Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simplesamlphp simplesamlphp vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-6520
SimpleSAMLphp prior to 1.15.2 allows remote malicious users to bypass an open redirect protection mechanism via crafted authority data in a URL.
Simplesamlphp Simplesamlphp
5.3
CVSSv3
CVE-2016-3124
The sanitycheck module in SimpleSAMLphp prior to 1.14.1 allows remote malicious users to learn the PHP version on the system via unspecified vectors.
Simplesamlphp Simplesamlphp
5.9
CVSSv3
CVE-2017-12867
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and previous versions allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.
Simplesamlphp Simplesamlphp
8.1
CVSSv3
CVE-2018-7711
HTTPRedirect.php in the saml2 library in SimpleSAMLphp prior to 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an malicious user to get invalid signatures accepted as valid by forcing an error during validation. This occurs because ...
Simplesamlphp Simplesamlphp
Simplesamlphp Saml2
Debian Debian Linux 7.0
6.1
CVSSv3
CVE-2010-10002
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState le...
Simplesamlphp Simplesamlphp-module-openid
5.4
CVSSv3
CVE-2010-10008
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the...
Simplesamlphp Simplesamlphp-module-openidprovider
6.1
CVSSv3
CVE-2021-38320
The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which allows malicious users to inject arbitrary web scripts, in versions up to...
Simplesamlphp Authentication Project Simplesamlphp Authentication
6.3
CVSSv3
CVE-2016-9955
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp prior to 1.14.11 might allow remote malicious users to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.
Simplesamlphp Simplesamlphp
Debian Debian Linux 7.0
7.5
CVSSv3
CVE-2023-49087
xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (th...
Simplesamlphp Saml2 5.0.0
Simplesamlphp Xml-security 1.6.11
5.9
CVSSv3
CVE-2017-12872
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and previous versions allow remote malicious users to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secr...
Simplesamlphp Simplesamlphp
Debian Debian Linux 7.0
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »