Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shibboleth vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2010-2450
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key ...
Shibboleth Service Provider 2.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.4
CVSSv2
CVE-2018-0486
Shibboleth XMLTooling-C prior to 1.6.3, as used in Shibboleth Service Provider prior to 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote malicious users to obtain sensitive information or conduct impersonation attacks ...
Shibboleth Xmltooling-c
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
6.4
CVSSv2
CVE-2018-0489
Shibboleth XMLTooling-C prior to 1.6.4, as used in Shibboleth Service Provider prior to 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote malicious users to obtain sensitive information or conduct impersonation attacks via craf...
Shibboleth Xmltooling-c
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Arubanetworks Clearpass
2.6
CVSSv2
CVE-2009-3300
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x prior to 1.3.4 and 2.x prior to 2.1.5, and the Service Provider 1.3.x prior to 1.3.5 and 2.x prior to 2.3, in Internet2 Middleware Initiative Shibboleth allow remote malicious users to inject...
Internet2 Identity Provider 2.1.2
Internet2 Identity Provider 2.1.3
Internet2 Service Provider 2.2
Internet2 Service Provider 2.1
Internet2 Identity Provider 1.3.1
Internet2 Identity Provider 1.3
Internet2 Service Provider 1.3.1
Internet2 Service Provider 1.3.2
Internet2 Identity Provider 1.3.3
Internet2 Identity Provider 1.3.2
Internet2 Identity Provider 2.1.4
Internet2 Service Provider 1.3
Internet2 Identity Provider 2.1.0
Internet2 Identity Provider 2.1.1
Internet2 Service Provider 1.3.3
Internet2 Service Provider 2.0
5
CVSSv2
CVE-2015-0851
XMLTooling-C prior to 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote malicious users to cause a denial of service (crash) via schema-invalid XML data.
Xmltooling Project Xmltooling
NA
CVE-2021-36394
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
Moodle Moodle
2 Github repositories
1 Article
6
CVSSv2
CVE-2014-3552
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, and 2.5.x prior to 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin inte...
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.4.9
Moodle Moodle 2.4.10
Moodle Moodle 2.4.6
Moodle Moodle 2.4.8
Moodle Moodle 2.4.5
Moodle Moodle 2.4.7
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.6
Moodle Moodle 2.3.7
Moodle Moodle 2.3.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.10
Moodle Moodle 2.3.2
Moodle Moodle 2.3.9
Moodle Moodle
Moodle Moodle 2.3.3
5.8
CVSSv2
CVE-2017-18262
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.
Blackboard Blackboard Learn 9.1
Blackboard Blackboard Learn
NA
CVE-2021-40691
A session hijack risk was identified in the Shibboleth authentication plugin.
Moodle Moodle
6.5
CVSSv2
CVE-2021-20187
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
Moodle Moodle
Moodle Moodle 3.10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »