.x-1.1
Peter Wolanin Openid 5.x-1.x
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »