9 matches found
EUVD-2010-2800
Malware in sbrugna...
EUVD-2012-5470
Malware in sbrugna...
EUVD-2010-3675
Malware in sbrugna...
EUVD-2010-3676
Malware in sbrugna...
EUVD-2022-7285
Malicious code in bioql PyPI...
The vulnerability of the phpCAS::setUrl() function in the phpCAS authentication library allows a attacker to gain access to the user’s account.
The vulnerability of the phpCAS::setUrl function in the phpCAS authentication library relates to the use of HTTP headers to determine the URL address of the service used for ticket verification. This allows control over the host header and enables the use of a valid ticket for authentication in a...
USN-6913-1 php-cas vulnerability
Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. Afte...
Ubuntu 20.04 LTS / 22.04 LTS : phpCAS vulnerability (USN-6913-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6913-1 advisory. Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use...
CVE-2010-3690
Multiple cross-site scripting XSS vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Proxy Granting Ticket IOU PGTiou parameter to the callback function in client.php, 2 vectors involving functions that...