Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-4701
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and previous versions allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in...
Janrain Php-openid
8.8
CVSSv3
CVE-2016-2049
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote malicious users to hijack the authentication of arbitrary users via v...
Janrain Php-openid
9.8
CVSSv3
CVE-2021-22851
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
Hgiga Oaklouds Openid
8.8
CVSSv3
CVE-2021-22852
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.
Hgiga Oaklouds Openid
4.3
CVSSv3
CVE-2019-1003021
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and previous versions in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. ...
Jenkins Openid Connect Authentication
NA
CVE-2011-3707
JanRain PHP OpenID library (aka php-openid) 2.2.2 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files.
Janrain Php-openid 2.2.2
8.8
CVSSv3
CVE-2021-41246
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session f...
Auth0 Express Openid Connect
8.8
CVSSv3
CVE-2023-24424
Jenkins OpenId Connect Authentication Plugin 2.4 and previous versions does not invalidate the previous session on login.
Jenkins Openid Connect Authentication
6.1
CVSSv3
CVE-2010-10002
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState le...
Simplesamlphp Simplesamlphp-module-openid
6.1
CVSSv3
CVE-2022-24794
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is appli...
Auth0 Express Openid Connect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »