21 matches found
EUVD-2022-3362
Malicious code in bioql PyPI...
SUSE CVE-2010-1618
Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
GHSA-9FC5-Q25C-R2WR Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
Cross-site Scripting (XSS)
cas-client is vulnerable to cross-site scripting XSS. The vulnerability exists as the value of value from URL encoded parameters in AbstractUrlBasedTicketValidator.java is not sanitized...
CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
DEBIAN-CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
CVE-2014-4172
The CVE-2014-4172 issue affects Jasig Java CAS Client (<3.3.2), .NET CAS Client (<1.0.2), and phpCAS (
CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
XML External Entity (XXE)
Jasig CAS Client is vulnerable to XML External Entity XXE injection. The attacker can trigger the attack by sending malicious XML data because it does not prevent loading malicious XML data via java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server when Google Accounts Integration is on...
cas-client: Bypass of security constraints via URL parameter injection
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
Important: Red Hat Security Advisory: Red Hat JBoss Portal 6.2.0 update
Red Hat JBoss Portal 6.2.0, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Fedora Update for cas-client FEDORA-2014-9662
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : cas-client-3.3.3-1.fc20 (2014-9662)
update to 3.3.3 - fix CVE-2014-4172 rhbz1131371 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
CVE-2013-2716
Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file casclientconfig.yml when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie...
Code injection
Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file casclientconfig.yml when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie...
CVE-2013-2716
Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file casclientconfig.yml when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie...
Debian Security Advisory DSA 2172-1 (moodle)
The remote host is missing an update to moodle announced via advisory DSA 2172-1. OpenVAS Vulnerability Test $Id: deb21721.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2172-1 moodle Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...