SUSE CVE-2010-3853

pamnamespace.c in the pamnamespace module in Linux-PAM aka pam before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pamnamespace PAM...

Debian Security Advisory DSA 3017-1 (php-cas - security update)

Marvin S. Addison discovered that Jasig phpCAS, a PHP library for the CAS authentication protocol, did not encode tickets before adding them to an URL, creating a possibility for cross site scripting. OpenVAS Vulnerability Test $Id: deb3017.nasl 6692 2017-07-12 09:57:43Z teissa $ Auto-generated...

pam: pam_env and pam_mail accessing users' file with root privileges

The 1 pamenv and 2 pammail modules in Linux-PAM aka pam before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a...