2 matches found
SAP NetWeaver Application Server ABAP HTML Injection Vulnerability
SAP NetWeaver Application Server ABAP is an application server developed by SAP to run ABAP applications. An HTML injection vulnerability exists in SAP NetWeaver Application Server ABAP. An attacker could exploit this vulnerability to construct URLs containing malicious scripts that could be...
pam_xauth may insecurely forward "X MIT-Magic-Cookies" to new sessions
Overview A vulnerability exists in pamxauth that may allow a local attacker to gain access to an administrator's X session. Description pamxauth is used to forward xauth keys or cookies between users. From the pamxauth man page:Without pamxauth, when xauth is enabled and a user uses the su comman...