Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apereo phpcas vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2022-39369
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an malicious user to control th...
Apereo Phpcas
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client prior to 3.3.2, .NET CAS Client prior to 1.0.2, and phpCAS prior to 1.3.3 that allow remote malicious users to inject arbitrary web script or ...
Apereo .net Cas Client
Apereo Java Cas Client
Apereo Phpcas
Debian Debian Linux 7.0
Fedoraproject Fedora 20
5.5
CVSSv3
CVE-2012-1105
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
Apereo Phpcas 1.2.2
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Debian Debian Linux 8.0
5.3
CVSSv3
CVE-2012-1104
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
Apereo Phpcas 1.2.2
Debian Debian Linux 8.0
8.1
CVSSv3
CVE-2017-1000071
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
Apereo Phpcas 1.3.4
NA
CVE-2012-5583
phpCAS prior to 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Apereo Phpcas 1.3.0
Apereo Phpcas
NA
CVE-2010-3691
PGTStorage/pgt-file.php in phpCAS prior to 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
Apereo Phpcas
Apereo Phpcas 0.6.0
Apereo Phpcas 0.5.1
Apereo Phpcas 0.4.18
Apereo Phpcas 0.4.17
Apereo Phpcas 0.5.0
Apereo Phpcas 0.4.9
Apereo Phpcas 0.4.1
Apereo Phpcas 0.4
Apereo Phpcas 0.3
Apereo Phpcas 0.2
Apereo Phpcas 0.4.12
Apereo Phpcas 0.4.11
Apereo Phpcas 0.4.20
Apereo Phpcas 0.4.19
Apereo Phpcas 1.0.1
Apereo Phpcas 1.0.0
Apereo Phpcas 0.4.10
Apereo Phpcas 0.4.16
Apereo Phpcas 0.4.15
Apereo Phpcas 0.4.8
Apereo Phpcas 0.4.23
NA
CVE-2010-3692
Directory traversal vulnerability in the callback function in client.php in phpCAS prior to 1.1.3, when proxy mode is enabled, allows remote malicious users to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
Apereo Phpcas 0.4.1
Apereo Phpcas 0.4
Apereo Phpcas 0.2
Apereo Phpcas 1.1.1
Apereo Phpcas 0.4.12
Apereo Phpcas 0.4.11
Apereo Phpcas 0.3.2
Apereo Phpcas 0.3.1
Apereo Phpcas 1.1.0
Apereo Phpcas 0.4.10
Apereo Phpcas 0.4.14
Apereo Phpcas 0.4.13
Apereo Phpcas 0.4.22
Apereo Phpcas 0.4.21
Apereo Phpcas
Apereo Phpcas 0.6.0
Apereo Phpcas 0.5.1
Apereo Phpcas 0.3
Apereo Phpcas 0.4.18
Apereo Phpcas 0.4.17
Apereo Phpcas 0.5.0
Apereo Phpcas 0.4.9
NA
CVE-2010-3690
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS prior to 1.1.3, when proxy mode is enabled, allow remote malicious users to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2)...
Apereo Phpcas 1.0.1
Apereo Phpcas 1.0.0
Apereo Phpcas 0.4.10
Apereo Phpcas 0.4.16
Apereo Phpcas 0.4.13
Apereo Phpcas 0.4.8
Apereo Phpcas 0.4.23
Apereo Phpcas
Apereo Phpcas 0.6.0
Apereo Phpcas 0.5.1
Apereo Phpcas 0.4.15
Apereo Phpcas 0.4.18
Apereo Phpcas 0.5.0
Apereo Phpcas 0.4.9
Apereo Phpcas 0.3.2
Apereo Phpcas 0.3.1
Apereo Phpcas 1.1.1
Apereo Phpcas 1.1.0
Apereo Phpcas 0.4.11
Apereo Phpcas 0.4.14
Apereo Phpcas 0.4.22
Apereo Phpcas 0.4.21
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started