Sylvain

3 exploits Active since Jun 2014
CVE-2012-5583 WRITEUP WRITEUP
phpCAS <1.3.2 - Man-in-the-Middle
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2017-1000071 WRITEUP HIGH WRITEUP
Jasig phpCAS <1.3.4 - Auth Bypass
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
CVSS 8.1
CVE-2022-27470 WRITEUP HIGH WRITEUP
Libsdl Sdl Ttf < 2.0.18 - Out-of-Bounds Write
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.
CVSS 7.8