Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
passport vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-20982
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows malicious users to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.
Wdja Wdja Cms 1.5.1
5
CVSSv2
CVE-2021-41580
The passport-oauth2 package prior to 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an appl...
Passportjs Passport-oauth2
5
CVSSv2
CVE-2021-39171
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This...
Passport-saml Project Passport-saml
7.5
CVSSv2
CVE-2019-13483
Auth0 Passport-SharePoint prior to 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows malicious users to forge tokens and bypass authentication and authorization mechanisms.
Auth0 Passport-sharepoint
2.1
CVSSv2
CVE-2018-17499
Envoy Passport for Android and Envoy Passport for iPhone could allow a local malicious user to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive informa...
Envoy Passport 2.4.0
Envoy Passport 2.2.5
2.1
CVSSv2
CVE-2018-17500
Envoy Passport for Android and Envoy Passport for iPhone could allow a local malicious user to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.
Envoy Passport 2.4.0
Envoy Passport 2.2.5
9
CVSSv2
CVE-2019-7632
LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authenticat...
Lifesize Team 220 Firmware -
Lifesize Passport 220 Firmware -
Lifesize Networker 220 Firmware -
Lifesize Room 220 Firmware -
9.3
CVSSv2
CVE-2017-16897
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an malicious user to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML ...
Auth0 Passport-wsfed-saml2
4.3
CVSSv2
CVE-2016-7191
The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x prior to 1.4.6 and 2.x prior to 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote malicious users to bypass authentication via a crafted token.
Microsoft Azure Active Directory Passport 1.0.0
Microsoft Azure Active Directory Passport 1.1.0
Microsoft Azure Active Directory Passport 1.3.5
Microsoft Azure Active Directory Passport 1.3.6
Microsoft Azure Active Directory Passport 2.0.0
Microsoft Azure Active Directory Passport 1.3.3
Microsoft Azure Active Directory Passport 1.3.4
Microsoft Azure Active Directory Passport 1.4.4
Microsoft Azure Active Directory Passport 1.4.5
Microsoft Azure Active Directory Passport 1.3.1
Microsoft Azure Active Directory Passport 1.3.2
Microsoft Azure Active Directory Passport 1.4.2
Microsoft Azure Active Directory Passport 1.4.3
Microsoft Azure Active Directory Passport 1.1.1
Microsoft Azure Active Directory Passport 1.2.0
Microsoft Azure Active Directory Passport 1.3.0
Microsoft Azure Active Directory Passport 1.4.0
Microsoft Azure Active Directory Passport 1.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2