| CVE-2007-5173 | | 0.03 | — | 0.03 | | Oct 3, 2007 | PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter. |
| CVE-2010-3686 | | 0.00 | — | 0.01 | | Sep 29, 2010 | The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. |
| CVE-2010-3685 | | 0.00 | — | 0.01 | | Sep 29, 2010 | The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. |
| CVE-2010-3091 | | 0.00 | — | 0.01 | | Sep 29, 2010 | The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. |
| CVE-2008-6836 | | 0.00 | — | 0.00 | | Jun 27, 2009 | Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors. |
| CVE-2008-6835 | | 0.00 | — | 0.00 | | Jun 27, 2009 | Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2007-1651 | | 0.00 | — | 0.02 | | Mar 24, 2007 | Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site. |
| CVE-2007-1652 | | 0.00 | — | 0.01 | | Mar 24, 2007 | OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens. |
