CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9955
https://notcve.org/view.php?id=CVE-2016-9955
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. El constructor de clase SimpleSAML_XML_Validator en SimpleSAMLphp en versiones anteriores a 1.14.11 podría permitir a atacantes remotos suplantar firmas en respuestas SAML 1 o posiblemente provocar una denegación de servicio (consumo de memoria) aprovechando la conversión incorrecta de valores de retorno a valores booleanos. • http://www.securityfocus.com/bid/94946 https://lists.debian.org/debian-lts-announce/2018/03/msg00001.html https://simplesamlphp.org/security/201612-02 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3124
https://notcve.org/view.php?id=CVE-2016-3124
The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. El módulo sanitycheck en SimpleSAMLphp en versiones anteriores a 1.14.1 permite a atacantes remotos aprender la versión de PHP en el sistema a través de vectores no especificados. • http://www.securityfocus.com/bid/96134 https://simplesamlphp.org/security/201603-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2012-0908
https://notcve.org/view.php?id=CVE-2012-0908
Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the link_href parameter. Vulnerbilidad de ejecución de secuencias de comandos web en sitios cruzados (XSS) en logout.php en SimpleSAMLphp v1.8.1 y posiblemente otras versiones anterior a v1.8.2 permite a atacantes remotos inyectar código HTML o script web a través del parámetro 'link_href parameter'. • http://code.google.com/p/simplesamlphp/issues/detail?id=468 http://osvdb.org/78255 http://secunia.com/advisories/47491 http://www.openwall.com/lists/oss-security/2012/01/20/20 http://www.securityfocus.com/bid/51372 https://exchange.xforce.ibmcloud.com/vulnerabilities/72313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2012-0040
https://notcve.org/view.php?id=CVE-2012-0040
Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter. Vulnerbilidad de ejecución de secuencias de comandos web en sitios cruzados (XSS) en modules/core/www/no_cookie.php en SimpleSAMLphp v1.8.1 y posiblemente en otras versiones anteriores a v1.8.2 permite a atacantes remotos inyectar código HTML o script web a través del parámetro 'retryURL'. • http://code.google.com/p/simplesamlphp/issues/detail?id=468 http://osvdb.org/78254 http://secunia.com/advisories/47491 http://secunia.com/advisories/47534 http://www.debian.org/security/2012/dsa-2387 http://www.openwall.com/lists/oss-security/2012/01/20/20 http://www.securityfocus.com/bid/51372 https://exchange.xforce.ibmcloud.com/vulnerabilities/72313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •