The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-db-sqlite3-wrapper.pl.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x2go | x2go_server | * |
| x2go | x2go_server | 4.0.0.0 |
x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x2go | x2go_server | 4.0.0.1 |
| x2go | x2go_server | 4.0.0.3 |
| x2go | x2go_server | 4.0.1.4 |
| x2go | x2go_server | 4.0.1.5 |
| x2go | x2go_server | 4.0.0.4 |
| x2go | x2go_server | 4.0.1.6 |
| x2go | x2go_server | * |
| x2go | x2go_server | 4.0.1.7 |
| x2go | x2go_server | 4.0.1.9 |
| x2go | x2go_server | 4.0.1.1 |
| x2go | x2go_server | 4.0.0.2 |
| x2go | x2go_server | 4.0.1.3 |
| x2go | x2go_server | 4.0.0.6 |
| x2go | x2go_server | 4.0.1.0 |
| x2go | x2go_server | 4.0.0.0 |
| x2go | x2go_server | 4.0.1.8 |
| x2go | x2go_server | 4.0.1.2 |