← Back

Janrain

janrain

6 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Php Openid
php-openid
3 CVEs
Rpx
rpx
2 CVEs
Ruby Openid
ruby-openid
1 CVE

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-2049
1Janrain
1Php Openid
May 6, 2026
Feb 1, 2016
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers...Show more
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header.Show less
CVE-2013-1812
2Fedoraproject
Janrain
2Fedora
Ruby Openid
Apr 29, 2026
Dec 12, 2013
N/A· v4
N/A· v3
4.3 MEDIUM· v2
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
CVE-2013-4701
1Janrain
1Php Openid
Apr 29, 2026
Aug 21, 2013
N/A· v4
N/A· v3
7.5 HIGH· v2
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data...Show more
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.Show less
CVE-2012-2296
1Janrain
1Rpx
Apr 29, 2026
Jul 25, 2012
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensiti...Show more
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability.Show less
CVE-2011-3707
1Janrain
1Php Openid
Apr 29, 2026
Sep 23, 2011
N/A· v4
N/A· v3
5.0 MEDIUM· v2
JanRain PHP OpenID library (aka php-openid) 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by A...Show more
JanRain PHP OpenID library (aka php-openid) 2.2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files.Show less
CVE-2011-0771
1Janrain
1Rpx
Apr 29, 2026
Feb 4, 2011
N/A· v4
N/A· v3
6.8 MEDIUM· v2
The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbit...Show more
The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site.Show less