Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39338
user_oidc is an OpenID Connect user backend for Nextcloud. Versions before 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally...
Nextcloud Openid Connect User Backend
NA
CVE-2022-39339
user_oidc is an OpenID Connect user backend for Nextcloud. In versions before 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compr...
Nextcloud Openid Connect User Backend
445
VMScore
CVE-2010-3685
The OpenID module in Drupal 6.x prior to 6.18, and the OpenID module 5.x prior to 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote malicious users to bypass authentication by leveraging an assertio...
Drupal Drupal 6.1
Drupal Drupal 6.10
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.0
Drupal Drupal 6.13
Drupal Drupal 6.15
Drupal Drupal 6.6
Drupal Drupal 6.8
Drupal Drupal 6.17
Drupal Drupal 6.2
Drupal Drupal 6.3
Drupal Drupal 6.4
Drupal Drupal 6.14
Drupal Drupal 6.16
Drupal Drupal 6.5
Drupal Drupal 6.7
Drupal Drupal 6.9
Peter Wolanin Openid 5.x-1.0
Peter Wolanin Openid 5.x-1.1
Peter Wolanin Openid 5.x-1.2
Peter Wolanin Openid 5.x-1.x
445
VMScore
CVE-2010-3686
The OpenID module in Drupal 6.x prior to 6.18, and the OpenID module 5.x prior to 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote malicious users to bypass authentication by leveraging an assertion from an OpenID pr...
Drupal Drupal 6.0
Drupal Drupal 6.1
Drupal Drupal 6.10
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.9
Drupal Drupal 6.13
Drupal Drupal 6.15
Drupal Drupal 6.6
Drupal Drupal 6.8
Drupal Drupal 6.17
Drupal Drupal 6.2
Drupal Drupal 6.3
Drupal Drupal 6.4
Drupal Drupal 6.14
Drupal Drupal 6.16
Drupal Drupal 6.5
Drupal Drupal 6.7
Peter Wolanin Openid 5.x-1.0
Peter Wolanin Openid 5.x-1.1
Peter Wolanin Openid 5.x-1.2
Peter Wolanin Openid 5.x-1.x
445
VMScore
CVE-2010-3091
The OpenID module in Drupal 6.x prior to 6.18, and the OpenID module 5.x prior to 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote malicious users to bypass authentication by leveraging an assertion from an Open...
Drupal Drupal 6.0
Drupal Drupal 6.3
Drupal Drupal 6.4
Drupal Drupal 6.5
Drupal Drupal 6.6
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.13
Drupal Drupal 6.14
Drupal Drupal 6.1
Drupal Drupal 6.16
Drupal Drupal 6.2
Drupal Drupal 6.7
Drupal Drupal 6.9
Drupal Drupal 6.10
Drupal Drupal 6.15
Drupal Drupal 6.17
Drupal Drupal 6.8
Peter Wolanin Openid 5.x-1.1
Peter Wolanin Openid 5.x-1.2
Peter Wolanin Openid 5.x-1.3
Peter Wolanin Openid 5.x-1.x
516
VMScore
CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java prior to 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 prior to 5.1.2, Step2, Kay Framework prior to 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows re...
Redhat Jboss Enterprise Application Platform 5.1.0
Redhat Jboss Enterprise Application Platform 5.1.1
Kay Framework Project Kay Framework 0.1.0
Kay Framework Project Kay Framework 0.0.0
Openid Openid4java 0.9.3
Openid Openid4java 0.9.2
Kay Framework Project Kay Framework 0.3.0
Kay Framework Project Kay Framework 0.2.0
Redhat Jboss Enterprise Application Platform 5.1.2
Kay Framework Project Kay Framework
Openid Openid4java
Openid Openid4java 0.9.4.339
Kay Framework Project Kay Framework 1.0.0
Kay Framework Project Kay Framework 0.8.0
605
VMScore
CVE-2008-0169
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 up to and including 2.47 allows remote malicious users to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty passw...
Ikiwiki Ikiwiki 1.37
Ikiwiki Ikiwiki 1.34.1
Ikiwiki Ikiwiki 1.34.2
Ikiwiki Ikiwiki 1.41
Ikiwiki Ikiwiki 1.42
Ikiwiki Ikiwiki 1.5
Ikiwiki Ikiwiki 1.51
Ikiwiki Ikiwiki 2.14
Ikiwiki Ikiwiki 2.15
Ikiwiki Ikiwiki 2.3
Ikiwiki Ikiwiki 2.30
Ikiwiki Ikiwiki 2.42
Ikiwiki Ikiwiki 1.35
Ikiwiki Ikiwiki 1.36
Ikiwiki Ikiwiki 1.43
Ikiwiki Ikiwiki 1.44
Ikiwiki Ikiwiki 2.0
Ikiwiki Ikiwiki 2.1
Ikiwiki Ikiwiki 2.16
Ikiwiki Ikiwiki 2.17
Ikiwiki Ikiwiki 2.31
Ikiwiki Ikiwiki 2.31.1
383
VMScore
CVE-2015-3234
The OpenID module in Drupal 6.x prior to 6.36 and 7.x prior to 7.38 allows remote malicious users to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.
Drupal Drupal 7.0
Drupal Drupal 7.10
Drupal Drupal 7.11
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.25
Drupal Drupal 7.26
Drupal Drupal 7.35
Drupal Drupal 7.36
Drupal Drupal 7.9
Drupal Drupal 6.0
Drupal Drupal 7.1
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.23
Drupal Drupal 7.24
Drupal Drupal 7.33
Drupal Drupal 7.34
Drupal Drupal 7.7
Drupal Drupal 7.8
Drupal Drupal 6.13
Drupal Drupal 6.14
1 Article
516
VMScore
CVE-2015-3232
Open redirect vulnerability in the Field UI module in Drupal 7.x prior to 7.38 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.
Drupal Drupal 7.0
Drupal Drupal 7.10
Drupal Drupal 7.11
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.26
Drupal Drupal 7.27
Drupal Drupal 7.35
Drupal Drupal 7.36
Drupal Drupal 7.9
Drupal Drupal 7.14
Drupal Drupal 7.15
Drupal Drupal 7.21
Drupal Drupal 7.22
Drupal Drupal 7.23
Drupal Drupal 7.3
Drupal Drupal 7.30
Drupal Drupal 7.5
Drupal Drupal 7.6
Drupal Drupal 7.1
Drupal Drupal 7.16
Drupal Drupal 7.17
1 Article
516
VMScore
CVE-2015-3233
Open redirect vulnerability in the Overlay module in Drupal 7.x prior to 7.38 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Drupal Drupal 7.0
Drupal Drupal 7.14
Drupal Drupal 7.15
Drupal Drupal 7.21
Drupal Drupal 7.12
Drupal Drupal 7.13
Drupal Drupal 7.2
Drupal Drupal 7.20
Drupal Drupal 7.27
Drupal Drupal 7.28
Drupal Drupal 7.37
Drupal Drupal 7.4
Drupal Drupal 7.1
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.23
Drupal Drupal 7.24
Drupal Drupal 7.33
Drupal Drupal 7.34
Drupal Drupal 7.7
Drupal Drupal 7.8
Drupal Drupal 7.22
1 Article
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »