Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-22852
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.
Hgiga Oaklouds Openid
7.5
CVSSv2
CVE-2013-4701
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and previous versions allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in...
Janrain Php-openid
6.8
CVSSv2
CVE-2016-2049
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote malicious users to hijack the authentication of arbitrary users via v...
Janrain Php-openid
NA
CVE-2022-39387
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can th...
Xwiki Openid Connect
6.8
CVSSv2
CVE-2021-41246
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session f...
Auth0 Express Openid Connect
5.8
CVSSv2
CVE-2022-24794
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is appli...
Auth0 Express Openid Connect
4.3
CVSSv2
CVE-2019-1003021
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and previous versions in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. ...
Jenkins Openid Connect Authentication
NA
CVE-2010-10002
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState le...
Simplesamlphp Simplesamlphp-module-openid
NA
CVE-2023-24424
Jenkins OpenId Connect Authentication Plugin 2.4 and previous versions does not invalidate the previous session on login.
Jenkins Openid Connect Authentication
5
CVSSv2
CVE-2011-3707
JanRain PHP OpenID library (aka php-openid) 2.2.2 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files.
Janrain Php-openid 2.2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »