Simone Rota » Slim Simple Login Manager : Security Vulnerabilities, CVEs, CVSS score >= 1
The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.
Max CVSS
6.9
EPSS Score
0.04%
Published
2010-08-30
Updated
2010-08-31
SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.
Max CVSS
2.1
EPSS Score
0.04%
Published
2009-05-22
Updated
2017-08-17
2 vulnerabilities found