Fedora 12 : glpi-0.72.4-3.svn11497.fc12 (2010-16905)

Switch to system phpCAS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Fedora 12 : php-pear-CAS-1.1.3-1.fc12 (2010-15970)

This release contains 3 security fixes for vulnerabilities in the proxy callback mechanism. These vulnerabilities only affect phpCAS clients that are running in proxy mode. The release is fully compatible with all versions 1.1.x versions. The changes are : Security Issue - CVE-2010-3690 phpCAS: X...

Fedora 13 : php-pear-CAS-1.1.3-1.fc13 (2010-15943)

This release contains 3 security fixes for vulnerabilities in the proxy callback mechanism. These vulnerabilities only affect phpCAS clients that are running in proxy mode. The release is fully compatible with all versions 1.1.x versions. The changes are : Security Issue - CVE-2010-3690 phpCAS: X...

Fedora 14 : php-pear-CAS-1.1.3-1.fc14 (2010-15796)

This release contains 3 security fixes for vulnerabilities in the proxy callback mechanism. These vulnerabilities only affect phpCAS clients that are running in proxy mode. The release is fully compatible with all versions 1.1.x versions. The changes are : Security Issue - CVE-2010-3690 phpCAS: X...

CVE-2010-3692

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU PGTiou parameter...

CVE-2010-3691

PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file...

CVE-2010-3690

Multiple cross-site scripting XSS vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Proxy Granting Ticket IOU PGTiou parameter to the callback function in client.php, 2 vectors involving functions that...

Design/Logic Flaw

PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file...

CVE-2010-3691

PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file...

CVE-2010-3690

Multiple cross-site scripting XSS vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Proxy Granting Ticket IOU PGTiou parameter to the callback function in client.php, 2 vectors involving functions that...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Proxy Granting Ticket IOU PGTiou parameter to the callback function in client.php, 2 vectors involving functions that...

CVE-2010-3692

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU PGTiou parameter...

CVE-2010-3690

Multiple cross-site scripting XSS vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Proxy Granting Ticket IOU PGTiou parameter to the callback function in client.php, 2 vectors involving functions that...

CVE-2010-3692

CVE-2010-3692 refers to a directory traversal vulnerability in the callback function of phpCAS before 1.1.3. When proxy mode is enabled, an attacker can abuse the Proxy Granting Ticket IOU parameter (PGTiou) to create or overwrite arbitrary files on the remote server. The issue is tied to the php...

CVE-2010-3692

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU PGTiou parameter...

CVE-2010-3690

CVE-2010-3690 refers to multiple cross-site scripting (XSS) flaws in the phpCAS library used by Moodle, exploitable when proxy mode is enabled. The vulnerabilities allow remote attackers to inject arbitrary script/HTML via the Proxy Granting Ticket IOU parameter to the callback (client.php) or th...

CVE-2010-3691

PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file...

CVE-2010-3691

CVE-2010-3691 affects phpCAS (in Moodle) prior to version 1.1.3. When proxy mode is enabled, PGTStorage/pgt-file.php is vulnerable to a local symlink attack that allows a local user to overwrite arbitrary files. The exposed component is phpCAS in Moodle installations, with potential for file over...

Fedora 13 : php-pear-CAS-1.1.2-1.fc13 (2010-12258)

Security fixes Fix a session hijacking hole CVE-2010-2795 PHPCAS-61 callbackurl in proxy mode should be urlencoded, possible XSS CVE-2010-2796 PHPCAS-67 Bug fixes Fix warnings for SAML responses without attributes PHPCAS-59 Fix duplicate SAML debug output PHPCAS-64 Providing a new ST/PT/SA during...

phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities

This host is installed with phpCAS and is prone to session hijacking and cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbphpcassessionhijacknxssvuln.nasl 7823 2017-11-20 08:54:04Z cfischer $ phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities Authors: Madhuri...