114 matches found
CVE-2017-1000071
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server...
Authentication flaw
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server...
CVE-2017-1000071
CVE-2017-1000071 affects Jasig phpCAS 1.3.4. The vulnerability is an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. Connected sources confirm the affected component and scenario, but do not provide exploit details or a confirmed patc...
CVE-2017-1000071
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server...
CVE-2017-1000071
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server...
Moodle < 2.5 / 2.5.x < 2.5.8 / 2.6.x < 2.6.5 / 2.7.x < 2.7.2 Multiple Vulnerabilities
Binary data 8719.prm...
[SECURITY] [DSA 3017-1] php-cas security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3017-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 2, 2014 http://www.debian.org/security/faq -...
DSA-3017-1 php-cas - security update
Bulletin has no description...
CVE-2012-5583
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
DEBIAN-CVE-2012-5583
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5583
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Code injection
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5583
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5583
CVE-2012-5583 affects the phpCAS library before 1.3.2. The issue is that the client does not verify that the server hostname matches a domain name in the X.509 certificate (CN or SAN), enabling MITM–style spoofing with arbitrary valid certificates. Affected software: phpCAS prior to 1.3.2. Impact...
CVE-2012-5583
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Fedora 15 : php-pear-CAS-1.3.0-2.fc15 (2012-4077)
Upstream changelog Changes in version 1.3.0 Bug Fixes : - the saml logout url should be parsed urlencoded 24 dlineate - fix a proxy mode bug introduced in a previous comitt 16 Adam Franco - Fix includepath order so that the phpCAS path takes precedence 13 Adam Franco - fix invalid characters in t...
Debian Security Advisory DSA 2172-1 (moodle)
The remote host is missing an update to moodle announced via advisory DSA 2172-1. OpenVAS Vulnerability Test $Id: deb21721.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2172-1 moodle Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian: Security Advisory (DSA-2172-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2172-1 : moodle - several vulnerabilities
Several vulnerabilities have been discovered in phpCAS, a CAS client library for PHP. The Moodle course management system includes a copy of phpCAS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
[SECURITY] [DSA 2172-1] moodle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2172-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 22, 2011 http://www.debian.org/security/faq -...