Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apereo phpcas vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2010-3692
Directory traversal vulnerability in the callback function in client.php in phpCAS prior to 1.1.3, when proxy mode is enabled, allows remote malicious users to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
Apereo Phpcas
Apereo Phpcas 0.2
Apereo Phpcas 0.3
Apereo Phpcas 0.3.1
Apereo Phpcas 0.3.2
Apereo Phpcas 0.4
Apereo Phpcas 0.4.1
Apereo Phpcas 0.4.8
Apereo Phpcas 0.4.9
Apereo Phpcas 0.4.10
Apereo Phpcas 0.4.11
Apereo Phpcas 0.4.12
4.3
CVSSv2
CVE-2010-3690
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS prior to 1.1.3, when proxy mode is enabled, allow remote malicious users to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2)...
Apereo Phpcas
Apereo Phpcas 0.2
Apereo Phpcas 0.3
Apereo Phpcas 0.3.1
Apereo Phpcas 0.3.2
Apereo Phpcas 0.4
Apereo Phpcas 0.4.1
Apereo Phpcas 0.4.8
Apereo Phpcas 0.4.9
Apereo Phpcas 0.4.10
Apereo Phpcas 0.4.11
Apereo Phpcas 0.4.12
3.3
CVSSv2
CVE-2010-3691
PGTStorage/pgt-file.php in phpCAS prior to 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
Apereo Phpcas
Apereo Phpcas 0.2
Apereo Phpcas 0.3
Apereo Phpcas 0.3.1
Apereo Phpcas 0.3.2
Apereo Phpcas 0.4
Apereo Phpcas 0.4.1
Apereo Phpcas 0.4.8
Apereo Phpcas 0.4.9
Apereo Phpcas 0.4.10
Apereo Phpcas 0.4.11
Apereo Phpcas 0.4.12
5.8
CVSSv2
CVE-2012-5583
phpCAS prior to 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Apereo Phpcas
Apereo Phpcas 1.3.0
6.8
CVSSv2
CVE-2017-1000071
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
Apereo Phpcas 1.3.4
5
CVSSv2
CVE-2012-1104
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
Apereo Phpcas 1.2.2
Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client prior to 3.3.2, .NET CAS Client prior to 1.0.2, and phpCAS prior to 1.3.3 that allow remote malicious users to inject arbitrary web script or ...
Apereo .net Cas Client
Apereo Java Cas Client
Apereo Phpcas
Debian Debian Linux 7.0
Fedoraproject Fedora 20
NA
CVE-2022-39369
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an malicious user to control th...
Apereo Phpcas
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
2.1
CVSSv2
CVE-2012-1105
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
Apereo Phpcas 1.2.2
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SQL injection
CVE-2024-52320
SQL
logic flaw
CVE-2024-6387
CVE-2024-11457
CVE-2024-11329
CVE-2024-50404
CVE-2023-48788
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started