Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid - vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2022-24794
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is appli...
Auth0 Express Openid Connect
NA
CVE-2022-39338
user_oidc is an OpenID Connect user backend for Nextcloud. Versions before 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally...
Nextcloud Openid Connect User Backend
NA
CVE-2022-39339
user_oidc is an OpenID Connect user backend for Nextcloud. In versions before 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compr...
Nextcloud Openid Connect User Backend
5
CVSSv2
CVE-2010-3091
The OpenID module in Drupal 6.x prior to 6.18, and the OpenID module 5.x prior to 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote malicious users to bypass authentication by leveraging an assertion from an Open...
Drupal Drupal 6.0
Drupal Drupal 6.2
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.12
Drupal Drupal 6.4
Drupal Drupal 6.11
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.1
Drupal Drupal 6.17
Drupal Drupal 6.5
Drupal Drupal 6.10
Drupal Drupal 6.6
Drupal Drupal 6.15
Drupal Drupal 6.16
Drupal Drupal 6.3
Drupal Drupal 6.9
Peter Wolanin Openid 5.x-1.1
Peter Wolanin Openid 5.x-1.0
Peter Wolanin Openid 5.x-1.2
Peter Wolanin Openid 5.x-1.3
5
CVSSv2
CVE-2010-3685
The OpenID module in Drupal 6.x prior to 6.18, and the OpenID module 5.x prior to 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote malicious users to bypass authentication by leveraging an assertio...
Drupal Drupal 6.0
Drupal Drupal 6.2
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.12
Drupal Drupal 6.4
Drupal Drupal 6.11
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.1
Drupal Drupal 6.17
Drupal Drupal 6.5
Drupal Drupal 6.10
Drupal Drupal 6.6
Drupal Drupal 6.15
Drupal Drupal 6.16
Drupal Drupal 6.3
Drupal Drupal 6.9
Peter Wolanin Openid 5.x-1.1
Peter Wolanin Openid 5.x-1.0
Peter Wolanin Openid 5.x-1.2
Peter Wolanin Openid 5.x-1.3
5
CVSSv2
CVE-2010-3686
The OpenID module in Drupal 6.x prior to 6.18, and the OpenID module 5.x prior to 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote malicious users to bypass authentication by leveraging an assertion from an OpenID pr...
Drupal Drupal 6.0
Drupal Drupal 6.2
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.12
Drupal Drupal 6.4
Drupal Drupal 6.11
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.1
Drupal Drupal 6.17
Drupal Drupal 6.5
Drupal Drupal 6.10
Drupal Drupal 6.6
Drupal Drupal 6.15
Drupal Drupal 6.16
Drupal Drupal 6.3
Drupal Drupal 6.9
Peter Wolanin Openid 5.x-1.1
Peter Wolanin Openid 5.x-1.0
Peter Wolanin Openid 5.x-1.2
Peter Wolanin Openid 5.x-1.3
5.8
CVSSv2
CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java prior to 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 prior to 5.1.2, Step2, Kay Framework prior to 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows re...
Openid Openid4java
Kay Framework Project Kay Framework 1.0.0
Redhat Jboss Enterprise Application Platform 5.1.2
Openid Openid4java 0.9.2
Kay Framework Project Kay Framework 0.1.0
Redhat Jboss Enterprise Application Platform 5.1.1
Kay Framework Project Kay Framework
Kay Framework Project Kay Framework 0.8.0
Kay Framework Project Kay Framework 0.2.0
Redhat Jboss Enterprise Application Platform 5.1.0
Openid Openid4java 0.9.4.339
Openid Openid4java 0.9.3
Kay Framework Project Kay Framework 0.0.0
Kay Framework Project Kay Framework 0.3.0
6.8
CVSSv2
CVE-2008-0169
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 up to and including 2.47 allows remote malicious users to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty passw...
Ikiwiki Ikiwiki 2.8
Ikiwiki Ikiwiki 1.5
Ikiwiki Ikiwiki 1.47
Ikiwiki Ikiwiki 1.43
Ikiwiki Ikiwiki 1.41
Ikiwiki Ikiwiki 1.34.2
Ikiwiki Ikiwiki 2.14
Ikiwiki Ikiwiki 1.39
Ikiwiki Ikiwiki 2.40
Ikiwiki Ikiwiki 2.12
Ikiwiki Ikiwiki 1.51
Ikiwiki Ikiwiki 1.36
Ikiwiki Ikiwiki 2.31
Ikiwiki Ikiwiki 2.42
Ikiwiki Ikiwiki 2.0
Ikiwiki Ikiwiki 2.3
Ikiwiki Ikiwiki 1.34
Ikiwiki Ikiwiki 2.47
Ikiwiki Ikiwiki 2.7
Ikiwiki Ikiwiki 1.40
Ikiwiki Ikiwiki 2.17
Ikiwiki Ikiwiki 2.31.2
5.8
CVSSv2
CVE-2015-3232
Open redirect vulnerability in the Field UI module in Drupal 7.x prior to 7.38 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.30
Drupal Drupal 7.27
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.34
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.28
Drupal Drupal 7.22
1 Article
4
CVSSv2
CVE-2015-3231
The Render cache system in Drupal 7.x prior to 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.30
Drupal Drupal 7.27
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.34
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.28
Drupal Drupal 7.22
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »