Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simplesamlphp simplesamlphp vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-3124
The sanitycheck module in SimpleSAMLphp prior to 1.14.1 allows remote malicious users to learn the PHP version on the system via unspecified vectors.
Simplesamlphp Simplesamlphp
5
CVSSv2
CVE-2018-7644
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp prior to 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote malicious user to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically v...
Simplesamlphp Simplesamlphp
5.8
CVSSv2
CVE-2018-6520
SimpleSAMLphp prior to 1.15.2 allows remote malicious users to bypass an open redirect protection mechanism via crafted authority data in a URL.
Simplesamlphp Simplesamlphp
6.8
CVSSv2
CVE-2018-7711
HTTPRedirect.php in the saml2 library in SimpleSAMLphp prior to 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an malicious user to get invalid signatures accepted as valid by forcing an error during validation. This occurs because ...
Simplesamlphp Simplesamlphp
Simplesamlphp Saml2
Debian Debian Linux 7.0
NA
CVE-2010-10002
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState le...
Simplesamlphp Simplesamlphp-module-openid
NA
CVE-2010-10008
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the...
Simplesamlphp Simplesamlphp-module-openidprovider
4.3
CVSSv2
CVE-2021-38320
The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which allows malicious users to inject arbitrary web scripts, in versions up to...
Simplesamlphp Authentication Project Simplesamlphp Authentication
4
CVSSv2
CVE-2016-9955
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp prior to 1.14.11 might allow remote malicious users to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.
Simplesamlphp Simplesamlphp
Debian Debian Linux 7.0
NA
CVE-2023-49087
xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (th...
Simplesamlphp Saml2 5.0.0
Simplesamlphp Xml-security 1.6.11
4.3
CVSSv2
CVE-2017-12872
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and previous versions allow remote malicious users to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secr...
Simplesamlphp Simplesamlphp
Debian Debian Linux 7.0
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »