Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simplesamlphp simplesamlphp vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-6521
The sqlauth module in SimpleSAMLphp prior to 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote malicious users to bypass intended access restrictions.
Simplesamlphp Simplesamlphp
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2017-18121
The consentAdmin module in SimpleSAMLphp up to and including 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an malicious user to craft links that could execute arbitrary JavaScript code on the victim's web browser.
Simplesamlphp Simplesamlphp
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
6.8
CVSSv2
CVE-2017-18122
A signature-validation bypass issue exists in SimpleSAMLphp up to and including 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the a...
Simplesamlphp Simplesamlphp
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2011-4625
simplesamlphp prior to 1.6.3 (squeeze) and prior to 1.8.2 (sid) incorrectly handles XML encryption which could allow remote malicious users to decrypt or forge messages.
Simplesamlphp Simplesamlphp
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5
CVSSv2
CVE-2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and previous versions allows remote malicious users to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input.
Simplesamlphp Simplesamlphp
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2017-12873
SimpleSAMLphp 1.7.0 up to and including 1.14.10 might allow malicious users to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
Simplesamlphp Simplesamlphp
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
NA
CVE-2010-10004
A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this...
Simplesamlphp Information Cards Module
6.5
CVSSv2
CVE-2019-3465
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated malicious user to impersonate others or elevate privileges by creating a crafted XML ...
Xmlseclibs Project Xmlseclibs
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Simplesamlphp Simplesamlphp
15 Github repositories
5
CVSSv2
CVE-2018-6519
The SAML2 library prior to 1.10.4, 2.x prior to 2.3.5, and 3.x prior to 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.
Simplesamlphp Saml2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2017-12874
The InfoCard module 1.0 for SimpleSAMLphp allows malicious users to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.
Simplesamlphp Infocard Module 1.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »